I'm trying to build a curl command that will upload my xpi to validation at Mozilla Add-on Validator.
I've captured the traffic with fiddler to see what the site is doing and try to mimic it's behavior from curl.
I've seen whats the post url, and tried curl https://addons.mozilla.org/en-US/developers/standalone-upload --form 'upload=#path-to-xpi.xpi' and also with csrfmiddlewaretoken=#path-to-xpi.xpi. And also tried adding the Content-Type.
This is the raw data from the first request:
POST https://addons.mozilla.org/en-US/developers/standalone-upload HTTP/1.1
Host: addons.mozilla.org
Connection: keep-alive
Content-Length: 41021
Origin: https://addons.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryI0LeCjkeJnsfGipU
Accept: */*
Referer: https://addons.mozilla.org/en-US/developers/addon/validate
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,he;q=0.6
Cookie: _ga=GA1.2.710702590.1450107779; sessionid=".eJyrVkouLkqLL8nPTs1TslLKznAOTYzI8czOTEzxCTe0SCzKichONjMO8PUO9Q5wcVfSUYpPLC3JiC8tTi2Kz0xRsjI0MrCwNDE3QZFISkwGmgeUVQJxi_Wg_GI9x9z8UKCIE1QeqKk4tbg4Mz8vPrWiILOoEmyepZmBQS0Aqsk0IA:1aLYVj:cbZQtNCkFRasDdFtJKI9b_WB6GA"
------WebKitFormBoundaryI0LeCjkeJnsfGipU
Content-Disposition: form-data; name="csrfmiddlewaretoken"
khCUaXlIkiadLW18arlXkc63PMKUKPDG
------WebKitFormBoundaryI0LeCjkeJnsfGipU
Content-Disposition: form-data; name="upload"; filename="extension.xpi"
Content-Type: application/octet-stream
Currently I'm receiving an html page with Not allowed.
What am I missing? What else should I add to the request to receive a good response?
Thanks
Not resolving the curl upload command thing, but the original problem - validate an xpi through command line.
Validating an xpi through command line
This can be achieved with the addons-linter by Mozilla, which was in its early stages when this question was asked.
Related
I am trying to use the following curl
curl -k 'https://myhost.com:9091/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data "username=$USERNAME&password=$PASSWORD" --compressed —insecure
But get an error with a % in the password saying
URLDecoder: Incomplete trailing escape (%) pattern
I have seen suggestions online to use --data-urlencode but then I get the following error.
The username and password must be specified.
How can I resolve this issue?
--data-urlencode is the way to go adding it multiple times, one per parameter
userh='vf&re'
passwordh='asdaf%'
curl 'http://127.0.0.1:8080/' --data-urlencode "username=$userh" --data-urlencode "password=$passwordh"
Let's start a netcat listener to check what was sent
netcat -l 8080
Received data:
POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
username=vf%26re&password=asdaf%25
Sending all parameters in one option will not work since password parameter gets lost triggering the server error "The username and password must be specified."
curl 'http://127.0.0.1:8080/' --data-urlencode "username=$userh&password=$passwordh"
Response:
POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Length: 38
Content-Type: application/x-www-form-urlencoded
username=vf%26re%26password%3Dasdaf%25
First command from OP with --data will not work either as it sends the % sign as is triggering a server error that "sees" and incomplete percent encoded request.
POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 33
username=asdasdas&password=asdaf%
Based on this answer.
From "Test in Web Chat" window in Azure Dashboard, I entered "hello" which is correctly received in my backend, but I'm still figuring out how to reply.
Note: WORDS IN CAPS means variable.
curl -d "grant_type=client_credentials&client_id=CLI-ENT-ID&client_secret=SECRET&scope=https%3A%2F%2Fapi.botframework.com%2F.default" -X POST https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token
Response: {"token_type":"Bearer","expires_in":3600,"ext_expires_in":0,"access_token":"VERY_LONG_STRING"}
curl -d '{"type":"message","from":{"id":"mybot#SOME_ID","name":"mybot"},"conversation":{"id":"CONVERSATION_ID"},"recipient":{"id":"RECIPIENT_ID","name":"You"},"locale":"en","text":"hello too","replyToId":"CONVERSATION_ID|0000008"}' -H "Content-Type: application/json" -H "Authorization: Bearer VERY_LONG_STRING" -X POST https://api.botframework.com/v3/conversations/CONVERSATION_ID/activities/CONVERSATION_ID%7C0000008
Response: The page cannot be displayed because an internal server error has occurred.
Request from my app (also same error):
POST /v3/conversations/CONVERSATION_ID/activities/CONVERSATION_ID%7C0000008 HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer VERY_LONG_STRING
User-Agent: Java-SDK
Content-Length: 273
Host: api.botframework.com
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
{"type":"message","from":{"id":"mybot#SOME_ID","name":"mybot"},"conversation":{"id":"CONVERSATION_ID"},"recipient":{"id":"RECIPIENT_ID","name":"You"},"locale":"en","text":"hello too","replyToId":"CONVERSATION_ID|0000008"}
What do I miss?
Thanks to comment from Eric Dahlvang, I figure it out.
By default, ApiClient generated from swagger will have its basePath hardcoded to https://api.botframework.com.
Before replying, take the serviceUrl from incoming Activity and use it to change the basePath.
I want to extract a string from the URL. I have the following URL :
https://optim.actiontec.com/aei-api/users/R1RCQTY1MjA1MDYyMDc%3D
I want to extract the string after users/ and store it in a variable that I can use. I tried using the regular expression extractor but it did not work.
My second issue is extracting stuff from request headers. I dont know much about it but can we extract stuff from Request headers?
This is my request header -
GET /aei-api/main/R1RCQTY1MjA1MDYyMDc%3D HTTP/1.1
Host: optim.actiontec.com
Connection: keep-alive
Accept: application/json, text/plain, */*
X-Token: 03a580b082140ee7
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
X-User-Id: R1RCQTY1MjA1MDYyMDc=
Referer: https://optim.actiontec.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
And I am looking to extract X-User-Id.I want to use the header value and pass it to other headers. Is it possible?
Thanks
The Regex configuration would be like this:
Field to check: Request Header
Reference Name: var
Regular Expression: X-User-Id: (\w+.)
Template: $1$
Match No: 1
Screenshot showing regex test:
For Regex test see here: https://regex101.com/r/MMhn3i/1/
I've got the following link, which is downloading a CSV file when put through a web browser.
http://pro.allocine.fr/film/export_classement.html?typeaffichage=2&lsttype=1001&lsttypeperiode=3002&typedonnees=visites&cfilm=&datefiltre=
However, when using Wget with Cygwin, with the command below, Wget retrieves a file, which is not a CSV file, but a file without extension. The file is empty, that is, has no data at all.
wget 'http://pro.allocine.fr/film/export_classement.html?typeaffichage=2&lsttype=1001&lsttypeperiode=3002&typedonnees=visites&cfilm=&datefiltre='
So as I hate to be stuck, I tried the following as well. I put the URL in a text file and used Wget with the file option:
inside fic.txt
'http://pro.allocine.fr/film/export_classement.html?typeaffichage=2&lsttype=1001&lsttypeperiode=3002&typedonnees=visites&cfilm=&datefiltre='
I used Wget in the following way:
wget -i fic.txt
I got the following errors:
Scheme missing
No URLs found in toto.txt
I think I can suggest some other options that will make your underlying problem more clear which is that it's supposed to be html, but there is no content (content-length = 0).
More concretely, this
wget -S -O export_classement.html 'http://pro.allocine.fr/film/export_classement.html?typeaffichage=2&lsttype=1001&lsttypeperiode=3002&typedonnees=visites&cfilm=&datefiltre='
produces this
Resolving pro.allocine.fr... 62.39.143.50
Connecting to pro.allocine.fr|62.39.143.50|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Mar 2014 09:54:44 GMT
Content-Type: text/html; Charset=iso-8859-1
Connection: close
X-ServerName: WEBNX2
akamainocache: no-store
Content-Length: 0
Cache-control: private
X-KompressorName: kompressor7
Length: 0 [text/html]
2014-03-28 05:54:52 (0.00 B/s) - ‘export_classement.html’ saved [0/0]
Additionally the server is tailoring it's output based on how the browser identifies itself. using wget does have an option to include an arbitrary user-agent in the headers. Here's an example what happens when you make wget identify itself as Chrome. Here's a list of other possibiities.
wget -S --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36" 'http://pro.allocine.fr/film/export_classement.html?typeaffichage=2&lsttype=1001&lsttypeperiode=3002&typedonnees=visites&cfilm=&datefiltre='
Now the output changes to export.csv, with type "application/octet-stream" instead of "text/html"
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Mar 2014 10:34:09 GMT
Content-Type: application/octet-stream; Charset=iso-8859-1
Transfer-Encoding: chunked
Connection: close
X-ServerName: WEBNX2
Edge-Control: no-store
Last-Modified: Fri, 28 Mar 2014 10:34:17 GMT
Content-Disposition: attachment; filename=export.csv
I need to release my IP address at the router on an hourly basis. The router page needs simple authentication and a button click to do the process. These are the HTTP calls:
Authenticate
GET /RST_st_dhcp.htm HTTP/1.1
Host: 10.10.1.1
Authorization: Basic YWRtaW46cGFzc3dvcmQ=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Release button click
POST /st_dhcp.cgi?id=1044071018 HTTP/1.1
Host: 10.10.1.1
Content-Length: 31
Cache-Control: max-age=0
Authorization: Basic YWRtaW46cGFzc3dvcmQ=
Origin: http://10.10.1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://10.10.1.1/RST_st_dhcp.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
connect=Release&refreshScrn=yes
How can this be automated in OSX? Is it possible to write automator scripts for this?
You can simply use curl to make that request - something like
curl -e http://10.10.1.1/RST_st_dhcp.htm \
-d 'connect=Release&refreshScrn=yes' -u user:password \
'http://10.10.1.1/st_dhcp.cgi?id=1044071018'
You'll need to check whether the id in the URL matters. If not, the above should be all you need. If it does then you may have to make the first request to get the id from its payload.