So I'm pretty new at all this. I am trying to reverse engineer a web application.
When I submit a form, it sends a POST with a request payload that looks something similar to this:
encoding=UTF8&zip=1&size=136240&html=DwQgIg_a_whole_lot_more_gibberish_not_worth_posting
Anyways, from inspecting the captured traffic from Chrome developer tools, I noticed it is encoded and sent as a zipped up html?
How would I go about reversing this to see what the content is actually being sent to the server?
What you want to do is this:
1) Get the name of the zip file
2) Get the path of the zip file (likely the root directory or the current path the form is at)
3) Generate the URL (http://site_name.com/path/to/folder/zip_file.zip)
4) Download it using a too such as wget (typing the URL into the browser may work too)
I used this technique to download all the files that get downloaded to the OTA updates on iOS devices (used burp suit to intercept the zip file name where the server was on my computer which my iDevice was connected to).
Please note: the name of the zip file you have given does not end in .zip. this may mean it doesn't have a extension; you may have to add .zip to the file manually; or it may have another ending such as .tar, .tar.gz etc.
Related
I'm the company's file server
Get the file as byte[] through the image path and authentication key.
(This server is not accessible to me.)
What I want to do is, when the user downloads the selected files, I want to compress these files and provide them as a compressed file.
Since the company's file server does not have a download API for multiple files, I think I need to request as many APIs as the number of file lists with a for statement in my service API.
In other words, it seems that we need to take a List<Byte[]> and compress this list.
Is there something wrong with my method?
And can I pass the result as json after compression? (I confirmed that the image file is passed as json.)
My question is similar to What is format of Google Drive's FileID ? I need to find out whether new File has been uploaded to my drive or not using API's but I want to know the format of a folder ID in Google Drive, the one that appears in the URL bar when you open a folder in your Google drive, the thing after https://drive.google.com/drive/u/0/folders/<this part>.
Google Drive folder id doesn't have a specific guaranteed format. This (apparent format which really isn't a format) has changed in the past and may change again.
Trying to create any kind of local verification of this will be futile.
The best option would be to do a Files: get and test if you get a response. This will work better as it will also verify that the user has access to the file as well as testing that its a valid file id format.
Any (regex) attempt to verify the file id wouldn't really verify it as its not going to test if the user has access.
A folder ID starts with a 1 followed by 32 base-64 encoded digits, except unlike base64 the + is replaced by - and / is replaced by _. You can use the following regex:
/^1[A-Za-z0-9-_]{32}$/
Our application is entirely built on websockets. We don't do any HTTP request-reply. However, we are stuck with file download. If i receive file content via websockets can I wrote to local folder on user computer ?
If it makes a difference, we are only supporting Chrome so not issue if it doesn't work on other browsers.
Also, I know i can do this via HTTP. Trying to avoid it and stick to websockets since thats how the entire app is.
Thanks a lot in advance!
The solution depends on size of your file.
If size is less than about 50 MB, I would encode file's content to base64 string on the server and send this string to the client. Client should receive parts of the string, concat them to single result, and store. After receiving whole string, add link (tag <a>) to your page with attribute href set to "data:<data_type>;base64,<base64_encoded_file_content>". <data_type> is a mime type of your file, for example "text/html" or "image/png". Suggest file name by adding download attribute set to name of file (doesn't work for Chrome on OS X).
Unfortunately I have no solution for large files. Currently there is only FileEntry API that allows to write files with JS, but according to documentation it is supported only by Chrome v13+, learn more here https://developer.mozilla.org/en-US/docs/Web/API/FileEntry.
so I am working on a school project in which we have designed a web application that takes in much user info and creates a pdf then should display that pdf to the user so they can print it off or save it. We are using Play! Framework 2.1.3 as our framework and server and Java for the server side. I create the pdf with Apache's PDFbox library. Every thing works as it should in development mode ie launching it on a localhost with plays run command. the issue is when we put it up to the server and launch with plays start command I it seems to take a snapshot of the directory (or at least the assets/public folder) which is where I am housing the output.pdf file/s (i have attempted to move the file elsewhere but that still seems to result in a 404 error). Initially I believed this to be something with liunx machine we were deploying to which was creating a caching problem and have tried many of the tricks to defeat the browser from caching the pdf
like using javascript to append on a time stamp to the filename,
using this cache-control directive in the play! documentation,
"assets.cache./public/stylesheets/output.pdf"="max-age=0",
then I tried to just save the pdf as a different filename each time and pass back the name of that file and call it directly through the file structure in the HTML
which also works fine with the run command but not the start.
finally I came to the conclusion that when the start command is issued it balls up the files so only the files that are there when the start command is issued can be seen.
I read the documentation here
http://www.playframework.com/documentation/2.1.x/Production
which then I noticed this part
When you run the start command, Play forks a new JVM and runs the
default Netty HTTP server. The standard output stream is redirected to
the Play console, so you can monitor its status.
so it looks like the fact that it forks a new JVM is what is causing my pain.
so my question really is can this be gotten around in some way that a web app can create and display a pdf form? (if I cannot get this to work my only solution
that I can see is that I will have to simulate the form with HTML and fill it out from there) --which I really think is a bad way to do this.
this seems like something that should have a solution but I cannot seem to find or come up with one please help.
i have looked here:
http://www.playframework.com/documentation/2.1.x/JavaStream
the answer may be in there but Im not getting it to work I am pretty novice with this Play! Framework still
You are trying to deliver the generated PDF file to the user by placing it in the assets directory, and putting a link to it in the HTML. This works in development mode because Play finds the assets in the directory. It won't work in production because the project is wrapped up into a jar file when you do play dist, and the contents of the jar file can't be modified by the Play application. (In dev mode, Play has a classpath entry for the directory. In production, the classpath points to the jar file).
You are on the right lines with JavaStream. The way forward is:
Generate the PDF somewhere in your local filesystem (I recommend the temp directory).
Write a new Action in your Application object that opens the file you generated, and serves it instead of a web page.
Check out the Play docs for serving files. This approach also has the advantage that you can specify the filename that the user sees. There is an overloaded function Controller.ok(File file, String filename) for doing this. (When you generate the file, you should give it a unique name, otherwise each request will overwrite the file from a previous request. But you don't want the user to see the unique name).
I want to know how to down load a text file from another website and how to put it in the root directory of my website.Can you help me with problem please.THANK'S !!
As a program, or as a human action?
As a human, you should be able to take the link and download the file, upload to your website using for example FTP or (hopefully no one does this now) frontpage.
If you mean programattically, well its almost the same. Your script would need to open the file in the root directory, open the URL and read in the data sent and save it to the file, close the file. However, how to do so exactly depends on the lanugage you want, is this a repeated event or a once off?
This type of request usually happens when you are requesting a service that requires proof that you are the website owner. Being the owner of that website would also indicate that you should have at least ftp access over your site. If you are hosting the website yourself, this is an easy task you just copy the file into the root directory (windows default is c:\inetpub\wwwroot, ubuntu default is /var/www/). However if your website is hosted, you need to find your ftp username and password and utilize an ftp program like FileZilla. If you want to tell us what file host you use maybe someone can give you exact instructions. But beware of what file you host.
If you have the URL of the text file you can put it into your browser and then save the file to your disk. You then need to FTP it to your web server (or whatever method you normally use to get files onto the server)
In PHP:
<?php
$resource = curl_init('http://www.someserver.com/file.txt');
// important, otherwise curl_exec will output directly
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$data = curl_exec($resource);
curl_close($resource);
file_put_contents('/dir/localfile.txt', $data);
Or even better, with a bash script with a simple wget and cp.