I am trying to modify request parameters of HTTP GET method, but the filter I wrote doesn't work as expected. I am not even sure if this is possible using ettercap. So far I wrote the following filter:
if (regex(DATA.data, ".*expiration.*")){
msg("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
pcre_regex(DATA.data, "expiration=[0-9][0-9]*", "expiration=20150307171853");
}
The message is not printed even if "expiration" appears in URL. I suspect that it would work if the pattern was contained in the body of a message, but I need to modify URL part. Is it possible to achieve that using filter or any other mechanism of ettercap?
Related
Is it possible to pass multiple arguments in url using webhdfs for instance like show below? http://112.128.0.17:9870/webhdfs/v1/user/myuser/file2.txt&file1.txt?op=DELETE&user.name=myuser&createflag=&createparent=true&overwrite=false&recursive=trueObviously it is just an example which doesn't work but maybe there is any way to do this? Or it is needed to send multiple requests?
The answer is no, besides the fact that the URL you created is not even valid.
You will need to issue one request (file operation) at a time.
I'm trying to extract the CSRF token so I can log in, and be able to obtain cookies, but I'm not able to.
I'm able to get a 200 response code when accessing the URL that contains the CSRF token, and I'm able to see it on the browser and the console, but my response assertion is not able to assert anything regardless of me changing the apply to, field to test, and pattern matching rules sections. My regular expression extractor isn't able to get anything either. All the headers to get to the URL are there. Any suggestions?
Forgot to mention, I'm able to get it on one server that's exactly (or should be) exactly the same as this one...
EDIT:
I placed it under the HTTP Sampler that has that response, and here is an example of what I get for my response assertion. I've also added various images.
Unfortunately you didn't share your output, so I cannot tell for sure, but although it seems your RegEx is correct in both cases, it could be that it doesn't match due to some extra spacing.
It appears that you are expecting a valid JSON, so instead of RegEx you could use JSON Extractor and/or JSON Assertion, for which extra spacing will not matter.
Example: if Response Data is
{"token":"12345"}
I can specify JSON Extractor as
(most important line is JSON Path: $.token)
and the result will be variable token with value 12345.
Here's a good online JSON Path tester, which can help you to figure out the right JSON Path.
If your goal is to check presence of a JSON Object with name of token and an arbitrary value I would recommend going for JSON Assertion instead.
Add JSON Assertion as a child of the request you would like to assert.
Use the following JSON Path query:
$.token
JSON Assertion is available since JMeter 4.0
If you still want to go for the Response Assertion - configure it as follows:
Pattern Matching Rules: Contains
Patterns to Test: {"token":"(.+?)"}
I'm using ES 5.1.2 and I want to do some simple authentication key lookup for every /_search request.
I don't find a very detailed plugin development guide on elastic.co, so far the only document I found is this http://david.pilato.fr/blog/2016/10/19/adding-a-new-rest-endpoint-to-elasticsearch-updated-for-ga/, but it is about create another endpoint.
I found search-guard https://github.com/floragunncom/search-guard and from source code it feels like I can create my own plugin extends Plugin implements ActionPlugin, but then I'm stuck and don't know where to go.
From the source code I know I can add my own ActionFilter and add it into action chain in Plugin, such that all request go thru /_search endpoint will also go thru my ActionFilter. But I don't have a complete list of possible action, which might be indices:data/read/search (search) or indices:admin/delete (delete index). There are too many to use try and error.
Another thing is, in ActionFilter, how do I get POST request payload from a Request object? When in /_search request, I got SearchRequest, but it doesn't have http request headers from browser.
== update ==
Found I could use use stack trace to get the invoke history, so for ActionFilter the call stack is like
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:171)
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:145)
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:87)
at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:75)
at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:64)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:403)
at org.elasticsearch.client.support.AbstractClient.search(AbstractClient.java:530)
at org.elasticsearch.rest.action.search.RestSearchAction.lambda$prepareRequest$0(RestSearchAction.java:83)
at org.elasticsearch.rest.action.search.RestSearchAction$$Lambda$1405/1241306571.accept(Unknown Source)
at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:82)
in RestSearchAction#prepareRequest, ES use parseSearchRequest and convert RestRequest data to SearchRequest, which means I can't get RestRequest in my ActionFitler. Should there be another way to pass this data? Because I want to extend an existed /_search not add another endpoint, so I think I should not create any more RestHandler
I found a temporary solution and source code is here.
Long thing short, when implement your plugin as RestHandler (usually with new endpoints), you can skip registerHandler and do registerFilter only. I implement my logic in RestFilter. This works because in ElasticSearch source code, when RestController gets a new request, it will check if you have any RestFilter, if you do then it will go through whole chain of filters, then dispatch to a particular handler based on request URI.
In search guard 5 there seems to be a way to directly register a RestFilter in RestController without creating a RestHandler, but I don't understand the whole flow so I didn't use it.
My main references:
http://david.pilato.fr/blog/2016/10/19/adding-a-new-rest-endpoint-to-elasticsearch-updated-for-ga/
https://github.com/floragunncom/search-guard/tree/es-5.1.2
I am currently developing a Ruby API based on Sinatra. This API mostly receives GET requests from an existing social platform which supports external API integration.
The social platform fires off GET requests in the following format (only relevant parameters shown):
GET /{command}
Parameters: command and text
Where text is a string that the user has entered.
In my case, params[:text] is in fact a series of commands, delimited by a space. What I want to achieve is, for example: If params[:text]="corporate finance"
Then I want my API to interpret the request as a GET request to
/{command}/corporate/finance
instead of requesting /{command} with a string as a parameter containing the rest of the request.
Can this be achieved on my side? Nothing can be changed in terms of the initial request from the social platform.
EDIT: I think a better way of explaining what I am trying to achieve is the following:
GET /list?text=corporate finance
Should hit the same endpoint/route as
GET /list/corporate/finance
This must not affect the initial GET request from the social platform as it expects a response containing text to display to the user. Is there a neat, best practice way of doing this?
get "/" do {
text = params[:text].split.join "/"
redirect "#{params[:command]}/#{text}"
end
might do the trick. Didn't check though.
EDIT: ok, the before filter was stupid. Basically you could also route to "/" and then redirect. Or, even better:
get "/:command" do {
text = params[:text].split.join "/"
redirect "#{params[:command]}/#{text}"
}
There a many possible ways of achieving this. You should check the routes section of the sinatra docs (https://github.com/sinatra/sinatra)
The answer by three should do the trick, and to get around the fact that the filter will be invoked with every request, a conditional like this should do:
before do
if params[:text]
sub_commands = params[:text].split.join "/"
redirect "#{params[:command]}/#{sub_commands}"
end
end
I have tested it in a demo application and it seems to work fine.
The solution was to use the call! method.
I used a regular expression to intercept calls which match /something with no further parameters (i.e. /something/something else). I think this step can be done more elegantly.
From there, I split up my commands:
get %r{^\/\w+$} do
params[:text] ? sub_commands="/"+params[:text].split.join("/") : sub_commands=""
status, headers, body = call! env.merge("PATH_INFO" => "/#{params[:command]}#{sub_commands}")
[status, headers, body]
end
This achieves exactly what I needed, as it activates the correct endpoint, as if the URL was typed it the usual format i.e. /command/subcommand1/subcommand2 etc.
Sorry, I completely misunderstood your question, so I replace my answer with this:
require 'sinatra'
get '/list/?*' do
"yep"
end
like this, the following routes all lead to the same
You need to add a routine for each command or replace the command with a * and depend your output based on a case when.
The params entered by the user can be referred by the params hash.
http://localhost:4567/list
http://localhost:4567/list/corporate/finance
http://localhost:4567/list?text=corporate/finance
I need to convert any string without GET parameters:
www.mysite.com/?a=5&s=5 ---> www.mysite.com/
www.mysite.com/books/?bla=blabla&bla=4 ---> www.mysite.com/books/
I need to hide $_GET parameters.
I cant use POST parameters.
How can i do this ?
Then use POST.
POST-Data is not visible in the url and can be used like GET, but has to be pushed from a HTML-Form or something
Variables submitted by the method GET go in the URL, so it's impossible to hide them. However, you can make them prettier using the MVC architectural pattern. It's a more sofisticate solution that really pays off, in terms of organization.
For example, URLs like mysite.com/?a=5&s=5 would become mysite.com/5/5
You used $_GET[], so I assume you're using PHP. Take a look at Laravel or Phalcon.
In case you do not want to show any of the variables, you have to use POST. Data submitted by POST is inserted in the body of the HTTP request. Please, keep in mind that the body will not be encrypted, unless you use HTTPS.