I have intercepted an HTTP request using FIDDLER.
I would like to send the same request, just this time using python and not my browser.
I did some research and found that httplib is the way to go, but for some reason my code does not work.
No request is sent from my computer (I can verify this by using FIDDLER).
Any ideas whats wrong ?
import httplib
headers = {
"Host":" unive.edu",
"Connection":" keep-alive",
"Content-Length":" 5142",
"Cache-Control":" max-age=0",
"Accept":" text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Origin":" http://unive.edu",
"User-Agent":" Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36",
"Content-Type":" application/x-www-form-urlencoded",
"DNT":" 1",
"Referer":" http://unive.edu/webtixsnetglilot/SelectCoursePage2.aspx?dtticks=635358672778578750&hideBackButton=1",
"Accept-Encoding":" gzip,deflate,sdch",
"Accept-Language":" en-US,en;q=0.8,he;q=0.6",
"Cookie":" ASP.NET_SessionId=c5nch3ouzxkaaa5bk1rflaic; __atuvc=1%7C16%2C1%7C17%2C0%7C18%2C0%7C19%2C1%7C20; __utma=184162612.90089091.1384326557.1400242958.1400259831.35; __utmb=184162612.4.10.1400259831; __utmc=184162612; __utmz=184162612.1384326557.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SS#177904#2#1#StopLoad#635358666509203750=true; SS#177904#2#1#StopLoad#635358672778891250=true; hfSKey=|||||||||gli; hfOIKey=imVrnYvw; SS#177904#2#1#StopLoad#635358677931547500=true;"
}
body = ""
conn = httplib.HTTPConnection("unive.edu")
conn.request("POST", "/web/SelectCoursePage2.aspx?dtticks=635358682524828750&hideBackButton=1", None, headers)
res = conn.getresponse()
Thanks, Michael.
The problem is that you've got a Content-Length header claiming that you're going to send the server 5142 bytes in the POST body but you're not sending any body content at all. As a consequence, the server hangs waiting for the body; it will probably fail with a time out in a few minutes.
To fix this, ensure that the Content-Length header matches the length of the body in bytes.
Please try print(res.status)
Otherwise what I'm using is: http://docs.python-requests.org/en/latest/
Related
Was wondering why I am getting a 408 request timeout when sending an HTTP GET request using sockets. I just copied the GET request that was sent through Chrome and then pasted it into python figuring that I would get a 200 response, but clearly, I am missing something.
def GET():
headers = ("""GET / HTTP/1.1\r
Host: {insert host here}\r
Connection: close\r
Cache-Control: max-age=0\r
DNT: 1\r
Upgrade-Insecure-Requests: 1\r
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36\r
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r
Accept-Encoding: gzip, deflate\r
Accept-Language: en-US,en;q=0.9\r
Cookie: accept_cookies=1\r\n""").encode('ascii')
payload = headers
return payload
def activity1():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((HOST, PORT))
user = GET()
sock.sendall(user)
poop = sock.recv(10000)
print(poop)
sock.close()
Assuming the hostname and port are defined correctly is there anything wrong with this request that would cause it to timeout? Thanks.
The initial problem is that the HTTP header is not properly finished, i.e. it is missing the final \r\n (empty line). Once this is done you will likely run into multiple other problems, like:
You are assuming that everything can be read within a single recv, which will only be true for short answers.
You likely assume that the body is a single byte buffer. But it can be transferred in chunks since HTTP/1.1 support this Transfer-Encoding.
You likely assume that the body is in plain. But it can be compressed since you explicitly accept gzip-compressed responses.
HTTP is not the simple protocol as it might look. Please read the actual standard before implementing it, see RFC 7230. Or just use a library which does the hard work for you.
Is there any way to get around this problem? My code looks like this:
import requests
token = "not gonna leak my token like I did last time lmao"
guild_id = "798596724649099305"
headers = {"Authorization": token,"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36", "Content-Type": "application/json", }
base_url = "https://discord.com/api/v8"
members_url = base_url + "/guilds/" + guild_id + "/members"
response = requests.get(members_url, headers=headers)
print(response)
Is there any way to get around this. I am aware this is most likely a security measure by discord. When I run this code I get a 403 response code. Then if I look in the discord app I get an orange pop up asking me to verify my email where I have to complete a captcha. Am I missing something here?
Has to do with TLS mate. Discord uses Cloudflare. Cloudflare has some basic TLS fingerprinting, you can use a cloudflare solver like:
https://github.com/RyuzakiH/CloudflareSolverRe
Or make/fork a TLS client to get around it. Golang has some good TLS clients, I don't think there are any good, open source, python TLS clients.
I am trying to use Python Requests library to POST a zipped file as multipart/form-data. I have currently used the Chrome Extension Advanced REST Client that is able to upload the file without a problem. However, I face difficulties while trying to do the same from the console using Python Requests.
The general information for the request is:
Remote Address:IP/Address/to/Host:Port
Request URL:/path/to/host/with/parameters/
Request Method:POST
The request headers from Advanced REST Client are:
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Authorization:Basic/Authentication
Connection:keep-alive
Content-Length:1893
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryu3rhOVbU2LpT89zi
Host:/host/name
Origin:chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
The payload is as follows:
------WebKitFormBoundaryu3rhOVbU2LpT89zi
Content-Disposition: form-data; name="fileUpload"; filename="filename.zip"
Content-Type: application/x-zip-compressed
------WebKitFormBoundaryu3rhOVbU2LpT89zi--
I formatted this query in Python as follows:
import requests
authentication = requests.auth.HTTPBasicAuth(username=user, password=pass)
parameters = {} # with the appropriate parameters
url = '' # base URL
files = {'file': ('fileUpload', 'application/x-zip-compressed', {})}
response = requests.post(url, params = parameters, auth=authentication, files=files)
While the Chrome App, Advanced REST Client gives me a 200 OK response, I get a 400 response (bad query). What am I doing wrong?
Thanks!
I am trying to make a http request using requests library to the redirect url (in response headers-Location). When using Chrome inspection, I can see the response status is 302.
However, in python, requests always returns a 200 status. I added the allow_redirects=False, but the status is still always 200.
The url is https://api.weibo.com/oauth2/authorize?redirect_uri=http%3A//oauth.weico.cc&response_type=code&client_id=211160679
the first line entered the test account: moyan429#hotmail.com
the second line entered the password: 112358
and then click the first button to login.
My Python code:
import requests
user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36'
session = requests.session()
session.headers['User-Agent'] = user_agent
session.headers['Host'] = 'api.weibo.com'
session.headers['Origin']='https://api.weibo.com'
session.headers['Referer'] ='https://api.weibo.com/oauth2/authorize?redirect_uri=http%3A//oauth.weico.cc&response_type=code&client_id=211160679'
session.headers['Connection']='keep-alive'
data = {
'client_id': api_key,
'redirect_uri': callback_url,
'userId':'moyan429#hotmail.com',
'passwd': '112358',
'switchLogin': '0',
'action': 'login',
'response_type': 'code',
'quick_auth': 'null'
}
resp = session.post(
url='https://api.weibo.com/oauth2/authorize',
data=data,
allow_redirects=False
)
code = resp.url[-32:]
print code
You are probably getting an API error message. Use print resp.text to see what the server tells you is wrong here.
Note that you can always inspect resp.history to see if there were any redirects; if there were any you'll find a list of response objects.
Do not set the Host or Connection headers; leave those to requests to handle. I doubt the Origin or Referer headers here needed either. Since this is an API, the User-Agent header is probably also overkill.
I am using Python requests:
import requests
image_url = my_url
headers = {'User-agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36', 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Encoding':'gzip,deflate,sdch'}
r = requests.get(image_url, headers=headers)
I would like the response to be the same as if I were sending the request from a browser that does NOT allow cookies to be set. The reason for this is that some sites give a different response depending on whether or not my browser allows cookies, and I need the non-cookie response.
Cookies are sent or not. If you don't set a cookie header, no cookie is sent. So the request in your question should be treated as sending no cookie.
The server sends a cookie in its response. If you set it in the next request, the server will recognize this. If you don't set it in the next request, the server will see that you don't accept cookies.
see http://docs.python-requests.org/en/latest/user/quickstart/#cookies