I'm trying to read the contents of packets sent from an Android device and some packets where Burp can detect Gzip compression, it shows the contents, however there are often times I see packets with this information and Burp can't decode or can't detect compression. How can I see the contents of this compressed packet contents?
The following is from a Android phone, manufacturer I suspect is collecting/spying on it's users with the activity of the phone to a head office, I'm curious to know what information it collects. Any help is appreciated. I've tried copying and pasting the compressed portion to a file and extracting using decompression software :) It didn't work.
For example this packet:
OST /tracker-api/tracker/trackerLog HTTP/1.1
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Linux; U; Android 6.0; en-au; 5044T Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Mobile Safari/537.36
Host: tracker-global.tclclouds.com
Accept-Encoding: gzip, deflate
Content-Length: 579
e=v3&data=gDm8W6MSWo42svBtqRQ56SCoDX4m_kjv9HH9hwM5iF1QyXHfvGM5t-RI1vV3uOeSOuGgdCj64MxW
193i3cdbzbnYbixJUZtVgICZ1Mygh6ysINqwCUq_S22ToPgoPPmi9MWJ3Eft7hGWVoanpfHwDH4e
ZwYhm4ovkDe8awCTTRV_nLhzogLuRBRRCLBVCJsGWSe9UoT4O8vSzeraqlYFQOTK55B1UjrYQHmm
laVLUPzz9OXetIC77b1Z5ngW32binYxrCir_tB3waUA-QEQy2Ht2c1TMc9dlVaC58i0O3-Sw406R
CsXZGjHoScC44NavPoDhk_Kwo92U-bvee5m91HuXms91A9xBPzsrz56YU5LA5ege6R0yI7xrwpEA
SYxLO8gyqHuSiF-yid34nB0C1wtleV9wEytfhVR0QiySXp60wL4n_8ZRJHZ9IYhmz-TdK6Hyg1st
74zvtTzWYOwp9fi2PAoc3BJawBbNgqSc8w38pe3MIdW21DCSj0M7_J8IOZJj1yYaYEprMuucrWzr
Qg==
&expect_server_compress=1
Related
Hello I have made a request to a http server as an event service. This server sends events as chunked data. Because there are diffrent events, I got diffrent JSON documents.
Question 1. How to read this data everytime I get a new pice of data, not only if the connection is closed?
Question 2. How to parse the JSON in different Objects, depending on the event and have this as a return type?
The http stream looks like:
GET /OTEvents?subscriptionId=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlhdCI6MTUyNzY2MTg0MX0.fxsP4bLNzqSSFtYsTNmyyV4bM-OBwhcwhy-w_HwQYmQ HTTP/1.1
Host: myserver.com:8014
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,de;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed May 30 08:31:22 CEST 2018
Server: donoa
Content-Type: application/json
Transfer-Encoding: chunked
3d
{"eventName":"OnChannelInformation","text":"Chunk started"}
262
{"eventName":"OnCallCreated","loginName":"oxe11","callRef":"1b460e5b1f3c0100","callData":{"initialCalled":{"id":{"phoneNumber":"11"}},"state":"RINGING_INCOMING","tags":[],"capabilities":{"addMedias":[],"redirect":true,"pickedUp":true,"redirectToVoiceMail":true,"terminate":true}},"legs":[{"deviceId":"11","media":"AUDIO","state":"RINGING_INCOMING","capabilities":{"answer":true}}],"participants":[{"participantId":"198","identity":{"id":{"phoneNumber":"198"},"firstName":"Raum 2.1","lastName":"Hotline","type":{"main":"EXTERNAL","subType":"pbx"}},"medias":[],"mediaCapabilities":[]}],"deviceCapabilities":[]}
148
{"eventName":"OnCallModified","loginName":"oxe11","callRef":"1b460e5b1f3c0100","modifiedLegs":[],"addedLegs":[{"deviceId":"99999851","media":"AUDIO","state":"RINGING_INCOMING","capabilities":{"answer":true}}],"removedLegs":[],"modifiedParticipants":[],"addedParticipants":[],"removedParticipantIds":[],"deviceCapabilities":[]}
The chunk data is received asynchronously. I'd like to generate from every chunk an "event" object and call back my main function.
In testing headless chrome I have noticed that it does not transmit the Accept-Language header entry. I have confirmed that it does get sent when there is a visible browser window.
Is there a reason for this and does chrome have an option to require/force it to send these normal values?
To see this, you can fire up Fiddler and type this at the command line:
chrome --headless --incognito --window-size=1920,1080 --disable-gpu --no-sandbox http://www.daringfireball.net/
In the Fiddler inspector (raw view) you'll see this:
GET https://daringfireball.net/css/ie_sucks HTTP/1.1
Host: daringfireball.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://daringfireball.net/
Accept-Encoding: gzip, deflate
Whereas running the same command without --headless gives you this:
GET https://daringfireball.net/css/ie_sucks.php HTTP/1.1
Host: daringfireball.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://daringfireball.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
When running headless mode, set the following as an option:
'--lang=en-GB'
It would appear that Accept-Language is a user-profile header sent only when the browser has a confirmed user specifying a language and as headless has no user it can/does not send that header. This was raised in these posts and looks to be a lacking feature for the foreseeable future:
https://github.com/SeleniumHQ/selenium/issues/4437
https://bugs.chromium.org/p/chromedriver/issues/detail?id=1925
i?m trying to make automatic image set in pinterest account with WebClient.
I'd like to recreate this http request:
(Request-Line) POST /upload-image/?img=Desert.jpg HTTP/1.1
Host www.pinterest.com
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding gzip, deflate
X-Requested-With XMLHttpRequest
X-File-Name Desert.jpg
Cache-Control no-cache
X-CSRFToken RqwJCawJyAGYIZfzob51qxrEGj4GJcSA
Referer https://www.pinterest.com
Content-Length 846128
Content-Type multipart/form-data; boundary=---------------------------5431268530037
Cookie _pinterest_cm=TWc9PSY1YlkwcmtVRGlNRzRQZXpiZXJseVl6TnFHYnEvZlhpNDZPcExCQnhKN3UvdUUveWI0c3p4bWJKUmhoZy9YRG9sS3dNZTZFSFNhN2V3VWhJM1JkbUlxbC92VjhHUGFldlRTVVJTNlA1L1M0SDE5QXhLcHVWS2ZrSUh3NTN2ODA0WSZ5dnpJQkVRUmx5TVJGTEdmQm5EVmRGQXNqbDQ9; csrftoken=RqwJCawJyAGYIZfzob51qxrEGj4GJcSA; _pinterest_sess="TWc9PSYvRm93OFNxbGkxWTJ5bzVoZUFudHJVVDI4bndmL2I5SFVIQjZkVk1KWFJ3WDBmNndOWFR0QnBPazltZFRmcnJpcGU5akhQZS8vcEZWTzM5ODJWNVdKS2syekwwc1p1TVVNeEt3Z3NYa1lsMVFXcFpXYUdkRlE1RElQYTBYeXhyQkFkYVFmSHZnVkRyYWhYcURDYzhhWEpuR2dvekE1SlB6cXp4akNNdzJ6QysrR2MzRGNyRXJKczRuRHZDTm1uQkdLMUJrUnF6UjdZakhDUGNVRnQ4T1ZoQUFIQWJSU1VNUHNjUHV5VjlZbk1INU1FMFNhdGJiVFZRdUNDWFNlMGJvcDBFeXk4a3cxT25ROHpSOXFzcTZ6NFBHekFjNkFNQUtnaktQNGQ1VkhnNDdlSXNQTGhmTzhDWm5UaDNoZzdqbEFHQWQ1RjJXWVo5bjNXVkVUWnVUWXNiL1JLTFdqNDBvMWllT0VyRDRNN1lXN0diQmlWRjdGdWF5UGUzYkNLYlMvamJUSVFwcFZoVVVUL2ROVkFIQUNYODQxR3R5eDFrQ0VpTGhmaGZ1Y2VOdGt6aUdLQmtCTkRYdkpkVGhmLzMvMnVOWHAwQVdZWEs2alE4eTUwd3E1SlJPRWFDc3VKTXByb2tISm8rcldRQT0mejAwN0hvdlRhbU8zYmNJT0lsSm9PSldheGpJPQ=="; sessionFunnelEventLogged=1; __utma=229774877.448600758.1436737610.1436739423.1436745191.3; __utmz=229774877.1436737610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); c_dpr=1; __utmc=229774877; _b="ARLbRMvYKUdKiaBWDA2Oxko87z7iIN4MuGnJALvZK8vehgzT11AKeoa13PH4l9VjVMU="; _pinterest_pfob=disabled; __utmb=229774877.3.9.1436745219732; __utmt=1
Connection keep-alive
Pragma no-cache
I have try this code, but i can't obtain Content-Length and Content-Type.
Dim wc As New WebClient
wc.UseDefaultCredentials = True
wc.Credentials = New NetworkCredential("pippomio#yahoo.com", "88Y71nR3764")
wc.Headers.Add("Host", "www.pinterest.com")
wc.Headers.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5")
wc.Headers.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
wc.Headers.Add("Accept-Language", "it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3")
wc.Headers.Add("Accept-Encoding", "gzip, deflate")
wc.Headers.Add("X-Requested-With", "XMLHttpRequest")
wc.Headers.Add("X-Requested-With", "XMLHttpRequest")
wc.Headers.Add("X-File-Name", "Hydrangeas.jpg")
wc.Headers.Add("Cache-Control", "no-cache")
wc.Headers.Add("X-CSRFToken", token)
wc.Headers.Add("Referer", "https://www.pinterest.com")
wc.Headers.Add("Connection", "keep-alive")
wc.Headers.Add("Pragma", "no - cache")
Dim Response As Byte() = wc.UploadFile("https://www.pinterest.com/upload-image/?img=Hydrangeas.jpg", "POST", "Hydrangeas.jpg")
In wich way can I do this request in vb net?
Thanks
First, I recommend you to check this and this tutorial to learn how to send/receive HTTP requests on correct way.
Second, you should not re-do any web browser actions in your program since it is usually not a good practice as the frontend architecture should be subject an unexpected change any time. Instead of this, you should check Pinterest API, especially the Users API which can help you to achieve your plans. Usually API interfaces are not a subject of random changes, they are more reliable than replaying front-end operations and more stable, has more capabilities to the load.
(Pinterest API seems working only from Firefox, if you get an empty area at right side with a big "None" text, then browse the link from Firefox - it seems can handle the page)
When I add the line
WL.Client.addGlobalHeader("MyCustomHeader","abcdefgh");
inside of my main js file like so
function wlCommonInit(){
WL.Client.addGlobalHeader("MyCustomHeader","abcdefgh");
(...)
like it's described in the documentation (http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/topic/com.ibm.worklight.help.doc/apiref/r_wl_client_addglobalheader.html) this has absolutely no effect all request send after that:
GET /apps/services/preview/MobileOPMClient/common/0/default/images/icons/icon_settings.png
HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Accept: image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/30.0.1599.66 Safari/537.36
Referer: http://localhost:8080/apps/services/preview/MobileOPMClient/common/0/default/MobileOPMClient.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,de;q=0.6
Cookie: JSESSIONID=1e1fig7holfdpeuc46w6jmrph; testcookie=oreo
Why is there no line
MyCustomHeader: abcdefgh
Background: I would like to allow local caching of javascript-files to debug them in chrome.
spyro
Global headers are added for requests made by WL client API, for example WL.Client.connect(), WL.Client.invokeProcedure() etc.
My JavaScript Ajax program works fine with FireFox.
It even works OK on iPad!
But when I run it on Safari on Windows 7 - I get the above error.
I am attaching the HttpRequest header and respond.
First the FF data- see below -
I think - not sure - that it shows that the site I am accessing is not blocking me.
Next is the Safari data- see below -
I think that the problem is that Safari adds to the request header a
Origin:file://
I am not sure that this is the problem and I did not find a way to force Safari not to add it.
Thanks for your help
Ori
Here is the FF Data
Response Headers
Date Thu, 04 Aug 2011 19:08:58 GMT
Server Apache/2.2.3 (Linux/SUSE)
Keep-Alive timeout=15, max=100
Connection Keep-Alive
Transfer-Encoding chunked
Content-Type text/html
Request Headers
Host www.arabdictionary.huji.ac.il
User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.18) Gecko/20110614 BTRS35926 Firefox/3.6.18
Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Content-Length 50
Pragma no-cache
Cache-Control no-cache
Safari data
Request URL:http://www.arabdictionary.huji.ac.il/cgi-bin/arabic_results.pl
Request Headers
Content-Type:application/x-www-form-urlencoded
DNT:1
Origin:file:// <<<<<<<<<<<<<<<<< I think that this is my problem <<<<<<<<<<<<<
User-Agent:Mozilla/5.0 (iPad; U; CPU OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5
Form Data
String:%d4%d4
searchType:byElement
act:dosearch
<<<<<<<<<<< No more data - no Response >>>>>>>>>>>>>>>>>>>>>