downloading file using curl - scripting

I have a quite simple task:
i need to download file from a web page. In browser, it is done by pressing submit button. Just simple button, press it and you see the pop-up window asking where to save file and so on. Data is sent to server via post method.
I tried POST'ing with curl like: curl -d "foo=bar&....." [URL]
but this request returns the page itself, not the file. And I am quite confused about how to get the file, since I dont know it's adress on server and the only way to get it is to press this freaking button.
Please help

If you use unix-like os system you can use wireshark by simple apply filter "http", or some other software, e.g. tcpdump.
if you under ms windows, fiddler2 is very good tools.
first,
use this kind tools get the accurate information about the tracfic.
then analyze the http request, especially the rquest cookies header.
finally, struct your own request by curl.
the foo=bar&.....
is only the content of the request. you may also attention the header of the request.
or your can post your url, so that other peoplle can help you analyze the stuff.

Use Wireshark or a browser plugin that captures the http request sent on submit, then use curl or, for example, PHP's file_get_contents() to emulate the request.

Related

Easily Generate Mock HTTP Response for TestCafe

I am attempting to mock some responses in TestCafe and mocking the responses is pretty slow going. The workflow I would like is something like this:
Walk through a test scenario in Chrome.
Copy the selected network request to mock as a curl command.
Paste it in to a curl command to Testcafe translator.
Paste it in to testcafe.
I haven't found a good way to generate mock requests other than manually typing them out by hand. Is anyone aware of any tools which allow you to translate a fetch or curl command to TestCafe mock response?
The RequestMock.onRequestTo method gives an ability to identify and filter requests by their urls or parameters. You can simply copy a request url and response body from the Chrome DevTools Network tab and pass them to the onRequestTo and respond methods.

Docusign RESTful URL is not stable

For some unknown reason, when I used the same URL that had worked yesterday, it won't work again today. Still not sure what is the reason.
The URL I used yesterday was (I did see tab content yesterday):
curl -silent https://www.docusign.net/restapi/v2/accounts/0000000/envelopes/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/recipients/tabs?include_tabs=true
Today, the above URL will not work any more (I won't be able to see tab content) unless I change the URL to:
curl -silent https://www.docusign.net/restapi/v2/accounts/0000000/envelopes/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/recipients/1/tabs
Strange. Not sure what is changed at server.
I have tried a different user account to login, then the first URL started to work. It could be somewhere there is a setting to control restful API behavior for each user account. But I am not aware where it is.

Is this correct? Should firebug see SSL-protected AJAX?

I have enabled SSL and I am doing a jQuery AJAX post request and sending some fields to the server.
When I look at the AJAX post request through firebug under the post parameters I see all the fields in clear text.
So this means I can see the passwords in clear text. Is this normal? I am also looking at it with fiddler and it does not even log this AJAX request(so its like the request was never made).
So is it just because firebug is installed in the browser and can capture it or what?
ssl enables security when the data moves from browser to web sever. Firebug is a browser plugin, it knows everything in the DOM tree. I think it makes sense for firebug display the input fields and form data.
Yes, you can see the field data because FireBug is capturing the requests inside Firefox before they're encrypted. If you inspect the actual network traffic with a protocol analyzer like Wireshark you'll see that it's encrypted.
Off the top of my head I would think that Firebug is showing you exactly what is being sent. Otherwise it would mean that it is somehow decode encoded information.
If you really want to confirm this, use a tool which can capture the web traffic outside of the browser. Tcpdump for example.
"So this means I can see the passwords in clear text. Is this normal?"
Yup. The data resides on your browser, that is - the user agent, and is captured before it is communicated to the server. Any encryption operation is vulnerable to sniffing at the point at which the value enters the closed system. That's why if your machine is compromised (say, by malware) very little will help.

how does pastie or any other site remember browser info

I am trying to make a simple experimental app. I'd like for it to behave like pastie.
On pasite you can paste code and it will remember your browser.
So if you paste the url (that pastie provides) in the same browser then you'll be able to edit the page. Everyone else will not see the edit link. Basically there is no registration or logging in.
How is this done?
Using HTTP cookies.

500 Internal Server error when using curl on an aspx page with SSL

I'm trying to access an aspx webpage using curl but it returns 500 internal server error. It doesn't require any credentials or POST variables I know of, but I think I'm missing something, because when I try to access it from my browser, it does work. The page is just a form with two fields to be filled and POSTed.
curl -L https://my.website.com
Do I need to make any changes to my curl script?
ps. I don't have access to the server or the server's logs
Some things to try and ideas:
trace your manual access with e.g. Fiddler or httpfox or firebug. You might see something more elaborate than you have see already (like a 301/302 response, I assume that you added -L to handle such a possibility?
as it works when you check out the page via a browser, the page might attempt a referrer check and fail miserably because there is no referrer (hence the 500, a server-side error). The dump you created in 1. will show you what to insert with curl's -e option.