How can I read this url in Rebol? - rebol

when trying to read this kind of url
URL: http://v4.lscache2.c.youtube.com/videoplayback?ip=0.0.0.0&sparams=id,expire,ip,ipbits,itag,algorithm,burst,factor,oc:U0dWSlhTVF9FSkNNNl9QTVhJ&algorithm=throttle-factor&itag=34&ipbits=0&burst=40&sver=3&expire=1275886800&key=yt1&signature=89195E808CB3FBBC7BDE7298A1DC0613D7987F00.D3064112E8F479C523F8DF4FBFDF392CE48167C2&factor=1.25&id=34e01ad39b34b5c9&
I get this error
read/binary url
connecting to: v4.lscache2.c.youtube.com
** User Error: Error. Target url: http://v4.lscache2.c.youtube.com/videoplayback?ip=0.0.0.0&sparams=id,expire,ip,ipbits,
itag,algorithm...
** Near: read/binary url

In Rebol 3 you get:
** Access error: protocol error: "Server error: HTTP/1.1 403 Forbidden"
The message you're getting is Rebol 2's not-so-eloquent way of saying that. (You can also enter it in Firebug and see that using this raw URL does not work.)
I'd imagine that YouTube will only let you get the stream if the requesting HTTP header matches a certain pattern. Among potential things it might look for is a cookie specifically crafted for your session and designed to expire after a certain time.
As far as I understand it YouTube is not too keen on third party downloads of video data. They used to have a get_video API but appear to have disabled it. So you'll either have to fake up a cookie and make them think you're one of their players, or find a service which is friendlier to this sort of application.

Related

What is a __cf_bm cookie?

First off, I apologize if I use any incorrect terminology. I'm familiar with calling internal apis, but this a side project and new territory for me.
I've been using chrome debugger and powershell to write some scripts against the api of a public site. I was able to retrieve the JWT token, however after a few minutes my calls will start to fail with a 403 error. To get around this I've been exporting all the request headers from chrome and storing those locally for my script to pass whenever my call to the api fails. I narrowed it down to 4 headers that must be present, the one that is most suspect seems to be "cookie".
I then removed all key value pairs in the cookie header until I found the one that makes it fail. It's named "__cf_bm". A quick google says it's some kind of cloudflare bot management data. I don't see any of the data present in the __cf_bm cookie being sent in a response during authentication, I only see it in request headers. Is it not possible to construct this value? Does this essentially prevent me from interacting with the site's api?

Receiving the below mentioned error in JMeter while using Delete Request. Unable to find why this error occurred

Notice: Trying to get property of non-object in /var/www/maps/api/place/DeletePlace.php on line 42
The error means that the application you're testing tries to read some property from something not being an object.
If the behaviour can be reproduced using a real browser it indicates a bug in your application
If it happens only with JMeter and isn't reproducible with the browser you need to cross check the request JMeter sends using View Results Tree listener and the request the browser sends using "Network" tab of your browser developer tools - the requests must be exactly the same (apart from dynamic parameters which need to be correlated)
The most common mistake when it comes to API testing using JMeter is that people forget to add HTTP Header Manager and configure it to send a valid Content-Type header

cURL: which information is needed to get access token to login to a website?

after successfully getting past the login page using curl in Linux (bash) with two sites that use information from the HTML-form field to accomplish this, I now also want to login to another site with my credentials that is a bit more tricky. I'm new to this and it seems that it works with OAuth so I need an access token first. With my two successfull attempts it was necessary to extract a CSRF token from the HTML code so as to prove I'm not a malicious bot. But now it's completely different and the server thinks I'm a bot (see error messages below).
Can somebody please confirm whether these are the only steps involved for logging in to an OAuth protected site:
a POST request to the server that generates the token (https://name_of_site/api/v1/auth/token)
a GET request to a password-protected part of the website using the access token from step 1
When I try step 1, I get error messages as shown below*. I inspected the website before logging in and afterwards with a browser and copied everything as cURL (bash). In the header fields of the token request I can find two more fields that look like they provide dynamic information:
x-trace-request-id
x-recaptcha-v3
I did some research and found that the request ID stays the same for some interactions that go to and from a server to facilitate identification of the client(?).
And concerning the recaptcha, I know what a recaptcha is, but I did not have to solve any captchas when accessing the site with a browser. So I'm quite unsure about these bits of information.
I strongly assume that I need to send one or both of these headers in the first step to actually get an acess token. But how could I get valid values for these parameters with cURL?
Any help is aprreciated! Please point me in the right direction. I can provide more information if needed, of course.
{"status":"ERROR","statusCode":400,"data":{"message":"Request failed with status code 400","error":"invalid_grant","error_description":"invalid credential","bot-detection-error":"MissingAdditionalAuthToken"}}
This is the error I get when I do not provide x-trace-request-id and x-recaptcha-v3
{"status":"ERROR","statusCode":400,"data":{"message":"Request failed with status code 400","error":"invalid_grant","error_description":"invalid credential","bot-detection-error":"InvalidCaptchaV3Token"}}This is the error I get when I simply use the values as copied from the old request when I used the browser

How to look at http headers sent by safari?

I been trying to debug an issue that ONLY happens on safai, I get:
Bad Request - Invalid Header
http Error 400 The request has an invalid header name
However no matter where I look for in the error console, resources, or timeline I cant look at the headers from said request.
Is there a way to get this information?
You can install http-log and point the Safari URL to localhost:7777 and it will print out what headers Safari is sending.
If you can not change the URL or just want more debugging power you should install a debugging proxy e.g. WebScarab and configure Safari to use that. You get a nice GUI where you can see all the request data: WebScarab GUI
Http-log only prints it to command line.

Instagram API Returning Invalid Format for Callback_Url Error

I'm using the Instagram API.
I'm trying a simple post for a subscription request, and I keep getting
"Invalid format for 'callback_url'. URL must start with http:// or
https://".
It clearly starts with that.
I can't find anyone online that's running into this same problem.
Tried the post with a clear callback url:
http://api.instagram.com/v1/subscriptions/?client_id={client_id}&client_secret={secret}&object=tag&aspect=media&object_id=skateboarding&callback_url=http://skateparkoftampa.com/spot/instagram_callback.aspx
And with an HTML encoded callback URL:
http://api.instagram.com/v1/subscriptions/?client_id={client_id}&client_secret={secret}&object=tag&aspect=media&object_id=skateboarding&callback_url=http%3A%2F%2Fskateparkoftampa.com%2Fspot%2Finstagram_callback.aspx
Also tried it with both GET and POST, also by letting the API console create the request by simply filling in the parameters fields, etc. I feel like I'm missing something really obvious or something, but I'm stuck. Any ideas?
As sais on Endpoints page:
All endpoints are only accessible via https
You should use your own CLIENT-ID and SECRET-ID and callback url (so don't use API console).
Your callback url may be without https.
Just use link with https:
https://api.instagram.com/v1/subscriptions/
Try examples from this page
You should use POST request to subscribe and unsubscribe, and GET to get list of subscriptions. Please, read documentation accurately.