I am reading Detecting Device Type in a web application and just got curious if it would be possible to client to fake the User-Agent when sending the request?
Question(s)
- user sends request via curl command but fakes it to look as if request is coming from Mobile on the server? is it possible?
- Can server detect it?
- Can server prevent it?
Thanks
It is possible and easy. All you have to do is set the user-agent header string. I've seen a browser that allowed you to set it (don't remember which one). On the server it is very hard to know. A lot of bots pretend to be a browser so they don't get filtered out.
Related
I know how to get cookies value from HTTP request with that way
> httpReq.getheader()
but now i want to access and get cookies values that set in browser wherever and use it in java classes without sending HTTP request?
is it possible ?
It is not possible ... unless your Java code is actually running in the web browser. The Java Tutorials include a page on Accessing Cookies in an Applet or JNLP application.
However, if your Java code is running in the web, then you have a problem because:
most browsers have already dropped support for Java plugins,
Oracle has deprecated browser-side Java as of Java 9.
If your Java code is server-side, then the HTTP request is the only way that information (such as cookies) is passed from the client (browser) to server. The server cannot send requests to the browser. The best it can do is send an HTTP reply that causes the browser to send another request. (Or open a WebSocket ...)
I am trying to simulate a response from a web server login confirmation to a windows application. I have the captured packets that detail the conversation between the server and the application for successful login already as it is my application, this is for debugging and MIME simulation to test application and network security. communications create what I hope can be a custom foolproof way to prevent a MIME but I dont have a way to test it, so here I am to ask for guidance.
How would I go about simulating the response from the server to the application?
I have some idea in the direction I would possibly need to go to achieve my desired outcome:
Utilizing my network:
I have a Linux machine set up as a dynamic router, dhcp, routing, and my Linksys router just acts as an access point and ethernet switch.
1: Set up web server on Linux machine.
2: redirect traffic from application port to Linux server.
3: run server-side script to respond to application request using packets captured to establish replay successful login to server.
So, I am kinda new to using Linux tools. I have setup a Linux router, captured basic information utilizing Wireshark, and am able to program in VB, javascript, some java. I have not done much network-oriented programming other than some simple communication for authentication I have successfully established.
Any information to point me in the right direction I am grateful for!
Most logins use encryption (https / TLS) so capturing the packets won't help.
If not, the packets will form a http request, and you should be able to see the format of the request, whether the login credentials are part of the URL for GET or part of the http body for POST. It is not hard to create your own http request.
How are parameters sent in an HTTP POST request?
Each http request will be followed by an http response from the server, and the format of the headers or body will contain the login result (http requests and responses are similar in format, but the headers are not the same).
More sophisticated logins may involve a series of requests/responses.
You will need to write a simpler server to receive the requests and send the responses. Java is probably your best choice, given the languages you know, plus there will be plenty of examples online. With JS it may be possible but for the most part JS is used in browsers, so not a great choice. VB is a Windows language not supported on Linux.
I'm endeavouring to locate and inspect a cookie created by a server process and returned to a client. The client is accessing the server via specialized interface (ie - not a web browser). I am able to inspect the server code but at present I can not make changes to it. I do know the value of the [name] parameter being passed to the Cookie-constructor. I tried searching the client file system for anything containing the [name] value with no luck. My guess is that the [name] parameter is not included in the file name. I've also checked the java hidden directories for them to no avail. Finally, I attempted to find the file via local temporal search thusly:
sudo find / -mtime -.1 ! -path "*/sys/*" ! -path "*/proc/*"
Any thoughts on how I can find this little guy?
Without REST client specifics, I can only tell you that a Cookie it nothing else than plain text. A Cookie is usually stored (in memory, files, cache, hash map, etc.) by a client (web browser, etc.) by server request. A simple non technical explanation here. Cookies are meant to be a shared state (stateful) between a client and a server.
Technically speaking, cookies are shared between client and a server by means of HTTP protocol. This protocol is nothing more thant standardized messages (with and URL, opeation code, encoding, headers and a body) that are sent over a TCP connection. Cookies are usualy shared in the headers area of an http message.
Here is a general explanation of how a server sends a cookie to a client, and vice versa. Scroll down to "Implementation".
It would really help if you can tell us how you're requesting web pages, content, etc. from a web server.
It seems that you're using a java server implementation, most likely apache tomcat, and you're using Servlets. Servlet implementation for cookie management does not differ of what I've already told you before.
Hope this helps and feel free to ask.
Context:
I have never created something or worked on this subject before but I have done my research and now I know what's the subject.
I have a virtual server machine(machineVM) and not a virtual client machine (machineA).
I should send a HTTP request from machineVM to machineA to a specific port. machineVM sees and knows machineA,i.e, it knows client name of machineA(myClient) via the HTTP request .
I'd like to say to machineA: "I have a document for you, come and get it.". On machineA I will have a windows service that will listen to that port and do its stuff.
That HTTP request should look like:
http:\\myClient:port/request_message_body
What are the possible wayouts to achieve the task?
HTTP POST ?
I am aware that HTTP uses port 80. How to decide and which port to use, which port will windows service listen, on which port should HTTP request be sent?
In this request_message_body I'd like to share a path to the folder from which machineA could fetch the document and to specify server and port.
How to format HTTP request correctly?
I should be able to create windows service that listens to a port, because I've created few services before, but I really need help with creation of this HTTP request and sending it.
Any help will be appreciated.
If you want to roll-your-own solution, you'll probably want to build on top of httpclient
There's also loads of libraries out there to help you to build restful webservices (springws, resteasy, jaxrs etc)
Solved!
Thank you #Gimby and #user2412816. You guys made me go through my code again and it was my mistake, like the most of the time. :-)
I think this might be a very stupid question.
I have 2 servers that are going to communicate with each other via HTTPS using XML packets.
My question is this, there is no webpage just a Java application. How would I get my Java app to run when it hears an XML packet from the other server? Are the messages to be sent via POST?
I know about HTTP protocols but my knowledge goes as far as webservers to sending the webpage to browsers, server to server communication w/o a webpage is baffling me. Can anyone point me to the right direction or better still to some codes that I might be able to look at.
Thank you.
You can use HttpClient in your server applications so that they become clients to each other. Then maybe simply implement REST services for the 'clients' to call.
I would suggest trying this out firstly using HTTP before trying it in HTTPS.
Of course there are other technologies you could try E.g JMS or SOAP.