I already spent all day looking for an answer for this:
I am using Perl with LWP::UserAgent and HTTP::Cookies.
My problem is that I can't get past an cookie-base age-check.
In Perl I use this code:
my $browser = LWP::UserAgent->new;
my $resp = $browser->get( $url, 'User-Agent' => 'MySpider/1.0' );
#Cookie Setup
my $cookies = HTTP::Cookies->new();
$cookies->set_cookie(1,'age_check', '1','/','.example.com/', 80, ,0,3354512128, 0);
$browser->cookie_jar($cookies);
The Site is setting the Cookie with JavaScript
function saveSplash(domain) {
var expDate = new Date();
expDate.setTime(expDate.getTime()+(1*24*3600*1000));
setCookie("age_check", 1, expDate, '/', domain);
setCookie("screen_width", getScreenWidth(), expDate, '/', domain);
}
This is the Cookie saved by my browser:
age_check
1
example.com/
1088
3354512128
30140182
2646218624
30139981
Any idea what I am doing wrong?
Thanks in advance guys!
I see two problems with your set_cookie call. First, the domain should be ".example.com" without a slash; the slash is specified in the path parameter. Second, you're missing a value for the path_spec parameter, so the value you specify for discard (0) is being used for maxage, which results in an expired cookie.
(Update: quite missed the point.)
I hope you didn’t really spend all day looking. :( The first result on Google for LWP::UserAgent JavaScript is Handling Javascript with LWP::UserAgent which gives the punchline: it doesn’t support JavaScript. There are a couple of options though.
Check Mechanize JavaScript on the CPAN. It leads to WWW::Mechanize::Firefox and WWW::Mechanize::Plugin::JavaScript. There is also scripting with WWW::Selenium which is a bit trickier but will perfectly emulate the browser because it really is running the browser.
Upate: forgot about WWW::Scripter which actually relates to Mech::Plugin::JavaScript.
Related
I am trying to overwrite custom value to HTTP REFERRER. I got success with javascript but my client want in PHP and i need help in rewriting Javascript to PHP.
JS code :
var reff = ["http://example.com", "http://example.net", "http://example.org"];
var randomreff = reff[Math.floor(Math.random() * reff.length)];
delete window.document.referrer;
window.document.__defineGetter__("referrer", function () {
return randomreff;
});
document.write(document.referrer);
I am trying to rewrite this code in PHP or maybe finding a similar solution with PHP. i tried multiple way to do in PHP. these are some example.
PHP Try 1 :
$reff = new Arr("http://example.com", "http://example.net", "http://example.org");
$randomreff = get($reff, call_method($Math, "floor", to_number(call_method($Math, "random")) * to_number(get($reff, "length"))));
_delete(get($window, "document"), "referrer");
call_method(get($window, "document"), "__defineGetter__", "referrer", new Func(function() use (&$randomreff) {
return $randomreff;
}));
PHP with variable :
$var = 'var reff = ["http://example.com", "http://example.net", "http://example.org"];
var randomreff = reff[Math.floor(Math.random() * reff.length)];
delete window.document.referrer;
window.document.__defineGetter__("referrer", function () {
return randomreff;
});
';
PHP with header referer :
header("Referer: https://www.example.com/");
None of them worked. Help me to rewrite Javascript code or alternative solution with PHP.
You won't be able to do this with PHP exclusively. document.referrer is a DOM property that is set by the browser when the page loads by reading the referrer header on the request. Since the request is generated by the browser you can't really touch it with PHP since that is executed on the server and not in the browser, if you want to execute something in the browser you will need javascript.
In your examples you are just trying to run javascript-code from PHP it seems, and that just won't work. The last sample that sets the referrer-header will set it on the response back from the server, but as I said, referrer is a request variable so it will just be ignored.
The only thing you could do from PHP is to tell the browser to redirect to the page again (by setting the location-header), but as far as I know these days this won't reset the referral-header (if so then redirects from http to https for example would loose it all the time).
I'm not exactly sure are you trying to acomplish here. Setting document.referrer is only valid for the current page and won't affect what the next page sees. If executed early it might fool some tracking scripts at most.
I am trying to set/get an array as a cookie in Javascript as follows:
let features = [];
for(const property in object) {
...
let feature = new Feature(...);
features.push(feature);
}
cookie.set('features', JSON.stringify(features));
console.log(JSON.parse(cookie.get('features')));
and I get the following error:
VM21081:1 Uncaught SyntaxError: Unexpected token u in JSON at position 0
P.S. If I do not use stringify/parse the result is undefined.
Could you help me, please?
Thank you in advance.
the issue is that you try to set and get cookies in the browser on the local environment.
I copied from the answer in this topic (Why does Chrome ignore local jQuery cookies?)
'Chrome doesn't support cookies for local files (or, like Peter Lyons mentioned, localhost*) unless you start it with the --enable-file-cookies flag. You can read a discussion about it at http://code.google.com/p/chromium/issues/detail?id=535.
*Chrome does support cookies if you use the local IP address (127.0.0.1) directly. so in the localhost case, that could be an easier workaround.'
to test your code you can use w3school editor, here is an example:
https://www.w3schools.com/code/tryit.asp?filename=GHTVNK8POVWM
(click run button to see the result)
for (var i = 3848450; i > 3848400; i--) {
var query = {
url: 'http://classifieds.rennug.com/classifieds/viewad.cgi?adindex=' + i,
type: 'html',
selector: 'tr',
extract: 'text'
}
,
uriQuery = encodeURIComponent(JSON.stringify(query)),
request = 'http://127.0.0.1:8888//?q=' +
uriQuery + '&callback=?';
jQuery.getJSON(request, function (data) {
var datastring = data[0].results;
var datasplit = datastring.toString().split('Sign');
$('#inner-content').append(datasplit[0]);
});
}
I want to listen for new URLs of ads that are posted without writing some kind of arbitrary code that takes up a lot of memory looping through new URLs, etc. I can do that but it seems redundant and such as my code listed above. Im using noodle.js to get the info from the pages. Now I would like a way to listen for new urls instead of looping through every possible url from a to z. Since I don't know z it's a safe bet I'll be using an if statement but how would one go about incorporating this nth URL without ending up with undefined iterations. Im still learning and find this place has many helpful people. This is simply a fun project I'm doing to learn something new.
If I understand you correcly, you want an external thing to inform your javascript when there's new a URL or JSON data
Unfortunately the web is not built for servers to contact clients, with one exception to my knowleadge: WebSockets
You already seem to have a local server so you meet the requirements plus node ships with them ready for use (also available on the browser). To use noodlejs with websockets you'd have to require the package and set up the WebSocket to send data to your client
Other than pointing you towards that direction, I don't think I can do better than the internet at giving you a tutorial. Hope this helps, Have fun! Also thanks for telling me about noodle, that thing is awesome!
I'm working with a Login problem in my app. I have an oauth login implemented between my server and my app, login works right, but if I use a password generated by some online services or app dedicated, for example, /#+6-[[?!nWYvfL)2Z7 the url that I need to build to make a call to the server, fails.
This is the call that my app generate:
[INFO:CONSOLE(521)] "http://localhost/oauth/v2/token?client_id=18_5cf03buhhp8gafadfg088w440ogsgd08ooggso80wg000k0gccw08&client_secret=4ajo9kcdqbqagddagdfdfswwcoo0c4gk48g4okw4kck0k0&grant_type=password&username=testing&password=/#+6-[[?!nWYvfL)2Z7", source: file:///android_asset/www/js/factoryutils.js (521)
It's seems to break after the dash. How I can solve this issue??
Thank you.
EDIT:
After insert ' ', it's still fails. The logcat of Android Studio show me the URL like an hyperlink, but until the password, like the next:
http://localhost/oauth/v2/token?client_id=18_5cf03buhhp8gafadfg088w440ogsgd08ooggso80wg000k0gccw08&client_secret=4ajo9kcdqbqagddagdfdfswwcoo0c4gk48g4okw4kck0k0&grant_type=password&username=testing&password='/#+6-[[?!nWYvfL)2Z7'
Send "%2F#+6-[[?!nWYvfL)2Z7" instead of /#+6-[[?!nWYvfL)2Z7, this should solve your problem.
It is achieved like this:
var unEscapedPassword = "\""+$scope.user.password+"\"";
var escapedPassword = unEscapedPassword .replace("/", "%2F");
With the next code I can get url with the password formatted.
function encodeRFC5987ValueChars (str) {
return encodeURIComponent(str).
// Note that although RFC3986 reserves "!", RFC5987 does not,
// so we do not need to escape it
replace(/['()]/g, escape). // i.e., %27 %28 %29
replace(/\*/g, '%2A').
// The following are not required for percent-encoding per RFC5987,
// so we can allow for a little better readability over the wire: |`^
replace(/%(?:7C|60|5E)/g, unescape);
}
Thank you for your help Tarekis
I've been searching throughout the day to find a way to figure this out, but without sucess and I thought that maybe someone here could help ?
I am trying to use a secrete password in my .Js file but I can't write it directly in the file because everyone could see it when accessing the source code. e.g I need to send this password using ajax to another page to make sure that the HttpRequest is from my website not from another forge httprequest . Is that possible because I've tried everything else like Authentication Forms but that didn't help.
I'm using asp.net and HttpHandler as the page that returns data .
What you can do is generate a key that is valid up to a set time using PHP like so:
$password = "some random string";
$key = md5($password . $_SERVER['REQUEST_TIME']) . "|" . $_SERVER['REQUEST_TIME'];
This way you know when the key was generated, and if it's been tampered with because:
function check($key) {
list($hash, $timestamp) = explode("|", $key, 2);
if ($hash !== md5($password . $key)) {
throw new Exception("Naughty!");
}
if ($timestamp < $_SERVER['REQUEST_TIME'] < 60*60) {
throw new Exception("too old");
}
}
The down side is that people who don't refresh the page very often (in my example this is 1 hour) their key will expire.
Another issue is that your 'attacker' could technically first scrape a page to get a new key and use that, and scrape again when it expires and so on.
This solution works very good for protecting against hotlinking.
This is how it's done in MVC. Unfortunately, it doesn't look like the same security goodness has made it to WebForms (at least as far as I can tell).