Hello everyone,
I'm looking for a way to encrypt Query String in my ASP.Net Application. I Search on Internet and found that we can do this by first encrypting them, then send it and than decrypt it. But with this solution will take much time as I will have to go to every page and find where Im using Request.QueryString.
Now I'm thinking cant this be done from IIS, so that I don't have to change my code ?
I hope someone will help me out.
Thanks
As already pointed out in the comment,you can just run using https and
no one can snoop your query string values. But if you do not want the
users to see the query string values, You can write a custom
HTTPModule in IIS .
There is already a module written for this,please check out httpmodule-for-query-string-encryption
Related
I already set up the application proxy and it works fine. The problem is I need to pass info about the Microsoft user to the application that the internal URL is pointing to, and I haven't found a way to change the url dynamically, much less create a custom body, to pass on said information.
If there isn't any way to send said info over url or request body, would it be possible over cookies? If so I'd love it if you could link me to some sources to read up on it as I have no prior experience working with cookies and have absolutely no idea about how they work:\
I'd really appreciate any help you can give me, I googled a bunch and am yet to find an answer. Also please don't crucify me if the answer is obvious lol, I'm trying:(
Basically the use-case is this:
Open a website > receiving the content from other website (and interacting with it like if it was the original link), so not just html but being able to log in, etc.
The thing is: I want to use my server as a bridge/proxy. (Like https://www.croxyproxy.com/ or https://www.proxysite.com/). For example: let's say I go to https://whatismyipaddress.com/, instead of seeing my real ip, I would like to see my server's ip.
How can I accomplish that? Please help me clarify the approach (and what stack can I use). I'm totally lost after googling a lot, so far I've found this:
http://greim.github.io/hoxy/
https://github.com/Athlon1600/php-proxy-app
https://github.com/mswjs/http-middleware
Thanks a lot in advance.
I want to save the data column from this url to an array in python. I tried it with, for instance, pandas.save_table:
import pandas as pd
pd.read_table('https://adventofcode.com/2019/day/1/input', sep='')
but I get HTTPError: HTTP Error 400: Bad Request and I think this is not the right way to do that.
Can someone help me with that?
If you try to open the link in your question (in a browser using incognito mode or something similar i.e. delete your cookies) you'll see that you need login into the website to access the page. This is why the you're getting a 400 Bad Request error as a response from the server.
From the FAQ section of the website that you're trying to access:
How does authentication work? Advent of Code uses OAuth to confirm
your identity through other services. When you log in, you only ever
give your credentials to that service - never to Advent of Code. Then,
the service you use tells the Advent of Code servers that you're
really you. In general, this reveals no information about you beyond
what is already public; here are examples from Reddit and GitHub.
Advent of Code will remember your unique ID, names, URL, and image
from the service you use to authenticate.
The website uses OAuth to handle logins to the url that you create will need these access tokens. You can use a library like python-oauth2 to help you with this (there are others so you can read around and decide which you'd like to use). Creating and understanding how to make http requests is beyond the scope of this answer. I'd suggest you have a look around on the internet for some explanations and try again, if you have get stuck please ask another question. Otherwise it'll probably be easier to save the file from your browser...But I'll leave this answer here for the next person who runs into the same problem.
I am scraping website which is made on websphere.
I see that whenever the user logged in, It hits 4 url while reaching to home page.
While in 3rd URL, It has some encrypted value which looks like this
L0lDU0NTSUpKZ2tLQ2xFS0NXXXXXXXXXXXXXXXXXXX..XXXXXXXXXvZD1vbkxvYWQ!
The URL looks like this :
http://example.com/escares/wps/myportal/!ut/p/c1/XXXXXXXXXX/dl2/d1/L0lDU0NTSUpKZ2tLQ2xFS0NXXXXXXXXXXXXXXXXXXX..XXXXXXXXXvZD1vbkxvYWQ!
The problem is, I noticed this only encrypted value changes for every login.
Is there any algorithm in websphere that generates this kind of url ? Or is there any way I can replicate this encrypted value ?
Is there any one who has done crawling/scraping on the websphere site ?
wps/myportal suggests a Websphere web portal login. The 'encrypted' URI you're seeing is most likely a hash to maintain the user login sessions.
The best way to replicate this is to supply your web scraping program with a username and password to access the portal section of the website so it can POST a login while scraping. The website itself will generate the session info. You will need to instruct your scraping application to follow any dynamic URLs that are generated. Usually this is done by following any URLs in the HTML supplied by the server after logging in.
As an example, scrapy can be configured to follow any URLs in target pages when scraping:
https://doc.scrapy.org/en/latest/intro/tutorial.html#following-links
Although you are using your own solution to scrape the contents of the portal for a logged in user, hopefully the logic and progression illustrated in my examples help steer you in the right direction for resolving what appears to be a session/cookie storage issue.
Though Chris has answered the question and it helped me.
This line
Usually this is done by following any URLs in the HTML supplied by the server after logging in.
Just want to update with Node js. The same thing can be acheived by request module and cheerio for parsing the html(which comes in response) in Node JS.
P.S. : In case anyone is looking where i found that dynamic url, I found that in HTML form which came to me in response. It was the action of that form.
I'm trying to get NTLM Authentication working w/ Node.js. I've been reading this ( http://davenport.sourceforge.net/ntlm.html#theNtlmMessageHeaderLayout ). I send the header and get a Base64 authentication header.
I tried converting it from Base64 to UTF8 by making a new Buffer with base64 encoding and then calling toString('utf8') which returns a string something like
NTLMSSP\u0000\u0001\u0000\u0000\u0000\u0007�\b�\u0000
This is where I need help. I understand the NTLMSSP\u0000 is the null terminated signature, but and what the rest is supposed to indicate, but to me it's just garbage. It's unicode characters, but how am I supposed to get actual data out of that? I may be converting it incorrectly, which may be adding to my troubles, but I'm hoping someone can help.
Have a look at http://www.innovation.ch/personal/ronald/ntlm.html
What you receive is a Type-2 Message. The pages explains it in a very practical way. You have to extract the server challenge (nonce) and the server flags.
I just implemented a module for node.js to do just that: https://github.com/SamDecrock/node-http-ntlm
Have you looked at NTLMAPS?
You may be able to solve your problem by using it as a proxy server, but if you really want to implement NTLM auth in Javascript, then NTLMAPS provides lots of working code to study.
Sam posted the best resource I've seen for understanding what's going on.
jclulow on GitHub seems to have implemented it in a Samba library he built.
Take a look here:
https://github.com/jclulow/node-smbhash
under lib\ntlm.js you can see how he's handled the responses.
I've built client a couple of months ago using javascript, ntlm.js. Maybe that can help you get along. It was based on the documentation # innovation.ch and Microsofts own official documentation (see the references on the github page).