I have a LARAVEL API coded in PHP with MYSQL Database but i want to create a Desktop App for few users, but for this i have to call my API with token csrf how can i do that
I tried like that
(It is a test class)
package com.trying.text;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.HttpsURLConnection;
public class Main {
private final static String USER_AGENT = "Mozilla/5.0";
private static String csrf;
@Override
public void start(Stage primaryStage) {
}
public static void main(String[] args) throws Exception {
System.out.println("Testing 1 - Send Http GET request");
sendGet();
System.out.println("Testing 2 - Send Http POST request");
sendPost();
}
public static void connectionHttp(){
}
// HTTP GET request
private static void sendGet() throws Exception {
String url = "http://ift.tt/2ko0YHN";
URL obj = new URL(url);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
// optional default is GET
con.setRequestMethod("GET");
//add request header
con.setRequestProperty("User-Agent", USER_AGENT);
int responseCode = con.getResponseCode();
System.out.println("\nSending 'GET' request to URL : " + url);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
// strip out your required data with a regex
Pattern pattern = Pattern.compile(".*<input type=\"hidden\" name=\"_token\" value=\"(.*?)\">.*");
Matcher matcher = pattern.matcher(response.toString());
if (matcher.find()) {
System.out.println(matcher.group(1));
csrf = matcher.group(1);
sendPost();
}
//print result
System.out.println(response.toString());
}
// HTTP POST request
private static void sendPost() throws Exception {
String url = "http://ift.tt/2kDR9nu";
URL obj = new URL(url);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
//add reuqest header
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", USER_AGENT);
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
String urlParameters = "name=test&password=test&_token=" + csrf;
// Send post request
con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(urlParameters);
wr.flush();
wr.close();
int responseCode = con.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Post parameters : " + urlParameters);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
//print result
System.out.println(response.toString());
}
}
I succeed to make a get call when i don't have to give to him a csrf (The first call is route that didn't under web middleware (Laravel for security and more..) But when i need to call an adress that need a csrf i try to get the csrf of one page that i know that had a csrf hidden input but i don't sicced to send a post request.
I have a 500 HTTP response.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire