Autor Thema: Neue Version von HTTPMOD mit neuen Features zum Testen  (Gelesen 75401 mal)

Offline JoeALLb

  • Hero Member
  • *****
  • Beiträge: 1430
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #450 am: 09 Juli 2018, 14:11:54 »
Dann nimm
(?s)(.*)(?<wert>.)$
oder schlicht nur
(?<wert>\n)$.

Sollte beides die 0 oder 1 erfassen.
FHEM-Server auf IntelAtom+Debian (8.1 Watt), KNX,
RasPi-2 Sonos-FHEM per FHEM2FHEM,RasPi-3 Versuchs-RasPi für WLAN-Tests
Gateways: DuoFern Stick, CUL866 PCA301, CUL HM, HMLan, JeeLink, LaCrosse,VCO2
Synology. Ardurino UNO für 1-Wire Tests, FB7270

Offline wires.io

  • Jr. Member
  • **
  • Beiträge: 73
    • Smart Wirings for the Internet of Things
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #451 am: 09 Juli 2018, 14:57:44 »
Danke. Leider kommt beides mal gar nix raus.

Offline JoeALLb

  • Hero Member
  • *****
  • Beiträge: 1430
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #452 am: 09 Juli 2018, 15:09:56 »
Was ist "nix"? 0 ist auch "nix".
zeig mal ein List auf das Device.
FHEM-Server auf IntelAtom+Debian (8.1 Watt), KNX,
RasPi-2 Sonos-FHEM per FHEM2FHEM,RasPi-3 Versuchs-RasPi für WLAN-Tests
Gateways: DuoFern Stick, CUL866 PCA301, CUL HM, HMLan, JeeLink, LaCrosse,VCO2
Synology. Ardurino UNO für 1-Wire Tests, FB7270

Offline wires.io

  • Jr. Member
  • **
  • Beiträge: 73
    • Smart Wirings for the Internet of Things
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #453 am: 09 Juli 2018, 15:18:51 »
Weder 0 noch 1 noch irgendetwas.

Internals:
   BUSY       0
   CFGFN     
   DEF        none 0
   Interval   0
   LASTSEND   1531140936.16157
   MainURL   
   ModuleVersion 3.4.2 - 10.2.2018
   NAME       Coffeemaker
   NR         1513
   STATE      1
   TRIGGERTIME 0
   TRIGGERTIME_FMT
   TYPE       HTTPMOD
   addr       http://IP-Adresse:80
   auth       0
   buf       
   code       200
   compress   1
   conn       
   data       
   displayurl http://IP-Adresse/Status
   header     Content-Type: text/plain
   host       IP-Adresse
   httpbody   0

   httpheader HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 2
Connection: close
Access-Control-Allow-Origin: *
   httpversion 1.0
   hu_blocking 0
   hu_filecount 52
   hu_port    80
   hu_portSfx
   ignoreredirects 0
   loglevel   4
   path       /Status
   protocol   http
   redirects  0
   timeout    2
   url        http://IP-Adresse/Status
   value      0
   OLDREADINGS:
   QUEUE:
   READINGS:
     2018-07-09 14:55:36   state           1
     2018-07-09 14:53:23   state-1         HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 2
Connection: close
Access-Control-Allow-Origin: *

0
     2018-07-09 14:53:23   state-2         

   REQUEST:
     data       
     header     Content-Type: text/plain
     ignoreredirects 0
     retryCount 0
     type       get01
     url        http://IP-Adresse/Status
     value      0
   defptr:
     readingBase:
       Status     get
       state      get
       state-1    get
       state-2    get
     readingNum:
       Status     01
       state      01
       state-1    01
       state-2    01
     readingOutdated:
     readingSubNum:
       state-1    -1
       state-2    -2
     requestReadings:
       get01:
         Status     get 01
         state      get 01
         state-1    get 01-1
         state-2    get 01-2
   sslargs:
Attributes:
   get01Name  state
   get01Regex .$
   get01URL   http://IP-Adresse/Status
   getHeader1 Content-Type: text/plain
   set01Name  on
   set01NoArg 1
   set01URL   http://IP-Adresse/On
   set02Name  off
   set02NoArg 1
   set02URL   http://IP-Adresse/Off
   showBody   1
   userattr   get01CheckAllReadings:0,1 get01Name get01Poll:0,1 get01RegOpt get01Regex get01URL getHeader1 set01Name set01NoArg:0,1 set01URL set02Name set02NoArg:0,1 set02URL
   verbose    5

Offline JoeALLb

  • Hero Member
  • *****
  • Beiträge: 1430
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #454 am: 09 Juli 2018, 15:30:46 »
Da steht aber
get01Regex .$, was nicht mein Beispiel war. So macht helfen nur wenig spaß. ;-).
Es entspricht auch nicht der commandref von httpmod, da die capture-group fehlt.

Hast du mal einen anderen Namen als state versucht? bin mir nicht sicher, aber früher mal ging state definitiv nicht.
nimm ein anderes reading und setzte den state dann korrekt mit stateFormat.

sG Joe
FHEM-Server auf IntelAtom+Debian (8.1 Watt), KNX,
RasPi-2 Sonos-FHEM per FHEM2FHEM,RasPi-3 Versuchs-RasPi für WLAN-Tests
Gateways: DuoFern Stick, CUL866 PCA301, CUL HM, HMLan, JeeLink, LaCrosse,VCO2
Synology. Ardurino UNO für 1-Wire Tests, FB7270

Offline wires.io

  • Jr. Member
  • **
  • Beiträge: 73
    • Smart Wirings for the Internet of Things
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #455 am: 09 Juli 2018, 15:50:54 »
Hatte als letztes noch eine andere regex getestet nachdem ich Deine ausprobiert hatte.

Habe die Variable nun umbenannt.

get01Name meinstatus
get01Regex (?s)(.*)(?<meinstatus>.)$
meinstatus-1
HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 2 Connection: close Access-Control-Allow-Origin: * 0
2018-07-09 15:47:45
meinstatus-2
2018-07-09 15:47:45

Offline wires.io

  • Jr. Member
  • **
  • Beiträge: 73
    • Smart Wirings for the Internet of Things
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #456 am: 10 Juli 2018, 09:47:59 »
Irgendwelche Ideen?

Online frank

  • Hero Member
  • *****
  • Beiträge: 6776
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #457 am: 10 Juli 2018, 10:56:50 »
du suchst ja scheinbar die null am ende. ich würde mal folgendes testen:

(?s)(.)$
oder das vorletzte zeichen:
(?s)(.).$
FHEM: 5.8(SVN) => Pi3(jessie)
IO: CUL433_V3.3(1.00.01B53)|CUL868_V3.3(1.58)|HMLAN(0.965)|HMUSB2(0.967)|HMUART(1.4.1)
CUL_HM: CC-TC|CC-VD|SEC-SD|SEC-SC|SEC-RHS|Sw1PBU-FM|Sw1-FM|Dim1TPBU-FM|Dim1T-FM|ES-PMSw1-Pl
IT: ITZ500|ITT1500|ITR1500|GRR3500

Offline JoeALLb

  • Hero Member
  • *****
  • Beiträge: 1430
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #458 am: 10 Juli 2018, 11:40:16 »
Oder schlicht
.*(\d)
FHEM-Server auf IntelAtom+Debian (8.1 Watt), KNX,
RasPi-2 Sonos-FHEM per FHEM2FHEM,RasPi-3 Versuchs-RasPi für WLAN-Tests
Gateways: DuoFern Stick, CUL866 PCA301, CUL HM, HMLan, JeeLink, LaCrosse,VCO2
Synology. Ardurino UNO für 1-Wire Tests, FB7270

Offline wires.io

  • Jr. Member
  • **
  • Beiträge: 73
    • Smart Wirings for the Internet of Things
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #459 am: 10 Juli 2018, 14:02:48 »

Offline ch.eick

  • New Member
  • *
  • Beiträge: 41
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #460 am: 23 August 2018, 16:59:00 »
Hallo zusammen.
Ich hatte schon mal versuche zur Vallox Cloud unternommen und auch gesehen, dass es anklang gefunden hat. Vielen dank dafür.
Nachdem ich nun fhem wieder aktualisiert habe wollte ich meine Versuche nun fortsetzen. Ich denke es ist noch keinem gelungen mit dem httpmod in die Vallox Cloud zu kommen. Für mich scheind es etwas mit der Session Id (sid) zu tun zu haben, jedoch bin ich mir nicht sicher.
Mein erster Versuch war damalz zu komplex, da ich dachte ich wäre im Login weiter, jedoch war das nur eine Wechselwirkung mit den parralellen curl versuchen und das Kopieren von Schlüsseln aus dem Burp Mitschnitt.

Meine Login Config sieht wie folgt aus:

list vallox_login

Internals:
   BUSY       0
   CHANGED   
   DEF        https://cloud.vallox.com:443/login 0
   Interval   0
   LASTSEND   1535033905.89712
   LastAuthTry 2018-08-23 16:18:23
   MainURL    https://cloud.vallox.com:443/login
   ModuleVersion 3.5.1 - 5.7.2018
   NAME       vallox_login
   NR         189
   STATE      https://cloud.vallox.com:443/: Too many redirects
   TRIGGERTIME 0
   TRIGGERTIME_FMT
   TYPE       HTTPMOD
   addr       https://cloud.vallox.com:443
   auth       0
   buf       
   code       200
   compress   1
   conn       
   data       
   displayurl https://cloud.vallox.com:443/
   header     X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
   host       cloud.vallox.com
   httpbody   <!DOCTYPE html><html ng-app="CloudApp"><head><title>MyVallox Cloud</title><!--   Created by ilkka.salminen on 23/09/14.--><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet" href="/layouts/core.min.css?undefined"><!--link(rel='stylesheet', href='/layouts/core.css?#{cacheBreaker}')--><link rel="stylesheet" href="/views/index.min.css?undefined"></head><body><!--Created by ilkka.salminen on 26/09/14.--><div class="header"><div class="row"><div class="logo-always"><img src="/media/logo.png"></div></div></div><div class="main-content"><div class="section demo-area"><div class="row middle"><div class="col-xs-6"><p>Try demo version of MyVallox Cloud</p></div><div class="col-xs-6"><a href="https://cloud.vallox.com:8080/" class="btn btn-block btn-primary">Demo</a></div></div></div><div class="main-image"><div id="main-carousel" data-ride="carousel" class="carousel slide"><ol class="carousel-indicators"><li data-target="#main-carousel" data-slide-to="0" class="active"></li><li data-target="#main-carousel" data-slide-to="1"></li><li data-target="#main-carousel" data-slide-to="2"></li></ol><div role="listbox" class="carousel-inner"><div class="item active"><img src="/media/MyValloxKuvakaruselliKuvatPlain.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>EASY VENTILATION CONTROL</h3>Register your MyVallox ventilation unit with the cloud service and control the ventilation of your home anywhere</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain2.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>HOME OF FRESH AIR</h3>Vallox keeps the indoor air fresh and pure</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain3.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>GOOD VENTILATION IS AN INVESTMENT IN WELL-BEING</h3>and the best insurance for your home</div></div></div></div></div><!--#mobile-titleimageimg(src='/media/MyValloxKuvakaruselliKuvatPlain3.jpg')--></div><div ng-controller="loginController" ng-keypress="enterKey($event)" class="login-area section"><h1>Log in</h1><div ng-show="errors" ng-repeat="error in errors" class="alerts"><div class="alert alert-danger alert-dismissable"><button type="button" data-dismiss="alert" class="close">&times;</button>{{error}}</div></div><form><div class="row"><div class="email-input col-sm-5"><input type="email" placeholder="Email" ng-model="email"></div><div class="password-input col-sm-5"><input type="password" placeholder="Password" ng-model="password"></div><div class="login-buttons col-sm-2"><div class="login-button"><div class="button"><button type="submit" ng-click="login()" class="btn btn-block btn-primary">Log in</button></div></div></div></div></form><div class="extra-row"><a href="/login/forgot/">Forgot your password?</a></div></div><div class="firmware section"><h1>Latest firmware</h1><div class="row"><div class="col-xs-1">v1.8.5</div><div class="col-xs-4"><a href="http://cloud.vallox.com/changelog.txt" target="_blank">Firmware change log</a></div><div class="col-xs-4"><!--a(href='http://cloud.vallox.com/instructions.txt', target="_blank") #{strings.firmware_instructions_link}--></div><div class="col-xs-3"><a href="http://cloud.vallox.com/HSWUPD.BIN" class="btn btn-block btn-primary">Download</a></div></div></div></div><div class="clearfix"></div><!--#debug--><!--Created by ilkka.salminen on 03/02/15.--><div class="cloud-footer"><div class="footer-logo"><img src="/media/logo_sq.png" alt="logo" class="img-responsive"></div><div class="footer-content"><div class="row"><div class="about col-sm-4"><a href="http://www.vallox.com/" target="_blank">About Vallox</a><br><a href="http://www.vallox.com/" target="_blank">Help</a></div><div class="legal col-sm-4"><a href="/terms">Terms and conditions</a><br><a href="/privacy">Privacy policy</a></div><div class="copyright col-sm-4">&copy; Vallox 2018</div></div></div></div><script src="/layouts/core.min.js"></script><script src="/views/backend.js"></script><script src="/views/index.js"></script><script src="/vendor/bootstrap/js/carousel.js"></script></body></html>
   httpheader HTTP/1.1 200 OK
Set-Cookie: lang=en; Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:27 GMT
Set-Cookie: _csrfToken=Whh40DDR-cGLNq5hTqkOtXKcWQJRwpH0pxZo; Path=/
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"1049-MfCJK8GFZUV/rfWyN777Iw"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 23 Aug 2018 14:18:27 GMT
Connection: close
Transfer-Encoding: chunked
   httpversion 1.1
   hu_blocking 0
   hu_filecount 144
   hu_port    443
   hu_portSfx
   ignoreredirects 0
   loglevel   4
   path       /
   protocol   https
   redirects  1
   timeout    2
   url        https://cloud.vallox.com:443/
   value      0
   HTTPCookieHash:
     _csrf;:
       Name       _csrf
       Options    Path=/
       Path       
       Value      s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw
     _csrfToken;:
       Name       _csrfToken
       Options    Path=/
       Path       
       Value      Whh40DDR-cGLNq5hTqkOtXKcWQJRwpH0pxZo
     lang;:
       Name       lang
       Options    Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:27 GMT
       Path       
       Value      en
   OLDREADINGS:
   QUEUE:
   READINGS:
     2018-08-23 16:18:25   LAST_ERROR      https://cloud.vallox.com:443/: Too many redirects
   REQUEST:
     data       
     header     X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
     ignoreredirects 0
     retryCount 1
     type       get01
     url        https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412
     value      0
   defptr:
     readingBase:
       _csrfToken reading
     readingNum:
       _csrfToken 01 
     readingOutdated:
     requestReadings:
       get01:
         _csrfToken reading 01
       sslargs:
Attributes:
   enableCookies 1
   get01Name  KWL_Status
   get01URL   https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412
   getHeader1 X-Requested-With: XMLHttpRequest
   getHeader2 Accept: application/json, text/javascript, */*; q=0.01
   getHeader3 Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   getHeader4 DNT: 1
   getHeader5 Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
   getHeader6 User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
   httpVersion 1.1
   reAuthRegex loginController
   reading01Name _csrfToken
   reading01Regex (?<=_csrfToken=).*(?=;)
   room       Heizung
   set01Name  Login
   showBody   1
   showError  1
   sid1Data   username=xxxxxxxxxx&password=xxxxxxxx
   sid1Header1 Accept: application/json, text/plain, */*
   sid1Header2 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
   sid1Header3 Accept-Language: en-US,en;q=0.5
   sid1Header4 Referer: https://cloud.vallox.com/
   sid1Header5 Accept-Encoding: gzip, deflate
   sid1Header6 Connection: close
   sid1Header7 User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
   sid1Header8 Cookie: connect.sid=$sid
   sid1URL    https://cloud.vallox.com/login
   stateFormat LAST_ERROR
   timeout    2
   userattr   get01CheckAllReadings:0,1 get01Data get01Header3 get01Name get01URL getHeader1 getHeader2 getHeader3 getHeader4 getHeader5 getHeader6 getHeader7 reading01Name reading01Regex reading02Name reading02Regex set01Data set01Header1 set01Name set01URL setHeader1 setHeader2 setHeader3 setHeader4 setHeader5 setHeader6 setURL sid1Data sid1Header1 sid1Header2 sid1Header3 sid1Header4 sid1Header5 sid1Header6 sid1Header7 sid1Header8 sid1URL
   verbose    5


Und hier kommt das kommentierte Log mit Verbose 5

2018.08.23 16:18:22 5: vallox_login: get called with KWL_Status
2018.08.23 16:18:22 5: vallox_login: get found option KWL_Status in attribute get01Name
2018.08.23 16:18:22 4: vallox_login: get will now request KWL_Status, no optional value
2018.08.23 16:18:22 4: vallox_login: AddToQueue adds get01, initial queue len: 0
2018.08.23 16:18:23 5: vallox_login: AddToQueue adds type get01 to URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, no data, header X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0, retry 0
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie _csrf with path  and Value s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY (key _csrf;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie _csrfToken with path  and Value j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws (key _csrfToken;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxx)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie lang with path  and Value en (key lang;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is adding Cookie header: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws; lang=en
2018.08.23 16:18:23 4: vallox_login: HandleSendQueue sends request type get01 to URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, No Data,
header: X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws; lang=en
timeout 2
2018.08.23 16:18:23 5: HttpUtils url=https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2018.08.23 16:18:23 5: HttpUtils request header:
GET /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412 HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

2018.08.23 16:18:23 4: https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxx?cb=1490179044412: HTTP response code 302
2018.08.23 16:18:23 4: HttpUtils https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:23 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:23 5: HttpUtils request header:
GET / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

2018.08.23 16:18:23 4: https://cloud.vallox.com:443/: HTTP response code 200
2018.08.23 16:18:23 5: HttpUtils https://cloud.vallox.com:443/: Got data, length: 4169
2018.08.23 16:18:23 5: HttpUtils response header:
HTTP/1.1 200 OK
Set-Cookie: lang=en; Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:24 GMT
Set-Cookie: _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; Path=/
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"1049-MfCJK8GFZUV/rfWyN777Iw"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 23 Aug 2018 14:18:24 GMT
Connection: close
Transfer-Encoding: chunked
2018.08.23 16:18:23 4: vallox_login: Read callback: request type was get01 retry 0,
Body: <!DOCTYPE html><html ng-app="CloudApp"><head><title>MyVallox Cloud</title><!--   Created by ilkka.salminen on 23/09/14.--><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet" href="/layouts/core.min.css?undefined"><!--link(rel='stylesheet', href='/layouts/core.css?#{cacheBreaker}')--><link rel="stylesheet" href="/views/index.min.css?undefined"></head><body><!--Created by ilkka.salminen on 26/09/14.--><div class="header"><div class="row"><div class="logo-always"><img src="/media/logo.png"></div></div></div><div class="main-content"><div class="section demo-area"><div class="row middle"><div class="col-xs-6"><p>Try demo version of MyVallox Cloud</p></div><div class="col-xs-6"><a href="https://cloud.vallox.com:8080/" class="btn btn-block btn-primary">Demo</a></div></div></div><div class="main-image"><div id="main-carousel" data-ride="carousel" class="carousel slide"><ol class="carousel-indicators"><li data-target="#main-carousel" data-slide-to="0" class="active"></li><li data-target="#main-carousel" data-slide-to="1"></li><li data-target="#main-carousel" data-slide-to="2"></li></ol><div role="listbox" class="carousel-inner"><div class="item active"><img src="/media/MyValloxKuvakaruselliKuvatPlain.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>EASY VENTILATION CONTROL</h3>Register your MyVallox ventilation unit with the cloud service and control the ventilation of your home anywhere</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain2.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>HOME OF FRESH AIR</h3>Vallox keeps the indoor air fresh and pure</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain3.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>GOOD VENTILATION IS AN INVESTMENT IN WELL-BEING</h3>and the best insurance for your home</div></div></div></div></div><!--#mobile-titleimageimg(src='/media/MyValloxKuvakaruselliKuvatPlain3.jpg')--></div><div ng-controller="loginController" ng-keypress="enterKey($event)" class="login-area section"><h1>Log in</h1><div ng-show="errors" ng-repeat="error in errors" class="alerts"><div class="alert alert-danger alert-dismissable"><button type="button" data-dismiss="alert" class="close">&times;</button>{{error}}</div></div><form><div class="row"><div class="email-input col-sm-5"><input type="email" placeholder="Email" ng-model="email"></div><div class="password-input col-sm-5"><input type="password" placeholder="Password" ng-model="password"></div><div class="login-buttons col-sm-2"><div class="login-button"><div class="button"><button type="submit" ng-click="login()" class="btn btn-block btn-primary">Log in</button></div></div></div></div></form><div class="extra-row"><a href="/login/forgot/">Forgot your password?</a></div></div><div class="firmware section"><h1>Latest firmware</h1><div class="row"><div class="col-xs-1">v1.8.5</div><div class="col-xs-4"><a href="http://cloud.vallox.com/changelog.txt" target="_blank">Firmware change log</a></div><div class="col-xs-4"><!--a(href='http://cloud.vallox.com/instructions.txt', target="_blank") #{strings.firmware_instructions_link}--></div><div class="col-xs-3"><a href="http://cloud.vallox.com/HSWUPD.BIN" class="btn btn-block btn-primary">Download</a></div></div></div></div><div class="clearfix"></div><!--#debug--><!--Created by ilkka.salminen on 03/02/15.--><div class="cloud-footer"><div class="footer-logo"><img src="/media/logo_sq.png" alt="logo" class="img-responsive"></div><div class="footer-content"><div class="row"><div class="about col-sm-4"><a href="http://www.vallox.com/" target="_blank">About Vallox</a><br><a href="http://www.vallox.com/" target="_blank">Help</a></div><div class="legal col-sm-4"><a href="/terms">Terms and conditions</a><br><a href="/privacy">Privacy policy</a></div><div class="copyright col-sm-4">&copy; Vallox 2018</div></div></div></div><script src="/layouts/core.min.js"></script><script src="/views/backend.js"></script><script src="/views/index.js"></script><script src="/vendor/bootstrap/js/carousel.js"></script></body></html>
2018.08.23 16:18:23 5: vallox_login: GetCookies is looking for Cookies
2018.08.23 16:18:23 4: vallox_login: GetCookies parsed Cookie: lang Wert en Rest Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:24 GMT
2018.08.23 16:18:23 4: vallox_login: GetCookies parsed Cookie: _csrfToken Wert IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM Rest Path=/
2018.08.23 16:18:23 5: vallox_login: ExtractSid called, context get, num 01
2018.08.23 16:18:23 5: vallox_login: CheckAuth is checking buffer with ReAuthRegex loginController
2018.08.23 16:18:23 4: vallox_login: CheckAuth decided new authentication required
2018.08.23 16:18:23 4: vallox_login: Auth called with Steps: 1
2018.08.23 16:18:23 4: vallox_login: AddToQueue adds auth1, initial queue len: 0, prio
2018.08.23 16:18:23 5: vallox_login: AddToQueue prepends type auth1 to URL https://cloud.vallox.com/login, data username=xxxxxxxxx&password=xxxxxxxx, header Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid, retry 0
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie _csrf with path  and Value s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY (key _csrf;, destination path is /login)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie _csrfToken with path  and Value IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM (key _csrfToken;, destination path is /login)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie lang with path  and Value en (key lang;, destination path is /login)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is adding Cookie header: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
2018.08.23 16:18:23 4: vallox_login: HandleSendQueue sends request type auth1 to URL https://cloud.vallox.com/login,
data: username=xxxxxxxxxx&password=xxxxxxx,
header: Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
timeout 2
2018.08.23 16:18:23 5: HttpUtils url=https://cloud.vallox.com/login
2018.08.23 16:18:23 4: vallox_login: AddToQueue adds get01, initial queue len: 0
2018.08.23 16:18:23 5: vallox_login: AddToQueue adds type get01 to URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, no data, header X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0, retry 1
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue - still waiting for reply to last request, delay sending from queue
2018.08.23 16:18:23 4: vallox_login: CheckAuth requeued request get01 after auth, retryCount 0 ...
2018.08.23 16:18:23 5: HttpUtils request header:
POST /login HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45

2018.08.23 16:18:23 4: https://cloud.vallox.com/login: HTTP response code 302
2018.08.23 16:18:23 4: HttpUtils https://cloud.vallox.com/login: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:23 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45

2018.08.23 16:18:24 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:24 4: HttpUtils https://cloud.vallox.com:443/: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45

2018.08.23 16:18:24 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:24 4: HttpUtils https://cloud.vallox.com:443/: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45

2018.08.23 16:18:24 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:24 4: HttpUtils https://cloud.vallox.com:443/: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45

2018.08.23 16:18:24 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:24 5: vallox_login: HandleSendQueue - still waiting for reply to last request, delay sending from queue
2018.08.23 16:18:24 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:24 4: HttpUtils https://cloud.vallox.com:443/: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:25 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45

2018.08.23 16:18:25 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:25 3: vallox_login: Read callback: Error: https://cloud.vallox.com:443/: Too many redirects
2018.08.23 16:18:25 4: vallox_login: Read callback: request type was auth1 retry 0, body empty
2018.08.23 16:18:25 5: vallox_login: GetCookies is looking for Cookies
2018.08.23 16:18:25 4: vallox_login: GetCookies parsed Cookie: _csrf Wert s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw Rest Path=/
2018.08.23 16:18:25 5: vallox_login: ExtractSid called, context sid, num 1
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue is using Cookie _csrf with path  and Value s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw (key _csrf;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412)
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue is using Cookie _csrfToken with path  and Value IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM (key _csrfToken;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue is using Cookie lang with path  and Value en (key lang;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412)
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue is adding Cookie header: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
2018.08.23 16:18:25 4: vallox_login: HandleSendQueue sends request type get01 to URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxx, No Data,
header: X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
timeout 2
2018.08.23 16:18:25 5: HttpUtils url=https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412
2018.08.23 16:18:26 5: HttpUtils request header:
GET /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

2018.08.23 16:18:26 4: https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412: HTTP response code 302
2018.08.23 16:18:26 4: HttpUtils https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxx?cb=1490179044412: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:26 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:26 5: HttpUtils request header:
GET / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

2018.08.23 16:18:26 4: https://cloud.vallox.com:443/: HTTP response code 200
2018.08.23 16:18:26 5: HttpUtils https://cloud.vallox.com:443/: Got data, length: 4169
2018.08.23 16:18:26 5: HttpUtils response header:
HTTP/1.1 200 OK
Set-Cookie: lang=en; Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:27 GMT
Set-Cookie: _csrfToken=Whh40DDR-cGLNq5hTqkOtXKcWQJRwpH0pxZo; Path=/
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"1049-MfCJK8GFZUV/rfWyN777Iw"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 23 Aug 2018 14:18:27 GMT
Connection: close
Transfer-Encoding: chunked
2018.08.23 16:18:26 4: vallox_login: Read callback: request type was get01 retry 1,
Body: <!DOCTYPE html><html ng-app="CloudApp"><head><title>MyVallox Cloud</title><!--   Created by ilkka.salminen on 23/09/14.--><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet" href="/layouts/core.min.css?undefined"><!--link(rel='stylesheet', href='/layouts/core.css?#{cacheBreaker}')--><link rel="stylesheet" href="/views/index.min.css?undefined"></head><body><!--Created by ilkka.salminen on 26/09/14.--><div class="header"><div class="row"><div class="logo-always"><img src="/media/logo.png"></div></div></div><div class="main-content"><div class="section demo-area"><div class="row middle"><div class="col-xs-6"><p>Try demo version of MyVallox Cloud</p></div><div class="col-xs-6"><a href="https://cloud.vallox.com:8080/" class="btn btn-block btn-primary">Demo</a></div></div></div><div class="main-image"><div id="main-carousel" data-ride="carousel" class="carousel slide"><ol class="carousel-indicators"><li data-target="#main-carousel" data-slide-to="0" class="active"></li><li data-target="#main-carousel" data-slide-to="1"></li><li data-target="#main-carousel" data-slide-to="2"></li></ol><div role="listbox" class="carousel-inner"><div class="item active"><img src="/media/MyValloxKuvakaruselliKuvatPlain.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>EASY VENTILATION CONTROL</h3>Register your MyVallox ventilation unit with the cloud service and control the ventilation of your home anywhere</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain2.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>HOME OF FRESH AIR</h3>Vallox keeps the indoor air fresh and pure</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain3.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>GOOD VENTILATION IS AN INVESTMENT IN WELL-BEING</h3>and the best insurance for your home</div></div></div></div></div><!--#mobile-titleimageimg(src='/media/MyValloxKuvakaruselliKuvatPlain3.jpg')--></div><div ng-controller="loginController" ng-keypress="enterKey($event)" class="login-area section"><h1>Log in</h1><div ng-show="errors" ng-repeat="error in errors" class="alerts"><div class="alert alert-danger alert-dismissable"><button type="button" data-dismiss="alert" class="close">&times;</button>{{error}}</div></div><form><div class="row"><div class="email-input col-sm-5"><input type="email" placeholder="Email" ng-model="email"></div><div class="password-input col-sm-5"><input type="password" placeholder="Password" ng-model="password"></div><div class="login-buttons col-sm-2"><div class="login-button"><div class="button"><button type="submit" ng-click="login()" class="btn btn-block btn-primary">Log in</button></div></div></div></div></form><div class="extra-row"><a href="/login/forgot/">Forgot your password?</a></div></div><div class="firmware section"><h1>Latest firmware</h1><div class="row"><div class="col-xs-1">v1.8.5</div><div class="col-xs-4"><a href="http://cloud.vallox.com/changelog.txt" target="_blank">Firmware change log</a></div><div class="col-xs-4"><!--a(href='http://cloud.vallox.com/instructions.txt', target="_blank") #{strings.firmware_instructions_link}--></div><div class="col-xs-3"><a href="http://cloud.vallox.com/HSWUPD.BIN" class="btn btn-block btn-primary">Download</a></div></div></div></div><div class="clearfix"></div><!--#debug--><!--Created by ilkka.salminen on 03/02/15.--><div class="cloud-footer"><div class="footer-logo"><img src="/media/logo_sq.png" alt="logo" class="img-responsive"></div><div class="footer-content"><div class="row"><div class="about col-sm-4"><a href="http://www.vallox.com/" target="_blank">About Vallox</a><br><a href="http://www.vallox.com/" target="_blank">Help</a></div><div class="legal col-sm-4"><a href="/terms">Terms and conditions</a><br><a href="/privacy">Privacy policy</a></div><div class="copyright col-sm-4">&copy; Vallox 2018</div></div></div></div><script src="/layouts/core.min.js"></script><script src="/views/backend.js"></script><script src="/views/index.js"></script><script src="/vendor/bootstrap/js/carousel.js"></script></body></html>
2018.08.23 16:18:26 5: vallox_login: GetCookies is looking for Cookies
2018.08.23 16:18:26 4: vallox_login: GetCookies parsed Cookie: lang Wert en Rest Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:27 GMT
2018.08.23 16:18:26 4: vallox_login: GetCookies parsed Cookie: _csrfToken Wert Whh40DDR-cGLNq5hTqkOtXKcWQJRwpH0pxZo Rest Path=/
2018.08.23 16:18:26 5: vallox_login: ExtractSid called, context get, num 01
2018.08.23 16:18:26 5: vallox_login: CheckAuth is checking buffer with ReAuthRegex loginController
2018.08.23 16:18:26 4: vallox_login: CheckAuth decided new authentication required
2018.08.23 16:18:26 4: vallox_login: Authentication still required but no retries left - did last authentication fail?
2018.08.23 16:18:26 5: vallox_login: ExtractReading for context get, num 01 - no individual parse definition
2018.08.23 16:18:26 5: vallox_login: Read starts parsing response to get01 with defined readings: 01
2018.08.23 16:18:26 5: vallox_login: ExtractReading _csrfToken with regex /(?<=_csrfToken=).*(?=;/...
2018.08.23 16:18:26 5: vallox_login: ExtractReading _csrfToken did not match
2018.08.23 16:18:26 3: vallox_login: Read response to get01 didn't match any Reading
2018.08.23 16:18:26 5: vallox_login: HandleSendQueue called, qlen = 0



Was mir nun nicht so klar ist, ist das Handschake bei der Anmeldung mit den Token und der sid. In der Config habe ich versucht die sid in "sid1Header8 Cookie: connect.sid=$sid" einzusetzen, wie ich es in Burp mitgeschnitten haben. Jedoch wird $sid nicht ersetzt.

Ein weiterer Test ist ein reading für ein Token:

 reading01Name _csrfToken
 reading01Regex (?<=_csrfToken=).*(?=;)

Das wird allerdings nicht gefunden und ich weiß nicht ob man auch aus dem Header lesen kann?
Die Regex habe ich online getestet und liefert das gewünschte Ergebnis.

In einem parrallelen Test mit curl, aus Burp generiert, habe ich bereits herausbekommen, dass die Meldungen im httpbody erscheinen, sobald das Login fehlschlägt. Dies ist der Fall, sobald die sid im curl Aufruf entfern wurde. Beim Test habe ich natürlich immer stückweise Token und sid entfernt, bis es nicht mehr ging :-)

Ein Beispiel:

gut
curl -i -s -k  -X $'POST'     -H $'Host: cloud.vallox.com' -H $'User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0' -H $'Accept: application/json, text/plain, */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'X-XSRF-TOKEN: V9h5z3ND-n2W0OxnxsS1mCDEp4I-DnJvvN0w' -H $'Referer: https://cloud.vallox.com/' -H $'Content-Length: 45' -H $'Cookie: lang=de; _csrf=s%3ARKngiocWzDWFWVUUxHB3bN9S.TKzzSSHJTHy2%2B0aeDT9VpgidMbnAu9QlCYOfsHo%2F4Q0; _csrfToken=V9h5z3ND-n2W0OxnxsS1mCDEp4I-DnJvvN0w; connect.sid=s%3AOIwxYChbyViDwoNZpmLxOwTVAliX5LWq.ywEegvaXmOyGuRwpgGZqqUIsQQqqH9gxDsxVOgeg0k4' -H $'Connection: close'    --data-binary $'username=xxxxxxxxxx&password=xxxxxxx'     $'https://cloud.vallox.com/login'


HTTP/1.1 200 OK
Vary: X-HTTP-Method-Override, Accept-Encoding
set-cookie: lang=de; Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 15:13:20 GMT
set-cookie: _csrfToken=Upc1ygWY-N5qS_FSM5kv-IsFsw21DHx9BnI4; Path=/
set-cookie: connect.sid=s%3Awrx0PXEAcykcPGEr-p5JoSOV0C1hmKwB.QajtZCpLK8bC7seDzHx47StdOmiyVCBP7k1SbfBIxP4; Path=/; HttpOnly
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 74
ETag: W/"4a-iFjmKaXUGUWpK3TUuWr9AQ"
Date: Thu, 23 Aug 2018 15:13:20 GMT
Connection: close

{"success":true,"errors":[],"errfor":{},"message":"","nexturl":"/account"}


schlecht
curl -i -s -k  -X $'POST'     -H $'Host: cloud.vallox.com' -H $'User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0' -H $'Accept: application/json, text/plain, */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'Referer: https://cloud.vallox.com/' -H $'Content-Length: 45' -H $'Connection: close'    --data-binary $'username=xxxxxxxxx&password=xxxxxxxxxxxx'     $'https://cloud.vallox.com/login'


HTTP/1.1 302 Found
Vary: X-HTTP-Method-Override, Accept, Accept-Encoding
set-cookie: _csrf=s%3AquIQ0ak4KrP1nBqEs54Ac7iV.PnvU6spHm5bj6rJuJd%2BxTXiDDYDh8GIZS6Y8XNlYgps; Path=/
Location: /
Content-Type: text/plain; charset=utf-8
Content-Length: 23
Date: Thu, 23 Aug 2018 15:09:34 GMT
Connection: close

Found. Redirecting to /



Nun meine Bitte an Euch mir reichlich Futter zu schicken. Jede Idee ist willkommen.

Viele Grüße
     Christian
« Letzte Änderung: 23 August 2018, 17:19:24 von ch.eick »
FHEM unter Solaris 11.3 nonglobal Zone zum Testen.
Raspberry PI 2; CUNX; Eltako FSB61NP_230V; 230V zentral verschaltet; fronthem; fhem/ftui; SmartVisu

Offline StefanStrobel

  • Developer
  • Sr. Member
  • ****
  • Beiträge: 979
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #461 am: 24 August 2018, 23:48:35 »
Hallo,

Hast Du diesen Thread verfolgt?
https://forum.fhem.de/index.php/topic,68452.45.html

Auch bei Dir enthält die erste Response einen Refirect.
Mit Deiner Konfiguration verfolgt HttpUtils den sofort und vergisst dabei die Cookies.

Mit enableRedirects übernimmt HTTPMOD die Verfolgung der Redirects...

Gruß
   Stefan

Offline ch.eick

  • New Member
  • *
  • Beiträge: 41
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #462 am: 27 August 2018, 16:56:07 »
Hallo Stefan,
vielen dank für die schnelle Rückmeldung.

Ich habe noch mal vereinfacht neu angefangen. Den Thread hatte ich auch schon gelesen und handleRedirects auf 1 gesetzt.

Um nichts an Meldungen zu verpassen steht nun:
enableCookies 1
handleRedirects 1
showBody   1
showError  1
verbose    5

Laut Burp ist es HTTP 1.1 und mit curl habe ich gesehen, dass auch chunked responces kommen. Doch das kommt erst nach dem login :-)

Habe ich denn die aktuellste HTTPMOD Version? 3.5.1 - 5.7.2018


Internals:
   BUSY       0
   CFGFN     
   CHANGED   
   DEF        https://cloud.vallox.com/ 0
   Interval   0
   LASTSEND   1535372037.72493
   LastAuthTry 2018-08-27 14:13:56
   MainURL    https://cloud.vallox.com/
   ModuleVersion 3.5.1 - 5.7.2018
   NAME       vallox_login
   NR         7286
   STATE      ???
   TRIGGERTIME 0
   TRIGGERTIME_FMT
   TYPE       HTTPMOD
   addr       https://cloud.vallox.com:443
   auth       0
   buf       
   code       200
   compress   1
   conn       
   data       
   displayurl https://cloud.vallox.com:443/
   header     Cookie: _csrf=s%3AOaUxgpbve2YbFScXdRtCaIdu.NohThlo2%2B2PhvrTi7NZEJ1ZUCxipzLxYRZ4yaImJlfc; _csrfToken=MBNGnJD7-yudtMHhGAOoZoVyYqZCcsCi8MDk; connect.sid=s%3Av8td9QGetunZ7pKbnHa5SvM4cxyGYVwb.M8OyQKPntIloz9ixO2nqDvFQha8oE1UykbLyln9Okjw; lang=en
   host       cloud.vallox.com

   httpbody   <!DOCTYPE html>

snip   hier habe ich einiges weg gelassen

<div ng-controller="loginController" ng-keypress="enterKey($event)" class="login-area section">

snip     im fhem erkennt das HTTPMOD anhand des "loginController" mit "reAuthRegex loginController" das ein Login notwendig ist.

</body></html>



   httpheader HTTP/1.1 200 OK
Set-Cookie: lang=en; Max-Age=604800; Path=/; Expires=Mon, 03 Sep 2018 12:13:58 GMT
Set-Cookie: _csrfToken=deiJaiUR-vCAzfzZEFsahusLCYa3lcQqfxVs; Path=/
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"1049-MfCJK8GFZUV/rfWyN777Iw"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 27 Aug 2018 12:13:58 GMT
Connection: close
Transfer-Encoding: chunked
   httpversion 1.1
   hu_blocking 0
   hu_filecount 23
   hu_port    443
   hu_portSfx
   ignoreredirects 1
   loglevel   4
   path       /
   protocol   https
   redirects  0
   timeout    2
   url        https://cloud.vallox.com:443/
   value      0
   HTTPCookieHash:
     _csrf;:
       Name       _csrf
       Options    Path=/
       Path       
       Value      s%3AOaUxgpbve2YbFScXdRtCaIdu.NohThlo2%2B2PhvrTi7NZEJ1ZUCxipzLxYRZ4yaImJlfc
     _csrfToken;:
       Name       _csrfToken
       Options    Path=/
       Path       
       Value      deiJaiUR-vCAzfzZEFsahusLCYa3lcQqfxVs
     connect.sid;:
       Name       connect.sid
       Options    Path=/; HttpOnly
       Path       
       Value      s%3Av8td9QGetunZ7pKbnHa5SvM4cxyGYVwb.M8OyQKPntIloz9ixO2nqDvFQha8oE1UykbLyln9Okjw
     lang;:
       Name       lang
       Options    Max-Age=604800; Path=/; Expires=Mon, 03 Sep 2018 12:13:58 GMT
       Path       
       Value      en
   QUEUE:
   READINGS:
     2018-08-27 14:07:48   LAST_ERROR     
   REQUEST:
     data       
     header     
     ignoreredirects 0
     retryCount 1
     type       get01
     url        https://cloud.vallox.com:443/
     value      0
   sslargs:
Attributes:
   enableCookies 1
   get01Name  Mainpage
   get01URL   https://cloud.vallox.com/account
   handleRedirects 1
   httpVersion 1.1
   reAuthRegex loginController
   room       Heizung
   showBody   1
   showError  1
   sid1Data   username=xxxxxx&password=xxxxxx
   sid1Header1 Referer: https://cloud.vallox.com/
   sid1URL    https://cloud.vallox.com/login
   userattr   get01Header1 get01Header2 get01Name get01URL sid1Data sid1Header1 sid1URL
   verbose    5

Nun der Ablauf:

Mit "get vallox_login Mainpage" wird ein get request aufgebaut:
   get01Name  Mainpage
   get01URL   https://cloud.vallox.com/account

GET /account HTTP/1.1
Host: cloud.vallox.com
User-Agent: fhem
Accept-Encoding: gzip,deflate
Connection: Close
Cookie: _csrf=s%3AOaUxgpbve2YbFScXdRtCaIdu.NohThlo2%2B2PhvrTi7NZEJ1ZUCxipzLxYRZ4yaImJlfc; _csrfToken=WEiHEClx-jySsHTrb7_gLagMGRp6hltHofNM; connect.sid=s%3AROx66EIZo5KeIWI2PYpjrJ-EUo7z9xMC.hu%2BCuZn%2B20rwWE%2F2YNGPeV0TOSllc5NLLu0si2T0Qqw; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

Okay, hierbei wird auch das connect.sid was vom Server (von vorherigen Aufrufen) gekommen ist verwendet.

Laut Burp kommt nun folgendes zurück:

HTTP/1.1 304 Not Modified
Set-Cookie: lang=de; Max-Age=604800; Path=/; Expires=Mon, 03 Sep 2018 14:31:06 GMT
Set-Cookie: _csrfToken=DS4bB4I0-cmHBs_oehsWGyPHaYZB8Tm_ZmpQ; Path=/
X-Frame-Options: DENY
X-Powered-By: Express
ETag: W/"1094-IK6HSXKdy3yHfjMuTX/Riw"            <<<<<<<<<<<<<<<<
Date: Mon, 27 Aug 2018 14:31:06 GMT
Connection: close

Dann soll folgendes geschickt werden:

POST /login HTTP/1.1
Host: cloud.vallox.com
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-XSRF-TOKEN: eyfC6EWh-Jq2ABTTh-qES4hoC9GZOtrEIpKE               <<<<<<<<<<<<<<<<
Referer: https://cloud.vallox.com/
Content-Length: 45
Cookie: lang=de; _csrf=s%3AuWR2FejFc51ft0qA6plqHlGa.56%2FCjEQDRe2t9O62NuIOTCGU6%2FnNfkWD5Wz1eESaxu0; _csrfToken=eyfC6EWh-Jq2ABTTh-qES4hoC9GZOtrEIpKE; connect.sid=s%3Aewmh0nPBNx7Iz6FGZjosv32JzC9s9J4g.vbxzAe8Buvrm01XXgFTLMywVjFHEXRcW6siXC4dCHIM
Connection: close

username=xxxxxxxx&password=xxxxxx

Der web Server sagt alles gut :-) und die connect.sid bleibt die selbe.

HTTP/1.1 200 OK
Vary: X-HTTP-Method-Override, Accept-Encoding
set-cookie: lang=de; Max-Age=604800; Path=/; Expires=Mon, 03 Sep 2018 14:32:49 GMT
set-cookie: _csrfToken=9PgKgdeQ-b4MrmBWgH53UaQmZRgTgtBlbwfU; Path=/
set-cookie: connect.sid=s%3Aewmh0nPBNx7Iz6FGZjosv32JzC9s9J4g.vbxzAe8Buvrm01XXgFTLMywVjFHEXRcW6siXC4dCHIM; Path=/; HttpOnly
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 74
ETag: W/"4a-iFjmKaXUGUWpK3TUuWr9AQ"              <<<<<<<<<<<<<<<<
Date: Mon, 27 Aug 2018 14:32:50 GMT
Connection: close

{[b]"success":true,[/b]"errors":[],"errfor":{},"message":"","nexturl":"/account"}

Danach erfolgt wieder ein get request, diesmal auf /account:

GET /account HTTP/1.1
Host: cloud.vallox.com
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,text/csv;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://cloud.vallox.com/
Cookie: lang=de; _csrf=s%3AuWR2FejFc51ft0qA6plqHlGa.56%2FCjEQDRe2t9O62NuIOTCGU6%2FnNfkWD5Wz1eESaxu0; _csrfToken=TmD2GWze-eFVcnFD1vsLbwlN2ha9HoguarlQ; connect.sid=s%3Aewmh0nPBNx7Iz6FGZjosv32JzC9s9J4g.vbxzAe8Buvrm01XXgFTLMywVjFHEXRcW6siXC4dCHIM
Connection: close
Upgrade-Insecure-Requests: 1
If-None-Match: W/"17ff-MGoVRRM3HoEkqWe9T+bqaA"             <<<<<<<<<<<<<<<<

Und die Antwort:

HTTP/1.1 304 Not Modified
set-cookie: lang=de; Max-Age=604800; Path=/; Expires=Mon, 03 Sep 2018 14:32:50 GMT
set-cookie: _csrfToken=gumr2doN-EouALCxY2HcoYaouHhnvenuLIR8; Path=/
set-cookie: connect.sid=s%3Aewmh0nPBNx7Iz6FGZjosv32JzC9s9J4g.vbxzAe8Buvrm01XXgFTLMywVjFHEXRcW6siXC4dCHIM; Path=/; HttpOnly
X-Frame-Options: DENY
X-Powered-By: Express
ETag: W/"17ff-MGoVRRM3HoEkqWe9T+bqaA"            <<<<<<<<<<<<<<<<
Date: Mon, 27 Aug 2018 14:32:50 GMT
Connection: close

Und so geht es dann weiter. An dieser Stelle kann ich dann erst nach dem Login schauen was man braucht.

Die erste Hürde ist nach wie vor das login. Muss ich für die ETag Header (<<<<<<<<<<<<<<<<) noch etwas specielles machen?
die Cookies werden mit den gestetzten attributen nun anscheinend richtig behandelt und weitergeleitet.

Wie kann ich nun den obigen Burp Trace umsetzen?

Ich bin dann doch etwas überfordert mit den korrekten Einstellungen ;-)

Viele Grüße
      Christian
« Letzte Änderung: 27 August 2018, 17:01:03 von ch.eick »
FHEM unter Solaris 11.3 nonglobal Zone zum Testen.
Raspberry PI 2; CUNX; Eltako FSB61NP_230V; 230V zentral verschaltet; fronthem; fhem/ftui; SmartVisu

Offline StefanStrobel

  • Developer
  • Sr. Member
  • ****
  • Beiträge: 979
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #463 am: 28 August 2018, 17:50:51 »
Hallo Christian,

ich würde zunächst in Burp versuchen den Vorgang nachzubilden. Dazu die relevanten Requests in den Repeater schicken, das Cookie-Handling aktivieren und dann die Requests Schritt für Schritt nochmal schicken. So kannst Du prüfen, wie der Ablauf reproduzierbar ist.
Wenn das einmal geklappt hat, würde ich im Repeater die Requests schrittweise vereinfachen um herauszufinden, welche Header überhaupt nötig sind.
Ich vermute, dass die ETags keine Rolle spielen und entsprechend auch die If-None-Match-Header.

Was Du aber auf jeden Fall abbilden musst, sind die CSRF-Tokens. die würde ich per Regex in Reading auslesen und dann mit Replacements wieder in den nächsten Request einbauen.

Gruss
   Stefan

Offline Camouflage

  • Newbie
  • Beiträge: 1
Antw:Neue Version von HTTPMOD mit neuen Features zum Testen
« Antwort #464 am: 20 September 2018, 13:11:33 »
Hay ich habe eine Frage.

Stand
define test httpmod google.de 600
define testchange notify test set irgendwas

Was ich brauche
define test_status dummy
attr test_status Webcmd on:off

Wie kann ich jetzt ein notify erstellen der test(httpmod) erneut ausführt un den Intervall erneueret
Heist wenn test_status angeschaltet wird; führt er test nochmal aus und führt somit (set irgendwas) aus 
« Letzte Änderung: 20 September 2018, 13:13:36 von Camouflage »

 

decade-submarginal