Hallo zusammen.
Ich hatte schon mal versuche zur Vallox Cloud unternommen und auch gesehen, dass es anklang gefunden hat. Vielen dank dafür.
Nachdem ich nun fhem wieder aktualisiert habe wollte ich meine Versuche nun fortsetzen. Ich denke es ist noch keinem gelungen mit dem httpmod in die Vallox Cloud zu kommen. Für mich scheind es etwas mit der Session Id (sid) zu tun zu haben, jedoch bin ich mir nicht sicher.
Mein erster Versuch war damalz zu komplex, da ich dachte ich wäre im Login weiter, jedoch war das nur eine Wechselwirkung mit den parralellen curl versuchen und das Kopieren von Schlüsseln aus dem Burp Mitschnitt.
Meine Login Config sieht wie folgt aus:
list vallox_login
Internals:
BUSY 0
CHANGED
DEF https://cloud.vallox.com:443/login 0
Interval 0
LASTSEND 1535033905.89712
LastAuthTry 2018-08-23 16:18:23
MainURL https://cloud.vallox.com:443/login
ModuleVersion 3.5.1 - 5.7.2018
NAME vallox_login
NR 189
STATE https://cloud.vallox.com:443/: Too many redirects
TRIGGERTIME 0
TRIGGERTIME_FMT
TYPE HTTPMOD
addr https://cloud.vallox.com:443
auth 0
buf
code 200
compress 1
conn
data
displayurl https://cloud.vallox.com:443/
header X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
host cloud.vallox.com
httpbody <!DOCTYPE html><html ng-app="CloudApp"><head><title>MyVallox Cloud</title><!-- Created by ilkka.salminen on 23/09/14.--><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet" href="/layouts/core.min.css?undefined"><!--link(rel='stylesheet', href='/layouts/core.css?#{cacheBreaker}')--><link rel="stylesheet" href="/views/index.min.css?undefined"></head><body><!--Created by ilkka.salminen on 26/09/14.--><div class="header"><div class="row"><div class="logo-always"><img src="/media/logo.png"></div></div></div><div class="main-content"><div class="section demo-area"><div class="row middle"><div class="col-xs-6"><p>Try demo version of MyVallox Cloud</p></div><div class="col-xs-6"><a href="https://cloud.vallox.com:8080/" class="btn btn-block btn-primary">Demo</a></div></div></div><div class="main-image"><div id="main-carousel" data-ride="carousel" class="carousel slide"><ol class="carousel-indicators"><li data-target="#main-carousel" data-slide-to="0" class="active"></li><li data-target="#main-carousel" data-slide-to="1"></li><li data-target="#main-carousel" data-slide-to="2"></li></ol><div role="listbox" class="carousel-inner"><div class="item active"><img src="/media/MyValloxKuvakaruselliKuvatPlain.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>EASY VENTILATION CONTROL</h3>Register your MyVallox ventilation unit with the cloud service and control the ventilation of your home anywhere</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain2.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>HOME OF FRESH AIR</h3>Vallox keeps the indoor air fresh and pure</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain3.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>GOOD VENTILATION IS AN INVESTMENT IN WELL-BEING</h3>and the best insurance for your home</div></div></div></div></div><!--#mobile-titleimageimg(src='/media/MyValloxKuvakaruselliKuvatPlain3.jpg')--></div><div ng-controller="loginController" ng-keypress="enterKey($event)" class="login-area section"><h1>Log in</h1><div ng-show="errors" ng-repeat="error in errors" class="alerts"><div class="alert alert-danger alert-dismissable"><button type="button" data-dismiss="alert" class="close">×</button>{{error}}</div></div><form><div class="row"><div class="email-input col-sm-5"><input type="email" placeholder="Email" ng-model="email"></div><div class="password-input col-sm-5"><input type="password" placeholder="Password" ng-model="password"></div><div class="login-buttons col-sm-2"><div class="login-button"><div class="button"><button type="submit" ng-click="login()" class="btn btn-block btn-primary">Log in</button></div></div></div></div></form><div class="extra-row"><a href="/login/forgot/">Forgot your password?</a></div></div><div class="firmware section"><h1>Latest firmware</h1><div class="row"><div class="col-xs-1">v1.8.5</div><div class="col-xs-4"><a href="http://cloud.vallox.com/changelog.txt" target="_blank">Firmware change log</a></div><div class="col-xs-4"><!--a(href='http://cloud.vallox.com/instructions.txt', target="_blank") #{strings.firmware_instructions_link}--></div><div class="col-xs-3"><a href="http://cloud.vallox.com/HSWUPD.BIN" class="btn btn-block btn-primary">Download</a></div></div></div></div><div class="clearfix"></div><!--#debug--><!--Created by ilkka.salminen on 03/02/15.--><div class="cloud-footer"><div class="footer-logo"><img src="/media/logo_sq.png" alt="logo" class="img-responsive"></div><div class="footer-content"><div class="row"><div class="about col-sm-4"><a href="http://www.vallox.com/" target="_blank">About Vallox</a><br><a href="http://www.vallox.com/" target="_blank">Help</a></div><div class="legal col-sm-4"><a href="/terms">Terms and conditions</a><br><a href="/privacy">Privacy policy</a></div><div class="copyright col-sm-4">© Vallox 2018</div></div></div></div><script src="/layouts/core.min.js"></script><script src="/views/backend.js"></script><script src="/views/index.js"></script><script src="/vendor/bootstrap/js/carousel.js"></script></body></html>
httpheader HTTP/1.1 200 OK
Set-Cookie: lang=en; Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:27 GMT
Set-Cookie: _csrfToken=Whh40DDR-cGLNq5hTqkOtXKcWQJRwpH0pxZo; Path=/
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"1049-MfCJK8GFZUV/rfWyN777Iw"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 23 Aug 2018 14:18:27 GMT
Connection: close
Transfer-Encoding: chunked
httpversion 1.1
hu_blocking 0
hu_filecount 144
hu_port 443
hu_portSfx
ignoreredirects 0
loglevel 4
path /
protocol https
redirects 1
timeout 2
url https://cloud.vallox.com:443/
value 0
HTTPCookieHash:
_csrf;:
Name _csrf
Options Path=/
Path
Value s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw
_csrfToken;:
Name _csrfToken
Options Path=/
Path
Value Whh40DDR-cGLNq5hTqkOtXKcWQJRwpH0pxZo
lang;:
Name lang
Options Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:27 GMT
Path
Value en
OLDREADINGS:
QUEUE:
READINGS:
2018-08-23 16:18:25 LAST_ERROR https://cloud.vallox.com:443/: Too many redirects
REQUEST:
data
header X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
ignoreredirects 0
retryCount 1
type get01
url https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412
value 0
defptr:
readingBase:
_csrfToken reading
readingNum:
_csrfToken 01
readingOutdated:
requestReadings:
get01:
_csrfToken reading 01
sslargs:
Attributes:
enableCookies 1
get01Name KWL_Status
get01URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412
getHeader1 X-Requested-With: XMLHttpRequest
getHeader2 Accept: application/json, text/javascript, */*; q=0.01
getHeader3 Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
getHeader4 DNT: 1
getHeader5 Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
getHeader6 User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
httpVersion 1.1
reAuthRegex loginController
reading01Name _csrfToken
reading01Regex (?<=_csrfToken=).*(?=;)
room Heizung
set01Name Login
showBody 1
showError 1
sid1Data username=xxxxxxxxxx&password=xxxxxxxx
sid1Header1 Accept: application/json, text/plain, */*
sid1Header2 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
sid1Header3 Accept-Language: en-US,en;q=0.5
sid1Header4 Referer: https://cloud.vallox.com/
sid1Header5 Accept-Encoding: gzip, deflate
sid1Header6 Connection: close
sid1Header7 User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
sid1Header8 Cookie: connect.sid=$sid
sid1URL https://cloud.vallox.com/login
stateFormat LAST_ERROR
timeout 2
userattr get01CheckAllReadings:0,1 get01Data get01Header3 get01Name get01URL getHeader1 getHeader2 getHeader3 getHeader4 getHeader5 getHeader6 getHeader7 reading01Name reading01Regex reading02Name reading02Regex set01Data set01Header1 set01Name set01URL setHeader1 setHeader2 setHeader3 setHeader4 setHeader5 setHeader6 setURL sid1Data sid1Header1 sid1Header2 sid1Header3 sid1Header4 sid1Header5 sid1Header6 sid1Header7 sid1Header8 sid1URL
verbose 5
Und hier kommt das kommentierte Log mit Verbose 5
2018.08.23 16:18:22 5: vallox_login: get called with KWL_Status
2018.08.23 16:18:22 5: vallox_login: get found option KWL_Status in attribute get01Name
2018.08.23 16:18:22 4: vallox_login: get will now request KWL_Status, no optional value
2018.08.23 16:18:22 4: vallox_login: AddToQueue adds get01, initial queue len: 0
2018.08.23 16:18:23 5: vallox_login: AddToQueue adds type get01 to URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, no data, header X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0, retry 0
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie _csrf with path and Value s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY (key _csrf;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie _csrfToken with path and Value j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws (key _csrfToken;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxx)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie lang with path and Value en (key lang;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is adding Cookie header: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws; lang=en
2018.08.23 16:18:23 4: vallox_login: HandleSendQueue sends request type get01 to URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, No Data,
header: X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws; lang=en
timeout 2
2018.08.23 16:18:23 5: HttpUtils url=https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2018.08.23 16:18:23 5: HttpUtils request header:
GET /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412 HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
2018.08.23 16:18:23 4: https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxx?cb=1490179044412: HTTP response code 302
2018.08.23 16:18:23 4: HttpUtils https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:23 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:23 5: HttpUtils request header:
GET / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=j25GUl8k-rNKefC3pXqs2FdWQXklp7S6s_Ws; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
2018.08.23 16:18:23 4: https://cloud.vallox.com:443/: HTTP response code 200
2018.08.23 16:18:23 5: HttpUtils https://cloud.vallox.com:443/: Got data, length: 4169
2018.08.23 16:18:23 5: HttpUtils response header:
HTTP/1.1 200 OK
Set-Cookie: lang=en; Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:24 GMT
Set-Cookie: _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; Path=/
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"1049-MfCJK8GFZUV/rfWyN777Iw"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 23 Aug 2018 14:18:24 GMT
Connection: close
Transfer-Encoding: chunked
2018.08.23 16:18:23 4: vallox_login: Read callback: request type was get01 retry 0,
Body: <!DOCTYPE html><html ng-app="CloudApp"><head><title>MyVallox Cloud</title><!-- Created by ilkka.salminen on 23/09/14.--><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet" href="/layouts/core.min.css?undefined"><!--link(rel='stylesheet', href='/layouts/core.css?#{cacheBreaker}')--><link rel="stylesheet" href="/views/index.min.css?undefined"></head><body><!--Created by ilkka.salminen on 26/09/14.--><div class="header"><div class="row"><div class="logo-always"><img src="/media/logo.png"></div></div></div><div class="main-content"><div class="section demo-area"><div class="row middle"><div class="col-xs-6"><p>Try demo version of MyVallox Cloud</p></div><div class="col-xs-6"><a href="https://cloud.vallox.com:8080/" class="btn btn-block btn-primary">Demo</a></div></div></div><div class="main-image"><div id="main-carousel" data-ride="carousel" class="carousel slide"><ol class="carousel-indicators"><li data-target="#main-carousel" data-slide-to="0" class="active"></li><li data-target="#main-carousel" data-slide-to="1"></li><li data-target="#main-carousel" data-slide-to="2"></li></ol><div role="listbox" class="carousel-inner"><div class="item active"><img src="/media/MyValloxKuvakaruselliKuvatPlain.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>EASY VENTILATION CONTROL</h3>Register your MyVallox ventilation unit with the cloud service and control the ventilation of your home anywhere</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain2.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>HOME OF FRESH AIR</h3>Vallox keeps the indoor air fresh and pure</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain3.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>GOOD VENTILATION IS AN INVESTMENT IN WELL-BEING</h3>and the best insurance for your home</div></div></div></div></div><!--#mobile-titleimageimg(src='/media/MyValloxKuvakaruselliKuvatPlain3.jpg')--></div><div ng-controller="loginController" ng-keypress="enterKey($event)" class="login-area section"><h1>Log in</h1><div ng-show="errors" ng-repeat="error in errors" class="alerts"><div class="alert alert-danger alert-dismissable"><button type="button" data-dismiss="alert" class="close">×</button>{{error}}</div></div><form><div class="row"><div class="email-input col-sm-5"><input type="email" placeholder="Email" ng-model="email"></div><div class="password-input col-sm-5"><input type="password" placeholder="Password" ng-model="password"></div><div class="login-buttons col-sm-2"><div class="login-button"><div class="button"><button type="submit" ng-click="login()" class="btn btn-block btn-primary">Log in</button></div></div></div></div></form><div class="extra-row"><a href="/login/forgot/">Forgot your password?</a></div></div><div class="firmware section"><h1>Latest firmware</h1><div class="row"><div class="col-xs-1">v1.8.5</div><div class="col-xs-4"><a href="http://cloud.vallox.com/changelog.txt" target="_blank">Firmware change log</a></div><div class="col-xs-4"><!--a(href='http://cloud.vallox.com/instructions.txt', target="_blank") #{strings.firmware_instructions_link}--></div><div class="col-xs-3"><a href="http://cloud.vallox.com/HSWUPD.BIN" class="btn btn-block btn-primary">Download</a></div></div></div></div><div class="clearfix"></div><!--#debug--><!--Created by ilkka.salminen on 03/02/15.--><div class="cloud-footer"><div class="footer-logo"><img src="/media/logo_sq.png" alt="logo" class="img-responsive"></div><div class="footer-content"><div class="row"><div class="about col-sm-4"><a href="http://www.vallox.com/" target="_blank">About Vallox</a><br><a href="http://www.vallox.com/" target="_blank">Help</a></div><div class="legal col-sm-4"><a href="/terms">Terms and conditions</a><br><a href="/privacy">Privacy policy</a></div><div class="copyright col-sm-4">© Vallox 2018</div></div></div></div><script src="/layouts/core.min.js"></script><script src="/views/backend.js"></script><script src="/views/index.js"></script><script src="/vendor/bootstrap/js/carousel.js"></script></body></html>
2018.08.23 16:18:23 5: vallox_login: GetCookies is looking for Cookies
2018.08.23 16:18:23 4: vallox_login: GetCookies parsed Cookie: lang Wert en Rest Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:24 GMT
2018.08.23 16:18:23 4: vallox_login: GetCookies parsed Cookie: _csrfToken Wert IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM Rest Path=/
2018.08.23 16:18:23 5: vallox_login: ExtractSid called, context get, num 01
2018.08.23 16:18:23 5: vallox_login: CheckAuth is checking buffer with ReAuthRegex loginController
2018.08.23 16:18:23 4: vallox_login: CheckAuth decided new authentication required
2018.08.23 16:18:23 4: vallox_login: Auth called with Steps: 1
2018.08.23 16:18:23 4: vallox_login: AddToQueue adds auth1, initial queue len: 0, prio
2018.08.23 16:18:23 5: vallox_login: AddToQueue prepends type auth1 to URL https://cloud.vallox.com/login, data username=xxxxxxxxx&password=xxxxxxxx, header Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid, retry 0
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie _csrf with path and Value s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY (key _csrf;, destination path is /login)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie _csrfToken with path and Value IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM (key _csrfToken;, destination path is /login)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is using Cookie lang with path and Value en (key lang;, destination path is /login)
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue is adding Cookie header: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
2018.08.23 16:18:23 4: vallox_login: HandleSendQueue sends request type auth1 to URL https://cloud.vallox.com/login,
data: username=xxxxxxxxxx&password=xxxxxxx,
header: Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
timeout 2
2018.08.23 16:18:23 5: HttpUtils url=https://cloud.vallox.com/login
2018.08.23 16:18:23 4: vallox_login: AddToQueue adds get01, initial queue len: 0
2018.08.23 16:18:23 5: vallox_login: AddToQueue adds type get01 to URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, no data, header X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0, retry 1
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:23 5: vallox_login: HandleSendQueue - still waiting for reply to last request, delay sending from queue
2018.08.23 16:18:23 4: vallox_login: CheckAuth requeued request get01 after auth, retryCount 0 ...
2018.08.23 16:18:23 5: HttpUtils request header:
POST /login HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45
2018.08.23 16:18:23 4: https://cloud.vallox.com/login: HTTP response code 302
2018.08.23 16:18:23 4: HttpUtils https://cloud.vallox.com/login: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:23 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45
2018.08.23 16:18:24 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:24 4: HttpUtils https://cloud.vallox.com:443/: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45
2018.08.23 16:18:24 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:24 4: HttpUtils https://cloud.vallox.com:443/: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45
2018.08.23 16:18:24 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:24 4: HttpUtils https://cloud.vallox.com:443/: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45
2018.08.23 16:18:24 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:24 5: vallox_login: HandleSendQueue - still waiting for reply to last request, delay sending from queue
2018.08.23 16:18:24 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:24 4: HttpUtils https://cloud.vallox.com:443/: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:24 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:25 5: HttpUtils request header:
POST / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Language: en-US,en;q=0.5
Referer: https://cloud.vallox.com/
Accept-Encoding: gzip, deflate
Connection: close
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20180823 Firefox/61.0
Cookie: connect.sid=$sid
Cookie: _csrf=s%3AYE1XRipt9qknY90RUoTUUURG.5Njyi%2F9Lb9Rffr4xJMyWC8eSgS5NC%2FsE0sjOngUndfY; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 45
2018.08.23 16:18:25 4: https://cloud.vallox.com:443/: HTTP response code 302
2018.08.23 16:18:25 3: vallox_login: Read callback: Error: https://cloud.vallox.com:443/: Too many redirects
2018.08.23 16:18:25 4: vallox_login: Read callback: request type was auth1 retry 0, body empty
2018.08.23 16:18:25 5: vallox_login: GetCookies is looking for Cookies
2018.08.23 16:18:25 4: vallox_login: GetCookies parsed Cookie: _csrf Wert s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw Rest Path=/
2018.08.23 16:18:25 5: vallox_login: ExtractSid called, context sid, num 1
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue called, qlen = 1
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue is using Cookie _csrf with path and Value s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw (key _csrf;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412)
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue is using Cookie _csrfToken with path and Value IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM (key _csrfToken;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue is using Cookie lang with path and Value en (key lang;, destination path is /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412)
2018.08.23 16:18:25 5: vallox_login: HandleSendQueue is adding Cookie header: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
2018.08.23 16:18:25 4: vallox_login: HandleSendQueue sends request type get01 to URL https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxx, No Data,
header: X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
timeout 2
2018.08.23 16:18:25 5: HttpUtils url=https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412
2018.08.23 16:18:26 5: HttpUtils request header:
GET /api/devicestate/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
2018.08.23 16:18:26 4: https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxxxxxxxxxxxx?cb=1490179044412: HTTP response code 302
2018.08.23 16:18:26 4: HttpUtils https://cloud.vallox.com:443/api/devicestate/xxxxxxxxxxxx?cb=1490179044412: Redirect to https://cloud.vallox.com:443/
2018.08.23 16:18:26 5: HttpUtils url=https://cloud.vallox.com:443/
2018.08.23 16:18:26 5: HttpUtils request header:
GET / HTTP/1.1
Host: cloud.vallox.com
Accept-Encoding: gzip,deflate
Connection: Close
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cloud.vallox.com:443/cloudui/index.html?deviceid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNT: 1
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:45.0) Gecko/20100101 Firefox/45.0
Cookie: _csrf=s%3AnnYssVIRgI7_nbneiBGCSSOa.xJkfjsNPjgn3f3As%2BS3vuEkZVRDUYZD3MFBVD6UlNdw; _csrfToken=IoLa0EjD-geAZuU_nQQjtXcgOYdJL1f9mUvM; lang=en
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
2018.08.23 16:18:26 4: https://cloud.vallox.com:443/: HTTP response code 200
2018.08.23 16:18:26 5: HttpUtils https://cloud.vallox.com:443/: Got data, length: 4169
2018.08.23 16:18:26 5: HttpUtils response header:
HTTP/1.1 200 OK
Set-Cookie: lang=en; Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:27 GMT
Set-Cookie: _csrfToken=Whh40DDR-cGLNq5hTqkOtXKcWQJRwpH0pxZo; Path=/
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
ETag: W/"1049-MfCJK8GFZUV/rfWyN777Iw"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 23 Aug 2018 14:18:27 GMT
Connection: close
Transfer-Encoding: chunked
2018.08.23 16:18:26 4: vallox_login: Read callback: request type was get01 retry 1,
Body: <!DOCTYPE html><html ng-app="CloudApp"><head><title>MyVallox Cloud</title><!-- Created by ilkka.salminen on 23/09/14.--><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet" href="/layouts/core.min.css?undefined"><!--link(rel='stylesheet', href='/layouts/core.css?#{cacheBreaker}')--><link rel="stylesheet" href="/views/index.min.css?undefined"></head><body><!--Created by ilkka.salminen on 26/09/14.--><div class="header"><div class="row"><div class="logo-always"><img src="/media/logo.png"></div></div></div><div class="main-content"><div class="section demo-area"><div class="row middle"><div class="col-xs-6"><p>Try demo version of MyVallox Cloud</p></div><div class="col-xs-6"><a href="https://cloud.vallox.com:8080/" class="btn btn-block btn-primary">Demo</a></div></div></div><div class="main-image"><div id="main-carousel" data-ride="carousel" class="carousel slide"><ol class="carousel-indicators"><li data-target="#main-carousel" data-slide-to="0" class="active"></li><li data-target="#main-carousel" data-slide-to="1"></li><li data-target="#main-carousel" data-slide-to="2"></li></ol><div role="listbox" class="carousel-inner"><div class="item active"><img src="/media/MyValloxKuvakaruselliKuvatPlain.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>EASY VENTILATION CONTROL</h3>Register your MyVallox ventilation unit with the cloud service and control the ventilation of your home anywhere</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain2.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>HOME OF FRESH AIR</h3>Vallox keeps the indoor air fresh and pure</div></div></div><div class="item"><img src="/media/MyValloxKuvakaruselliKuvatPlain3.png" alt="..."><div class="carousel-caption"><div class="middle"><h3>GOOD VENTILATION IS AN INVESTMENT IN WELL-BEING</h3>and the best insurance for your home</div></div></div></div></div><!--#mobile-titleimageimg(src='/media/MyValloxKuvakaruselliKuvatPlain3.jpg')--></div><div ng-controller="loginController" ng-keypress="enterKey($event)" class="login-area section"><h1>Log in</h1><div ng-show="errors" ng-repeat="error in errors" class="alerts"><div class="alert alert-danger alert-dismissable"><button type="button" data-dismiss="alert" class="close">×</button>{{error}}</div></div><form><div class="row"><div class="email-input col-sm-5"><input type="email" placeholder="Email" ng-model="email"></div><div class="password-input col-sm-5"><input type="password" placeholder="Password" ng-model="password"></div><div class="login-buttons col-sm-2"><div class="login-button"><div class="button"><button type="submit" ng-click="login()" class="btn btn-block btn-primary">Log in</button></div></div></div></div></form><div class="extra-row"><a href="/login/forgot/">Forgot your password?</a></div></div><div class="firmware section"><h1>Latest firmware</h1><div class="row"><div class="col-xs-1">v1.8.5</div><div class="col-xs-4"><a href="http://cloud.vallox.com/changelog.txt" target="_blank">Firmware change log</a></div><div class="col-xs-4"><!--a(href='http://cloud.vallox.com/instructions.txt', target="_blank") #{strings.firmware_instructions_link}--></div><div class="col-xs-3"><a href="http://cloud.vallox.com/HSWUPD.BIN" class="btn btn-block btn-primary">Download</a></div></div></div></div><div class="clearfix"></div><!--#debug--><!--Created by ilkka.salminen on 03/02/15.--><div class="cloud-footer"><div class="footer-logo"><img src="/media/logo_sq.png" alt="logo" class="img-responsive"></div><div class="footer-content"><div class="row"><div class="about col-sm-4"><a href="http://www.vallox.com/" target="_blank">About Vallox</a><br><a href="http://www.vallox.com/" target="_blank">Help</a></div><div class="legal col-sm-4"><a href="/terms">Terms and conditions</a><br><a href="/privacy">Privacy policy</a></div><div class="copyright col-sm-4">© Vallox 2018</div></div></div></div><script src="/layouts/core.min.js"></script><script src="/views/backend.js"></script><script src="/views/index.js"></script><script src="/vendor/bootstrap/js/carousel.js"></script></body></html>
2018.08.23 16:18:26 5: vallox_login: GetCookies is looking for Cookies
2018.08.23 16:18:26 4: vallox_login: GetCookies parsed Cookie: lang Wert en Rest Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 14:18:27 GMT
2018.08.23 16:18:26 4: vallox_login: GetCookies parsed Cookie: _csrfToken Wert Whh40DDR-cGLNq5hTqkOtXKcWQJRwpH0pxZo Rest Path=/
2018.08.23 16:18:26 5: vallox_login: ExtractSid called, context get, num 01
2018.08.23 16:18:26 5: vallox_login: CheckAuth is checking buffer with ReAuthRegex loginController
2018.08.23 16:18:26 4: vallox_login: CheckAuth decided new authentication required
2018.08.23 16:18:26 4: vallox_login: Authentication still required but no retries left - did last authentication fail?
2018.08.23 16:18:26 5: vallox_login: ExtractReading for context get, num 01 - no individual parse definition
2018.08.23 16:18:26 5: vallox_login: Read starts parsing response to get01 with defined readings: 01
2018.08.23 16:18:26 5: vallox_login: ExtractReading _csrfToken with regex /(?<=_csrfToken=).*(?=;/...
2018.08.23 16:18:26 5: vallox_login: ExtractReading _csrfToken did not match
2018.08.23 16:18:26 3: vallox_login: Read response to get01 didn't match any Reading
2018.08.23 16:18:26 5: vallox_login: HandleSendQueue called, qlen = 0
Was mir nun nicht so klar ist, ist das Handschake bei der Anmeldung mit den Token und der sid. In der Config habe ich versucht die sid in "sid1Header8 Cookie: connect.sid=$sid" einzusetzen, wie ich es in Burp mitgeschnitten haben. Jedoch wird $sid nicht ersetzt.
Ein weiterer Test ist ein reading für ein Token:
reading01Name _csrfToken
reading01Regex (?<=_csrfToken=).*(?=;)
Das wird allerdings nicht gefunden und ich weiß nicht ob man auch aus dem Header lesen kann?
Die Regex habe ich online getestet und liefert das gewünschte Ergebnis.
In einem parrallelen Test mit curl, aus Burp generiert, habe ich bereits herausbekommen, dass die Meldungen im httpbody erscheinen, sobald das Login fehlschlägt. Dies ist der Fall, sobald die sid im curl Aufruf entfern wurde. Beim Test habe ich natürlich immer stückweise Token und sid entfernt, bis es nicht mehr ging :-)
Ein Beispiel:
gut
curl -i -s -k -X $'POST' -H $'Host: cloud.vallox.com' -H $'User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0' -H $'Accept: application/json, text/plain, */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'X-XSRF-TOKEN: V9h5z3ND-n2W0OxnxsS1mCDEp4I-DnJvvN0w' -H $'Referer: https://cloud.vallox.com/' -H $'Content-Length: 45' -H $'Cookie: lang=de; _csrf=s%3ARKngiocWzDWFWVUUxHB3bN9S.TKzzSSHJTHy2%2B0aeDT9VpgidMbnAu9QlCYOfsHo%2F4Q0; _csrfToken=V9h5z3ND-n2W0OxnxsS1mCDEp4I-DnJvvN0w; connect.sid=s%3AOIwxYChbyViDwoNZpmLxOwTVAliX5LWq.ywEegvaXmOyGuRwpgGZqqUIsQQqqH9gxDsxVOgeg0k4' -H $'Connection: close' --data-binary $'username=xxxxxxxxxx&password=xxxxxxx' $'https://cloud.vallox.com/login'
HTTP/1.1 200 OK
Vary: X-HTTP-Method-Override, Accept-Encoding
set-cookie: lang=de; Max-Age=604800; Path=/; Expires=Thu, 30 Aug 2018 15:13:20 GMT
set-cookie: _csrfToken=Upc1ygWY-N5qS_FSM5kv-IsFsw21DHx9BnI4; Path=/
set-cookie: connect.sid=s%3Awrx0PXEAcykcPGEr-p5JoSOV0C1hmKwB.QajtZCpLK8bC7seDzHx47StdOmiyVCBP7k1SbfBIxP4; Path=/; HttpOnly
X-Frame-Options: DENY
X-Powered-By: Express
Content-Type: application/json; charset=utf-8
Content-Length: 74
ETag: W/"4a-iFjmKaXUGUWpK3TUuWr9AQ"
Date: Thu, 23 Aug 2018 15:13:20 GMT
Connection: close
{"success":true,"errors":[],"errfor":{},"message":"","nexturl":"/account"}
schlecht
curl -i -s -k -X $'POST' -H $'Host: cloud.vallox.com' -H $'User-Agent: Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0' -H $'Accept: application/json, text/plain, */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'Referer: https://cloud.vallox.com/' -H $'Content-Length: 45' -H $'Connection: close' --data-binary $'username=xxxxxxxxx&password=xxxxxxxxxxxx' $'https://cloud.vallox.com/login'
HTTP/1.1 302 Found
Vary: X-HTTP-Method-Override, Accept, Accept-Encoding
set-cookie: _csrf=s%3AquIQ0ak4KrP1nBqEs54Ac7iV.PnvU6spHm5bj6rJuJd%2BxTXiDDYDh8GIZS6Y8XNlYgps; Path=/
Location: /
Content-Type: text/plain; charset=utf-8
Content-Length: 23
Date: Thu, 23 Aug 2018 15:09:34 GMT
Connection: close
Found. Redirecting to /
Nun meine Bitte an Euch mir reichlich Futter zu schicken. Jede Idee ist willkommen.
Viele Grüße
Christian