We have the same header in several API requests, however the value is different.
For example:
PUBLIC_KEY=value1
PRIVATE_KEY=value2
We would need the same header to accept different values for different requests.
Request1:
//this would be the authorization config for one of the requests
echo "----> Building prop file:"
echo "replacer.full_list(0).description=auth1" >> auth.prop
echo "replacer.full_list(0).enabled=true" >> auth.prop
echo "replacer.full_list(0).matchtype=REQ_HEADER" >> auth.prop
echo "replacer.full_list(0).matchstr=Authorization" >> auth.prop
echo "replacer.full_list(0).regex=false" >> auth.prop
echo "replacer.full_list(0).replacement=$PUBLIC_KEY" >> auth.prop
For request2:
//this would apply to another request, but the name of the header would remain the same
echo "replacer.full_list(1).description=auth1" >> auth.prop
echo "replacer.full_list(1).enabled=true" >> auth.prop
echo "replacer.full_list(1).matchtype=REQ_HEADER" >> auth.prop
echo "replacer.full_list(1).matchstr=Authorization" >> auth.prop
echo "replacer.full_list(1).regex=false" >> auth.prop
echo "replacer.full_list(1).replacement=$PRIVATE_KEY" >> auth.prop
Is it possible to achieve these different values for header with the same name in different requests in one zap-api-scan.py?
And If so, is it possible to extract some logs during/after execution to see headers and response body?
On what basis do you want to specify different values?
This should be possible with httpsender scripts as long as you have access to all of the information you need.
Related
Please check my batch file command as I need to dis-join computer from old domain and join it to a new one.
Sometimes computer succeeded to dis-join the computer but fails to add it in a new domain so this computer will be out of domain. I need to add command to validate if the computer is successfully joined to the new domain otherwise revert it back to the old domain.
#echo off
netdom.exe remove %computername% /domain:MyOlddomain.local /UserD:Myusername /PasswordD:Mypassword
Ping 127.0.0.1 -n 5 >nul
netdom.exe join %computername% /domain:MyNewDomain /UserD:Myusername /PasswordD:Mypassword
Ping 127.0.0.1 -n 5 >nul
shutdown -t 5 -r -f
The best way about it is to use a IF statement.
The basic structure of a IF statement is as follows.
IF EXIST "%1" (
echo "it's here!"
) ELSE (
echo "it isn't here!"
)
Going about it like this will allow you to revert when needed.
More in depth reading!
i am trying to set up a custom script in uptime monitoring and have this command run openssl and have arguments that i pass into it run.
openssl s_client -CAfile C:\apcerts\certs\ -quiet -connect ${HOST}:${PORT} > ${TMPF} 2>&1 < EOF
<TF80DOC><XPLN/></TF80DOC>
EOF
if (Select-String "Update Level" ${TMPF} > /dev/null)
{
exitstatus=$STATE_OK
Select-String "Update Level" ${TMPF} | sort | uniq}
elseif (Select-String "Regulatory" ${TMPF} > /dev/null)
{
exitstatus=$STATE_OK
Select-String "Regulatory" ${TMPF} | sort | uniq}
else{
echo `date` >> /tmp/caught_errs.out
cat ${TMPF} >> /tmp/caught_errs.out
echo " " >> /tmp/caught_errs.out
exitstatus=$STATE_CRITICAL
}
rm -f ${TMPF} 2> /dev/null
exit ${exitstatus}
i want to have the variables ${host}:${port} are left blank and i want to have an argument that i manually put information in and the fields populate with that information.
for example i need to connect to blank-xml.myinfo.com:30011.
the problem i am running into is when i set this up on the custom monitors i have a .bat that opens openssl but cannot open the .txt file to run commands given.
what do i need to do in order for this to work.
Update:
I have made a batch file that passes in information to openssl that is a lot smaller.
#echo off
c:\OpenSSL-Win64\bin\openssl s_client -connect help-xml.helpme.com:443
this section works great shows information on the screen that is needed. I need to send in another command to the window also but get a error stating the the < command isn't an executable or batch process.
that command is <TF80DOC><XPLN/></TF80DOC> i have tried using the & symbol and have used echo before it but still am getting the same error or the screen will pop up and close instantly with no information.
the if then statement works after i run <TF80DOC><XPLN/></TF80DOC> since this has information that is displayed the statement is looking for. But if i can't get the <TF80DOC><XPLN/></TF80DOC> to be sent to openssl after the s_client -connect help-xml.helpme.com:443 runs then the if statement will never work.
Update:
I have changed the powershell command to pipe in the command after s_client -connect help-xml.helpme.com:443
the new code looks like
#'
<TF90DOC><XPLN/></TF90DOC>
'# | C:\OpenSSL-Win64\bin\openssl s_client -quiet -connects_client -connect help-xml.helpme.com:443 > test1.txt 2>&1
the if then statement isn't an issue since i know how to fix that part of it. the powershell part of the code works but requires me to press enter which is not what i need it to do. i need it to execute the command automatically without user input
For the batch command i have made some slight changes to it, which are
#echo off
setlocal enabledelayedexpansion
set "var=<TF90DOC><XPLN/></TF90DOC>"
echo echo !var! | C:\OpenSSL-Win64\bin\openssl s_client -connect tf90-xml.bsi.com:443> test1.txt 2>&1
this command still gives me the error
< was unexpected at this time.
I completely misunderstood your question at first and didn't realize you needed to send the command to the newly-opened openssl instance. In order to do this, you need to pipe the command you want to openssl.
#echo off
echo ^<TF80DOC^>^<XPLN/^>^</TF80DOC^>|c:\OpenSSL-Win64\bin\openssl s_client -connect help-xml.helpme.com:443
Note that this is untested, and you may have to also escape the escape characters:
echo ^^^<TF80DOC^^^>^^^<XPLN/^^^>^^^</TF80DOC^^^>|c:\OpenSSL-Win64\bin\openssl s_client -connect help-xml.helpme.com:443
If you need to send more than one command, place them in a separate batch file with each command preceded by an echo and pipe that to the openssl command, like this:
commands.bat
#echo off
echo echo This is one command.
echo echo This is another command.
main.bat
#echo off
commands.bat|C:\OpenSSL-Win64\bin\openssl s-client -connect help-xml.helpme.com:443
Try this: (See edit below.)
#echo off
(
echo(^^^<TF90DOC^^^>^^^<XPLN/^^^>^^^</TF90DOC^^^>
echo;
) | C:\OpenSSL-Win64\bin\openssl s_client -connect tf90-xml.bsi.com:443 > test1.txt 2>&1
Edit:
From what you describe, it sounds like openssl is not ready for input immediately after entry of that XML, and is black holing the newline piped to stdin. So rather than dumping everything to stdin at once, you'll need to introduce a sleep of some sort, and listen to that program's stdout for the appropriate prompt.
Here's a proof of concept in JScript that I think can be applied for you as soon as I know what text openssl uses to prompt for the XML, and then for the Enter keypress. This is a similar method as described on the WSHScriptExec StdOut Property documentation page, and is more flexible than any solution attempted thusfar.
test.bat
#if (#a==#b) #end /* begin multiline JScript comment
:: batch portion
#echo off
setlocal
cscript /nologo /e:JScript "%~f0"
goto :EOF
:: end batch portion / begin JScript */
var osh = new ActiveXObject('wscript.shell'),
fso = new ActiveXObject('scripting.filesystemobject'),
log = fso.CreateTextFile('output.txt', true),
read;
var exe = osh.Exec('cmd /c test2.bat');
while (1) {
if (!exe.StdOut.AtEndOfStream) {
read += exe.StdOut.Read(1); // read 1 char at a time
if (/Arg 1:/.test(read)) {
WSH.Sleep(50);
exe.StdIn.Write('<TF80DOC><XPLN/></TF80DOC>\n');
WSH.Sleep(100);
// This is the output we wish to capture.
read = exe.StdOut.ReadLine();
WSH.Echo(read);
log.WriteLine(read);
read = '';
} else if (/Press any key/.test(read)) {
WSH.Sleep(100);
exe.StdIn.Write('\n');
break;
}
}
else WSH.Sleep(100);
}
log.Close();
while (!exe.Status) WSH.Sleep(100);
WSH.Echo('Done.');
test2.bat
#echo off
setlocal enabledelayedexpansion
set /P "input=Arg 1: "
echo(Input: !input!
pause
I'd like to receive result of tracert information from my customer, however, they are not IT savvy.
Is there any ways we can get the tracert result be sent to an email or a web-form?
Any written bat files or open source programme available?
clip.exe sends stuff to the clipboard.
You could put this into a batch file.
tracert targethost | clip
Then have them run the batch file and paste (the batch file did the copy—the client doesn't need to select/highlight anything) into an email. Surely non-savvy clients can send email.
I've wrote an alternative solution that allow users to upload their traceroute result using a bat file.
IPADDRESS - The ip Address that you'd like to trace USERNAME - The
FTP username PASSWORD - The Password for the FTP user HOSTNAME
- The FTP Host name
Create a traceroute.bat
#echo off
for /f "tokens=2 delims==" %%a in ('wmic OS Get localdatetime /value') do set "dt=%%a"
set "YY=%dt:~2,2%" & set "YYYY=%dt:~0,4%" & set "MM=%dt:~4,2%" & set "DD=%dt:~6,2%"
set "HH=%dt:~8,2%" & set "Min=%dt:~10,2%" & set "Sec=%dt:~12,2%"
set "fullstamp=%YYYY%-%MM%-%DD%_%HH%-%Min%-%Sec%"
ECHO Please wait....
tracert IPADDRESS > tracert-%fullstamp%.log
echo user USERNAME> ftpcmd.dat
echo PASSWORD>> ftpcmd.dat
echo bin>> ftpcmd.dat
echo put tracert-%fullstamp%.log>> ftpcmd.dat
echo quit>> ftpcmd.dat
ECHO Please allow FTP to upload the results...
ftp -n -s:ftpcmd.dat HOSTNAME
del ftpcmd.dat
del tracert-%fullstamp%.log
ECHO Uploading complete! You may now exit
#pause
I'm trying to send a simple string parameter from C# web app code using CMD line call to ICA file to Citrix XenApp Server to launch a specific published application (Macro Scheduler macro compiled into exe), NOT the whole citrix desktop.
I have a web app with cmd line code using
"C:\Program Files (x86)\Citrix\ICA Client\Wfica32.exe" C:\someICAfile.ica \Param:"/username=SomebodysName" .
I've also tried for the parameter syntax: /username=SomebodysName, /Param:"/username=SomebodysName"
and about a million other combinations of quotes and slashes.
I used Citrix QuickLaunch to write my ICA file, in which the only thing I changed was InitialProgram=#ApplicationName \Param (I added the \Param). I've also tried /username and \Param=SomebodysName and I can't get any of those to work either. I've even tried just hardcoding the name in there and I can't get it to go through.
The exe is expecting a parameter "username" and when called locally from the cmd prompt it works using UsernameProgram.exe /username=somebodysname. I made sure to include the "%*" at the end of the commandlineexecutable in the Citrix Xenapp application location properties to ensure that it can accept a command line parameter.
This is all using C# and XenApp 6. Everything works except passing the parameter through, and I have no idea where the parameter is lost, if it even gets anywhere.
I feel like I have tried every combination of /'s \'s and "'s so if anybody could please help me out with the syntax, I'd really appreciate it! I did try looking into the ICA Client SDK in the c# code, but it seems to just manually do what an external ICA file will do. If this is wrong, however, please let me know. I'm approaching the point where I'm just going to try it regardless because I'm completely out of ideas. Please help.
Thanks!
I ended up calling a .bat file from my C# code by using the following:
Process proc_Launch = new Process();
proc_Launch.StartInfo.FileName = "CreateTempICA.bat";
proc_Launch.StartInfo.RedirectStandardError = false;
proc_Launch.StartInfo.RedirectStandardOutput = false;
proc_Launch.StartInfo.WorkingDirectory = #"C:\WorkingDirectory";
proc_Launch.StartInfo.Arguments = #"""/username=somebodysname""";
proc_Launch.Start();
reference: Run bat file in c# with .exe and .def code
In the .bat file, I create an ICA file passing in the username paramter as follows:
#echo off
:makefile
pushd %temp%
set icafile=temp.ica
#echo [WFClient] > %icafile%
#echo Version = 2 >> %icafile%
#echo HttpBrowserAddress=ServerName:8080 >> %icafile%
#echo ProxyType=Auto >> %icafile%
#echo ConnectionBar=0 >> %icafile%
#echo [ApplicationServers] >> %icafile%
#echo ApplicationName= >> %icafile%
#echo [ApplicationName] >> %icafile%
#echo Address = ApplicationName >> %icafile%
#echo InitialProgram=#"ApplicationName"%1 >> %icafile%
#echo ClientAudio=On >> %icafile%
#echo AudioBandwidthLimit=1 >> %icafile%
#echo CGPAddress=*:#### (use actual numbers here though) >> %icafile%
#echo CDMAllowed=On >> %icafile%
#echo CPMAllowed=On >> %icafile%
#echo DesiredColor=8 >> %icafile%
#echo ConnectionBar=0 >> %icafile%
#echo TWIMode=On >> %icafile%
#echo Compress=On >> %icafile%
#echo TransportDriver=TCP/IP >> %icafile%
#echo WinStationDriver=ICA 3.0 >> %icafile%
#echo BrowserProtocol=HTTPonTCP >> %icafile%
#echo [Compress] >> %icafile%
#echo DriverName= PDCOMP.DLL >> %icafile%
#echo DriverNameWin16= PDCOMPW.DLL >> %icafile%
#echo DriverNameWin32= PDCOMPN.DLL >> %icafile%
start %icafile%
popd
The %1 in the InitialProgram component is where the argument is used from the C# code.
reference: http://www.virtualizationadmin.com/files/whitepapers/MetaframeXP/Connecting_to_a_Citrix_server_from_the_command_line.htm
The last step is to make sure in your Citrix Delivery Console to make sure that the Location properties of the published application for the CommandLineExecutable has a "%**" after it, including the double quotes. I believe adding the 2nd asterisk lets the parameter get through the command line validation and allows it to be used when the application is opened. Either way though, it worked with two of them and not with one of them.
Is it possible to somehow listen to all perforce cammands issued from my machine to the perforce server?
I did some googling yesterday and found a page somewhere about a perforce proxy or broker that would intercept perforce commands and allow you to do what you wanted with them before sending them to the server...and now can't find the page!
I am trying to debug our build process (built using Maven) that is failing while running the maven-release-plugin (prepare).
Cheers.
It was maybe P4Broker (it seems hard to find an official link, hence the google search).
Thanks for the reply - was the link I was looking for though turned out it wasn't what I wanted.
In the end I ended up modifying my Windows PATH so that 'p4' would not directly call perforce but instead execute a bat file:
#echo off
set PERFORCE_HOME="C:\Program Files (x86)\Perforce\p4.exe"
set OUTPUT_FILE=C:\batScripts\output\p4out.txt"
echo =========================== >> %OUTPUT_FILE%
echo ===== PERFORCE DEBUG ====== >> %OUTPUT_FILE%
echo =========================== >> %OUTPUT_FILE%
echo $ p4 %* >> %OUTPUT_FILE%
echo =========================== >> %OUTPUT_FILE%
echo Timestamp: %Date% %Time% >> %OUTPUT_FILE%
echo Vars: >> %OUTPUT_FILE%
%PERFORCE_HOME% set >> %OUTPUT_FILE%
echo ` >> %OUTPUT_FILE%
%PERFORCE_HOME% %*