uPnp SetAVTransportURI Missing SOAP action header - soap

I am playing about with bubbleUpnp and looking at uPnp in general. I've put out a urn:schemas-upnp-org:device:MediaRenderer:1 discovery and the app notifies of its capabilities.
The first issue is I have xmbc on different devices, ps3, ps4 all can see each other but only the bubbleUpnp and my router replies ( that goes for ssdp:all to).
trying to get set a AVTransportURI on bubbleUpnp i keep getting a uPnp error
<s:Envelope s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode>s:Client</faultcode>
<faultstring>UPnPError</faultstring>
<detail>
<UPnPError xmlns="urn:schemas-upnp-org:control-1-0">
<errorCode>401</errorCode>
<errorDescription>No action by that name at this service. Missing SOAP action header.</errorDescription>
</UPnPError>
</detail>
</s:Fault>
</s:Body>
</s:Envelope>
But grabbing the header from charles shows its there.
POST
/dev/9bfe134f-b027-52f3-ffff-ffffaae644dd/svc/upnp-org/AVTransport/
action HTTP/1.1 Host 192.168.1.65:58645 Accept */*
Accept-Encoding gzip, deflate Content-Length 429
Content-Type text/xml; charset=utf-8 Accept-Language en-us
soapaction urn:schemas-upnp-org:service:AVTransport:1#
SetAVTransportURI Connection keep-alive
User-Agent channelListingTest/1 CFNetwork/758.3.15 Darwin/15.4.0
heres the soap request
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<s:Body>
<u:SetAVTransportURI xmlns:u="urn:schemas-upnp-org:service:AVTransport:1">
<InstanceID>0</InstanceID>
<CurrentURI>http://clips.vorwaerts-gmbh.de/big_buck_bunny.mp4</CurrentURI>
<CurrentURIMetaData />
</u:SetAVTransportURI>
</s:Body>
</s:Envelope>
and under the soap tab in charles it looks ok to me
SetAVTransportURI Method
Parameters Element
[InstanceID: null] Element 0
[CurrentURI: null] Element http://clips.vorwaerts-gmbh.de/big_buck_bunny.mp4
[CurrentURIMetaData: null] Element
It could be my in experience with soap/upnp does anything stick out ?
Cheers
edit heres the code to send the request.
var request = new XMLHttpRequest();
request.open("POST", "http://192.168.1.65:58645/dev/9bfe134f-b027-52f3-ffff-ffffaae644dd/svc/upnp-org/AVTransport/action");
request.onreadystatechange = function() {
console.log(request.responseText)
};
let setAVTransport = '<?xml version="1.0" encoding="utf-8"?>' +
'<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">' +
'<u:SetAVTransportURI xmlns:u="urn:schemas-upnp-org:service:AVTransport:1">' +
'<InstanceID>0</InstanceID>' +
'<CurrentURI>http://clips.vorwaerts-gmbh.de/big_buck_bunny.mp4</CurrentURI>' +
'<CurrentURIMetaData></CurrentURIMetaData>' +
'</u:SetAVTransportURI>' +
'</s:Body>' +
'</s:Envelope>';
request.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
request.setRequestHeader("SOAPAction", "urn:schemas-upnp-org:service:AVTransport:1#SetAVTransportURI");
request.send(setAVTransport);


I can't promise this is the real issue but the SOAPAction value should be in doublequotes (don't ask me, I don't think it makes any sense either).
Try something like this:
request.setRequestHeader("SOAPAction", "\"urn:schemas-upnp-org:service:AVTransport:1#SetAVTransportURI\"");
In general I advice to check the actual messages on the network (wireshark is a great tool) and compare them to messages sent by a client that does work.

Related

Response to TRACE http method

So I was testing my website and I tried connecting with the TRACE http method. In response I got a massive string. I don't know what it is. Does anybody know what could it be and if it's some sort of vulnerability?
This is the string I'm talking about:
VFJBQ0UgLy5odHBhc3N3ZCBIVFRQLzEuMQ0KSG9zdDogd3d3LnNzZmt6LnNpDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2OjkxLjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTEuMA0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb29raWU6IGpzQ29va2llV2FybmluZ0NoZWNrPWRlY2xpbmVkDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTAsIG5vLWNhY2hlDQpPcmlnaW46IGh0dHA6Ly93d3cuc3Nma3ouc2kNClByYWdtYTogbm8tY2FjaGUNCg0K

It's a Base64 encoded string. Decoded it looks like this:
TRACE /.htpasswd HTTP/1.1
Host: www.ssfkz.si
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: jsCookieWarningCheck=declined
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0, no-cache
Origin: http://www.ssfkz.si
Pragma: no-cache
Which per se does not really look like a security flaw and much rather like a basic implementation of the TRACE http method which states that the contents of the request shall be reflected in their entirety in the response body.
Interesting note though, looking at the specification:
A client MUST NOT generate header fields in a TRACE request containing sensitive data that might be disclosed by the response. For example, it would be foolish for a user agent to send stored user credentials [RFC7235] or cookies [RFC6265] in a TRACE request. The final recipient of the request SHOULD exclude any request header fields that are likely to contain sensitive data when that recipient generates the response body.
So ideally the response should not have contained the Cookie header (to fully comply with the specification by my understanding the client you used to send the requests should not have included them in the first place however).

Server.userException when sending a SOAP-Request with VBScript

When sending a SOAP-Request the answer XML contains a Server.userException faultstring
<faultstring>No such operation 'TabellenExport'</faultstring>
As far a i know this is not specific to the web service i am trying to reach. My suspicion is, that i am doing something wrong when creating the Request and setting the headers.
Dim http, soapRequest
Set http = CreateObject("Microsoft.XmlHttp")
http.open "POST", wsdl, False
http.setRequestHeader "Content-Type", "text/xml"
http.setRequestHeader "SOAPAction", url
http.send xml
request = http.responseText
This is the XML i´m sending:
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservice_2010.genesis">
<soapenv:Header/>
<soapenv:Body>
<web:TabellenExport soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<kennung xsi:type="xsd:string">*********</kennung>
<passwort xsi:type="xsd:string">********</passwort>
<namen xsi:type="xsd:string">61111-0002</namen>
<bereich xsi:type="xsd:string">Alle</bereich>
<format xsi:type="xsd:string">xml</format>
<strukturinformation xsi:type="xsd:boolean">false</strukturinformation>
<komprimieren xsi:type="xsd:boolean">false</komprimieren>
<transponieren xsi:type="xsd:boolean">false</transponieren>
<startjahr xsi:type="xsd:string"></startjahr>
<endjahr xsi:type="xsd:string"></endjahr>
<zeitscheiben xsi:type="xsd:string"></zeitscheiben>
<regionalmerkmal xsi:type="xsd:string"></regionalmerkmal>
<regionalschluessel xsi:type="xsd:string"></regionalschluessel>
<sachmerkmal xsi:type="xsd:string"></sachmerkmal>
<sachschluessel xsi:type="xsd:string"></sachschluessel>
<sachmerkmal2 xsi:type="xsd:string"></sachmerkmal2>
<sachschluessel2 xsi:type="xsd:string"></sachschluessel2>
<sachmerkmal3 xsi:type="xsd:string"></sachmerkmal3>
<sachschluessel3 xsi:type="xsd:string"></sachschluessel3>
<stand xsi:type="xsd:string"></stand>
<auftrag xsi:type="xsd:boolean"></auftrag>
<sprache xsi:type="xsd:string">de</sprache>
</web:TabellenExport>
</soapenv:Body>
</soapenv:Envelope>
It is according to the documentation that is available to me.
The WSDL is located here: https://www-genesis.destatis.de/genesisWS/services/ExportService_2010?wsdl
i tried switching the url and the wsdl but i got the same result.
Am i doing something wrong?
wsdl is the location of the WSDL-File, url ist the target address provided to me by the web service and xml is juste the text of the xml i wont to send.

Gatling - Validate Values in SOAP ResponseBoxy

I am looking to check a value that returns in the ResponseBody from a SOAP Web Service.
Here is a sample ResponseBody from Web Service:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<ns5:getUserResponse xmlns:ns5="http://<someservice>" xmlns:ns3="java:com.mywebservice">
<ns3:resultCode>0</ns3:resultCode>
</S:Body>
</S:Envelope>
I have the following:
....//snipped for brevity
.check(regex("""<ns3:resultCode>(\d*)</ns3:resultCode""").saveAs("resCode"))
.check("""${resCode}""".in(0 to 200))
....//snipped for brevity
I get an error message on the fact that .in isn't available for a String type but I am unsure how else to validate that the response of an xml contains particular values.
Any assistance would be awesome, and anything else needed I should more than happily oblige. Thanks in advance.
EDIT:
I forgot to mention that I am using gatling version 2.0.0-M3a - Thanks in advance.

With current 2.0.0-SNAPSHOT, that's:
.check(regex("""<ns3:resultCode>(\d*)</ns3:resultCode""")
.transform(_.toInt)
.in(0 to 200))
With 2M3a, that's:
.check(regex("""<ns3:resultCode>(\d*)</ns3:resultCode""")
.transform(_.map(_.toInt))
.in(0 to 200))

Receiving a SystemFault when I query Item

Using V3 when I attempt to query for Items I receive a generic error with a SystemFault type.
I am attempting to perform Select * From Item Where Name = 'Something'
This does work in the API Explorer, and I believe I am re-creating the HTTP request accurately.
My HTTP GET is:
GET /v3/company/redacted/query?query=Select%20*%20From%20Item%20Where%20Name%20=%20'Something'%20STARTPOSITION%201%20MAXRESULTS%2020 HTTP/1.1
Accept application/xml
Accept-Encoding gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Authorization OAuth oauth_consumer_key="redacted", oauth_nonce="redacted", oauth_signature="redacted", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1386704546", oauth_token="redacted", oauth_version="1.0"
Host qb.sbfinance.intuit.com
And the response I am receiving:
<IntuitResponse xmlns="http://schema.intuit.com/finance/v3" time="2013-12-10T11:42:03.147-08:00">
<Fault type="SystemFault">
<Error code="10000">
<Message>An application error has occurred while processing your request</Message>
<Detail>System Failure Error: Unexpected Internal Error. (-30000)</Detail>
</Error>
</Fault>
</IntuitResponse>
Am I missing something obvious? Thank you.

It's not obvious, but from the documentation found here, it looks like you must encode the ' and = present on your query.
So instead of:
/v3/company/redacted/query?query=Select%20*%20From%20Item%20Where%20Name%20=%20'Something'%20STARTPOSITION%201%20MAXRESULTS%2020
You should use
/v3/company/redacted/query?query=Select%20*%20From%20Item%20Where%20Name%20%3D%20%27Something%27%20STARTPOSITION%201%20MAXRESULTS%2020
Encoding ' to %27, and = to %3D.

What is the appropriate SOAP Action?

I am using Coldfusion 8. I have exceedingly limited experience with SOAP.
I am trying to send out a SOAP request. My SOAP body looks like this:
<cfsavecontent variable="SoapBody">
<cfoutput>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v2="http://www.a2zshow.com/DataServices/v2/" >
<soapenv:Header>
<a2zAuthenticationHeader xmlns="http://www.a2zshow.com/DataServices/v2/">
<Key>#Key#</Key>
<UserName>#UserName#</UserName>
<Password>#Password#</Password>
<InstallName>#InstallName#</InstallName>
</a2zAuthenticationHeader>
</soapenv:Header>
<soapenv:Body>
<DataService xmlns="http://www.a2zshow.com/DataServices/ExhibitorListRequest/v1">
<Request>
<a2zXMLRootNode>
<RequestHeader>
<RequestAttribute Search="NONE"/>
</RequestHeader>
<RequestCriteria>
<EventID>#EventID#</EventID>
</RequestCriteria>
</a2zXMLRootNode>
</Request>
</DataService>
</soapenv:Body>
</soapenv:Envelope>
</cfoutput>
</cfsavecontent>
My SOAP request looks like this:
<cfhttp
url="#PostURL#"
method="post"
result="httpResponse">
<cfhttpparam
type="header"
name="SOAPAction"
value="#SOAPAction#" />
<cfhttpparam
type="xml"
value="#trim(soapBody)#"/>
</cfhttp>
The SOAPAction variable is set like this:
SOAPAction = "http://www.a2zshow.com/getExhibitorList";
I think I am successfully posting to the right place, but I am getting an error message saying that client didn't recognize the SOAPAction. Here's my error:
soap:ClientServer did not recognize the value of HTTP Header SOAPAction: http://www.a2zshow.com/getExhibitorList.
This error seems to be telling me that I don't have the SOAPAction correct. The guy at the other end tells me that I have everything set up right and that it should be working. Is there something missing?

The error was in the vendor's SOAPAction. They gave me the wrong URL. Their documentation was created 8 years ago and they updated it in 2008.
I guess they would rather spend time making their product hard to use by confusing people with the wrong information than to help get something done.
Thanks for the help!