Is there a way for Fiddler to match an autoresponse for the following URL so it will match ANY wildcard value in the middle of a URL?
http://test.localhost.com/accounts/{wildcard}/notes/page/1
You'll probably want to use a regular expression:
REGEX:http://test\.localhost\.com/accounts/.*/notes/page/1
or maybe
REGEX:http://test\.localhost\.com/accounts/.+/notes/page/1
if your wildcard must be 1 or more characters.
Note: Your question's title mentions "query parameters" but the text of the question seems to concern the "path" component of the URL, since there's no ? in your sample.
Using AutoResponder, it would be:-
[![regex:(?inx)^http://test\.localhost\.com/accounts/.*/.*notes/page/1][1]][1]
Use the below case, when host is also not known.
regex:(?inx)^https://.+\/accounts/.*/.*/.*
Related
Burp highlights DOM open redirection possible with code below. Could anyone explain if this is feasible? Many thanks!
var url = window.location.href;
url = url.replace(/(\?|\&)user_lang=[A-Za-z]{2}/, "");
window.location.href = url;
Most likely a false positive
Let's have a look at what the code exactly does: First, it reads the current URL, then it applies some Regular Expression to it, and finally it redirects to that URL. Burp recognizes this pattern and flags it as potential vulnerability.
Let's have a closer look at the regular expression: (\?|\&)user_lang=[A-Za-z]{2}
So the first match is either a ? or a &, followed by user_lang=, followed by two letters of either upper- or lower case. Here are some strings this would match to:
&user_lang=FO
?user_lang=sj
?user_lang=Oo
Once a match is found, it is replaced with nothing, and the user is redirected to the resulting URL. Let's look at an example:
https://example.com/?user_lang=ENsome/kind/of/url would rresult in a redirect to https://example.com/some/kind/of/url
This should generally not be a problem, as redirects to a different domain are not a problem using this method.
I have the following route
$r->get('/select_folder/:mail')->to('mail#change_folder');
It works well almost every time but when the route contains the %2f sequence of characters, equivalent to / it works as if %2f is a path separatator instead of a escaped sequence.
This is an example input:
http://127.0.0.1:5000/select_folder/%5bGmail%5d%2fDestacados
This is part of the error:
None of these routes could generate a response for your GET request for /select_folder/[Gmail]/Destacados, maybe you need to add a new one?
I would like to know some way to get a parameter like this as an url part without using GET or POST parameters.
You can use wildcard placeholders to allow / to be part of the matched parameter.
$r->get('/select_folder/*mail')->to('mail#change_folder');
The reason why %2F is interpreted as a / is because the URL is decoded before being applied to routing.
Finally I have discovered how to use regular expressions to solve the problem.
$r->get('/select_folder/:folder'=>[folder=>qr/.*/])->to('mail#change_folder');
I made :folder match any character, now it is working.
I installed ARR on my local machine and setup a server farm with a single server in it (localhost). I added two redirect routing rules. However, it doesn't do the redirect. My Default Web Site has ab additional binding like this one: localhost.mycompany.com. I tried putting that in the server farm and it still didn't work. The redirect rules look like this.
Uses wildcards in the pattern
inbound pattern: */path2/*/*/*/method*
Redirect URL: /path1/path2/api/item/method
EDIT: When I use the Test Pattern and enter one of the URLs against my rule it parses it successfully
Also tried putting the full hostname (e.g. http://localhost.mycompany.com/...) in the redirect rule as well as using the alias localServerFarm (which is the name of server farm). Nothing worked.
The module is "working" in some respect because when I had a broken rule it sure told me about it when I tried to load any url on localhost. Once I fixed the rule, I no longer got the error message but it doesn't do any redirection.
This was just a matter of getting the redirect rule correct. In the rules list there is a column named Input and it's setting is URL Path. So, the only input to the pattern match is the path part of the URL not including the / at the beginning. All I had to do was change the */ at the beginning of my pattern to just *, e.g. */path2/*/*/*/method* changed to *path2/*/*/*/method*.
I don't know if there's any other setting for the Input field (it isn't settable in the rule definition screen) but for anyone creating rules remember that only the path without a leading / is what's used for evaluating the pattern match. One note is that if you're matching from the beginning of the path, as I am, you don't need the * at the beginning of the pattern. However, if you go into the test pattern screen and paste a full URL into the Input data it will not just grab the path part of that URL and feed it to the pattern match will use the entire string so it will require an * at the beginning of your pattern to work.
I'm trying to make an auto response for a website, let me take an exemple
Website : http://mywebsite.com/1.0/?appID=blah_blah&appVersion=RandomNumber&getAppicationSettings=blah_blah
I'd like that Fiddler match the autoresponse after, for exemple, "appVersion=" I've tried to put "REGEX:http://mywebsite.com/1.0/?appID=blah_blah&appVersion=.*" but it doesn't work.
I don't know if you know what I mean, I have trouble to explain it. :(
Thanks for the reply.
The simplest thing would be to just change the rule to
http://mywebsite.com/1.0/?appID=blah_blah&appVersion=
If you need to use a regular expression, the expression needs to be valid, with escaping of characters that have a meaning in regular expressions. E.g. more like:
REGEX:mywebsite\.com\/1\.0\/\?appID=blah_blah&appVersion=[\d]+&getAppicationSettings=blah_blah
i have a url similar to this
http://one/two/three:four&five=six|seven
also i have
Zend_Uri_Http::setConfig(array('allow_unwise' => true));
in order to be able to use "|". when i try to use
Zend_Http_Client::setUri()
on my url, i get
Zend_Uri_Exception: Invalid URI supplied
when i hit the url from the browser, it works. how to avoid this problem. any ideas are welcome
The URL will be valid if you change it to:
http://one/two/three:four?five=six|seven
What is supposed to be the query string in that URI? You have to separate the query string from the path by ? before you can use & to separate arguments.
so it turns out i had a rewrite rule, defined in my httpd-vhosts.conf file, which created valid url after my invalid url was hit. since i needed to hit the url from within the zend framework phpunit test, i applied rewrite rule manually and got the correct url
moral of the story, put all the relevant info into your question, or else, nobody will be able to help you out