How i can handle http requests in perl? - perl

I tried to use CGI.pm (3.15), but it can't handle PUT requests.
I'm building a REST API, so I need methods PUT, GET, POST and DELETE.
Any ideas?
Code:
#!/usr/bin/perl
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
main: {
print "Content-Type: text/html; charset=utf-8\n\n";
my $query = CGI->new;
my $value1 = $query->param('param1');
my $value2 = $query->param('param2');
my $data = $query->param('PUTDATA');
print "value1[$value1] value2[$value2] data[$data]\n";
};
Curl:
curl 'http://localhost/cgi-bin/testing.cgi' -X PUT -H 'Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Host: 192.168.8.197' -H 'Accept-Language: es-419,es;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: */*' -H 'Connection: keep-alive' --data 'param1=hola&param2=hola' --compressed
value1, value2 and data always empty.


I found it!
The solution was doing an update to the perl module CGI to 3.63 and now works fine.

Related

Using a captured request from Chrome does not work properly in Insomnia or CURL

I have an issue Im hoping to get help with. I am trying to interact directly with a website by making requests directly to an endpoint instead of using the site itself. I started by capturing three basic requests, Login, Logout, and submitting some data. I did the standard process of going into the Chrome inspect panel and copying the logged request as a CURL statement. It looks like this for the following commands....
Login
curl 'https://thewebsite.org/login' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Accept-Language: en-US;q=0.7' \
-H 'Cache-Control: max-age=0' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Cookie: symfony=0d5784ap6ogee0r1nba4446krftdqug9kq6jotmqecp9lmip7b10' \
-H 'Origin: https://thewebsite.org' \
-H 'Referer: https://thewebsite.org/index.php/en' \
-H 'Sec-Fetch-Dest: document' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'Sec-Fetch-User: ?1' \
-H 'Sec-GPC: 1' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36' \
--data-raw 'login=the_user&password=the_password' \
--compressed
This seems to work both in Insomnia and via command line using CURL.
However, the Logout and the submission of the edited data do not work at all. I will get a success response back on both but the edited data is not actually saved the next time I view it and in regards to the logout functionality it is not ultimately successful either because I have to let the login timeout to login via a browser again (this happens because the user was not properly logged out on this site).
Logout
curl 'https://thewebsite.org/logout' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Accept-Language: en-US;q=0.7' \
-H 'Connection: keep-alive' \
-H 'Cookie: symfony=6hpsjifjnem8v0r7pfb5rr22fkdr9th115t01c05p8cfss9mrle1' \
-H 'Referer: https://thewebsite.org/thelink' \
-H 'Sec-Fetch-Dest: document' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'Sec-Fetch-User: ?1' \
-H 'Sec-GPC: 1' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36' \
--compressed
I'd also add that in Chrome dev tools that the response code appears as 302. I tried disabling redirects and get a 302 back when I do that as opposed to a 200 but it makes no difference in terms of it behaving as it does in the browser.
Im really not sure what else to try, if anyone has any comments or suggestions I would be grateful. This is my first question, so if I left out some needed data I will gladly post it. Thank you!

How to authenticate into Project Server SOAP API?

I'm trying to perform soap action from C# code.
(btw its using non-standard api not available in projectserverservices.dll)
Below working action through a web browser:
curl 'http://servername/pwa/_vti_bin/PSI/ProjectServer.svc' -H 'AsmxRoutedCall: true' -H 'Origin: http://servername' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.9,pl;q=0.8' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Content-Type: text/xml; charset=UTF-8' -H 'Accept: */*' -H 'Referer: http://servername/pwa/Timesheet.aspx?tsUID=06b92bf0-806e-44d5-8c94-616c50471920&Source=http://servername/pwa/_layouts/pwa/timesheet/mytssummary.aspx' -H 'Cookie: ASP.NET_SessionId=kiihu1na3qifbojttxlauu3u; loginAsDifferentAttemptCount=; previousLoggedInAs=; PWA_Perf=0; OfflineClientInstalled=0; Ribbon.ContextualTabs.TiedMode.Home=1639690|-1|436|1720094216; PWA6637f161eb954cdc9bc621ab4641ce27CORPNET+AF8-TEST1=703012DE208D9FAF800770FA89647B17B21C3F5345D974ED344773B4049A0532D0757CD3B9103EEA8B41053A136ED4740A696A746CF5D3C5B272D0E94F935AF541C1EAD826B960CEBF9F63B6AB631A99576BD9DDE240346B12E247D3932E57CF850CD5066C0F360CDC2982E74C71D8727A2F2858B3DC9F0E9BAD53A90E9C3166BAC37B4853057B4ACD426B46AD1AF70E3C42406DAC090113F461529640E3E2EE3012C9339A62798236643998734757A0990F58F0B68483D4B3C0F570EDA809E2EDCA0AFC19333876B493CF6D43ECA43C9B6944D93C0DAAE641D32AAEFBF58DA878887838EE7BD87F9A9CDB0EFA09618EFDEFB7ED7E021A83EE1FB1B679D7D707A18C750AFEE9F63E844CBAB9B73B95389C56E46A2BE67C223A828AD2565966836B868C832F6D37FE35AFAE8D3003EEF2D91DE9A5DCE5C2E41C32AE4CF01A6A1C04A3405AC614089953C25D64CA44E016A7FD9958CB51339AE7BB542C291C5A44DDF61F33520BC62DED70E94FA48F4D157B714C9BFCE97DFC3338E1F6FCBEE8B310F137D612865B34B738087F4586FAFF30F2E15D70CBB96F969354B91B22B0FE11D3B12858B4778DF87F8F52FB4B6B9D0EDF16C6A84D783217EE81D780D59CAF40EE15B8EE2B6D89461C8DA6E7002D04CDA8EABE4C5DA4FEBD199A95A96A2D75F3FA9C14E2FEFE8B6C3D5C5D14D611A29FE5103226C8EDEDDC69A85B526DFEA6DB0EBEDCE8A4790E908C7251F0B7A3A8CEE0496C545AD8C58D77D29ED965A71D3E4227792E153BFE967B7A76EE2C92C86ABCE56D70E36F257C4B743F07CEA0E43F9A3CBC3F367D4257BF070AA654EAA07E182386CBFDBEE02D83C382504F844F15206643F3EAD946B392DBBDD41FFC412FBA06A8950A0D14588FF535B04B02BA0CCC5765F49C34541DCCA674E5DA4B3DBA75BA5CB208D0D7CBA8D7710315A6FD9D5DDDFA6C7D1A893F9FD6DD9DBF66DB545D9E73' -H 'Connection: keep-alive' -H 'SOAPAction: http://schemas.microsoft.com/office/project/server/webservices/PWA/TimeSheetSendGridUpdatesForSave' --data-binary '<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><TimeSheetSendGridUpdatesForSave xmlns="http://schemas.microsoft.com/office/project/server/webservices/PWA/"><jobUid>{f6880caf-9407-4454-ac60-84a30f57079c}</jobUid><tsUid>{06b92bf0-806e-44d5-8c94-616c50471920}</tsUid><changesJson>[{"updates":[{"type":2,"recordKey":"a81cc5f7-307a-46ce-a131-77e15468c29f","fieldKey":"TPD_col2a","newProp":{"dataValue":"600000","hasDataValue":true}},{"type":2,"recordKey":"a81cc5f7-307a-46ce-a131-77e15468c29f","fieldKey":"TPD_col2t","newProp":{"dataValue":"600000","hasDataValue":true}}],"changeNumber":1},{"updates":[{"type":2,"recordKey":"9f076a35-1394-4c6b-950a-aee4179febdc","fieldKey":"TPD_col2a","newProp":{"dataValue":"600000","hasDataValue":true}}],"changeNumber":2},{"updates":[{"type":2,"recordKey":"9f076a35-1394-4c6b-950a-aee4179febdc","fieldKey":"TPD_col2t","newProp":{"dataValue":"600000","hasDataValue":true}}],"changeNumber":3}]</changesJson><viewOptionsJson>{"dateFormat":3,"workFormat":2,"durationFormat":7,"filterType":5,"loadViewProperties":true,"newTasks":[],"importTasks":[],"removedLines":[]}</viewOptionsJson></TimeSheetSendGridUpdatesForSave></soap:Body></soap:Envelope>' --compressed --insecure
If i try to use it in a postman, it just does not work (Responds with 401 Not Authorized) using NTLM Auth (beta)
If i try to generate code from postman to C# (RestSharp) - same result 401
Any idea how should i create such a request?
I can use whatever technique, other than magic libraries (like projectserverservices.dll) :)

I have successfully authenticated the user by making a call from SOAP UI.
As disclosed, i was performing undocumented call (without WSDL) so to make such a request from SOAP UI you have to create empty REST project and add a wsdl endpoint to it.
If thats possible in SOAP UI then its for sure possible in C#.
Endpoint: http://servername
Resource: /pwa/_vti_bin/PSI/ProjectServer.svc
Headers:
AsmxRoutedCall: true
X-FORMS_BASED_AUTH_ACCEPTED: f
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
SOAPAction: http://schemas.microsoft.com/office/project/server/webservices/PWA/TimeSheetSendGridUpdatesForSave
Creating such call from C# is quite simple.
If you're using HttpClient just use
httpClient.UseDefaultCredentials = true
# or
httpclient.Credentials = new NetworkCredentials(username,password,domain)
If youre using RestSharp then use:
client.Authenticator = new NtlmAuthenticator(new NetworkCredential(username,password,domain));

Encoded page downloaded with wget?

I'm trying to mirror a site using :
wget --header 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8' --header 'upgrade-insecure-requests: 1' --header 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36' --header 'dnt: 1' --header 'accept-encoding: gzip, deflate, br' --header 'accept-language: en-US,en;q=0.9' --header 'cookie: _ga=GA1.2.3865356.1523153047; ........' -N -m -p -w 3 --convert-links 'mysite.com/
I've added a couple of headers and noticed that the recursive downloading was not happening. Just the initial index.html page is downloaded. When I looked at the page I see the screenshot. What is being downloaded here. How can I download regular html files instead?

If you add the option --server-response what do you see in the Content-Type header of the response? Is it anything like text/html?
P.S.: since you used the -m (i.e. --mirror) option you do not need to specify the flag -N as well.

Use curl to POST files on a two stages form - endomondo

I'm trying to build a simple bash script to automatically upload .gpx file to endomondo from my home made "smartskateboard" using a raspberry.
The steps to do this using a browser are :
-Login on the website (and browse to the right place)
-Select a local file and post it. (the file is uploaded and parsed by the server)
-Validate the track and chose the sport.
Here are some pictures :
http://i.stack.imgur.com/aH1Yr.png
http://i.stack.imgur.com/jQVXM.png
I tried to use chrome dev tools and this is what I'v done yet.
I have managed to get the curl command to post a message :
curl 'https://www.endomondo.com/rest/v1/users/12598/feeds/' -H 'Pragma: no-cache' -H 'Origin: https://www.endomondo.com' -H 'Accept-Encoding: gzip, deflate' -H 'X-CSRF-TOKEN: rd7g3v4jn7qb3tn850tadctgku' -H 'Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' -H 'Cache-Control: no-cache' -H 'Referer: https://www.endomondo.com/home' -H 'Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.9.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); USER_TOKEN=23EEE323B7AEA408yrCg5GoWVwn5pzcXtsVfJop8VgkqdNw9y6XCU1hTgcylJixgbmFwGy8k7IUp25N2CeS0aSn0B9R0B5KIcbwPK5HhL5znQwSCTQR%2FcV4xHZ8%3D; _dc_gtm_UA-273418-98=1; _gat=1; acceptCookies=1; _ga=GA1.2.146159703.1442243029' -H 'Connection: keep-alive' --data-binary '{"message":"I love sports and I dont care who know.","picture_keys":[]}' --compressed
Or, easier to see :
curl
'https://www.endomondo.com/rest/v1/users/12598/feeds/' -H
'Pragma: no-cache' -H
'Origin: https://www.endomondo.com' -H
'Accept-Encoding: gzip, deflate' -H
'X-CSRF-TOKEN: rd7g3v4jn7qb3tn850tadctgku' -H
'Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H
'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H
'Content-Type: application/json;charset=UTF-8' -H
'Accept: application/json, text/plain, */*' -H
'Cache-Control: no-cache' -H
'Referer: https://www.endomondo.com/home' -H
'Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.9.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); USER_TOKEN=23EEE323B7AEA408yrCg5GoWVwn5pzcXtsVfJop8VgkqdNw9y6XCU1hTgcylJixgbmFwGy8k7IUp25N2CeS0aSn0B9R0B5KIcbwPK5HhL5znQwSCTQR%2FcV4xHZ8%3D; _dc_gtm_UA-273418-98=1; _gat=1; acceptCookies=1; _ga=GA1.2.146159703.1442243029' -H
'Connection: keep-alive' --data-binary
'{"message":"I love sports and I dont care who know.","picture_keys":[]}' --compressed
But when I try to use the same "copy to cURL" technique to upload a gpx this is what I get :
curl 'https://www.endomondo.com/?x=0vBK0C*OVDu7aPYFZkE-CVgVIAFbs93VmWFtfCp7PaWi1ZSVu574S9sV8PL-3zjJUvnwjalxBcDaHd*-JuZnu52USOr5snwbRLbnzcTIw1AXlA-F028Z-Xs-0k5SWzAWYCg3I-wtaU3iwIxLLlrHgzW4j28xUw0QNh0zDH4z*Js&random=0.6610315972939134' -H 'Pragma: no-cache' -H 'Origin: https://www.endomondo.com' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H 'User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/xml' -H 'Cache-Control: no-cache' -H 'Referer: https://www.endomondo.com/?x=-Ut4ofqQrclJ*V-2TTUglw' -H 'Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; __utmt=1; _dc_gtm_UA-273418-98=1; _gat=1; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; USER_TOKEN=4E6208A8CF58143F9JU58ueFMl0S5AJJhA8kgpfKDUL50Siopic6W7lYJlfi8BVhAr0s8LCDSyHNXNGXGMFfFpaxkpf0p8Voa9OIjSFxhWLuAHzq35QK7WQoX94%3D; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; acceptCookies=1; _ga=GA1.2.146159703.1442243029; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.7.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)' -H 'Connection: keep-alive' -H 'Wicket-Ajax: true' --data 'id40_hf_0=&csrftoken=rd7g3v4jn7qb3tn850tadctgku&workoutRow%3A0%3Amark=on&workoutRow%3A0%3Asport=89&reviewSumbit=1' --compressed
Or :
curl '
https://www.endomondo.com/?x=0vBK0C*OVDu7aPYFZkE-CVgVIAFbs93VmWFtfCp7PaWi1ZSVu574S9sV8PL-3zjJUvnwjalxBcDaHd*-JuZnu52USOr5snwbRLbnzcTIw1AXlA-F028Z-Xs-0k5SWzAWYCg3I-wtaU3iwIxLLlrHgzW4j28xUw0QNh0zDH4z*Js&random=0.6610315972939134' -H '
Pragma: no-cache' -H '
Origin: https://www.endomondo.com' -H '
Accept-Encoding: gzip, deflate' -H '
Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H '
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5' -H '
Content-Type: application/x-www-form-urlencoded' -H '
Accept: text/xml' -H '
Cache-Control: no-cache' -H '
Referer: https://www.endomondo.com/?x=-Ut4ofqQrclJ*V-2TTUglw' -H '
Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; __utmt=1; _dc_gtm_UA-273418-98=1; _gat=1; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; USER_TOKEN=4E6208A8CF58143F9JU58ueFMl0S5AJJhA8kgpfKDUL50Siopic6W7lYJlfi8BVhAr0s8LCDSyHNXNGXGMFfFpaxkpf0p8Voa9OIjSFxhWLuAHzq35QK7WQoX94%3D; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; acceptCookies=1; _ga=GA1.2.146159703.1442243029; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.7.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)' -H '
Connection: keep-alive' -H '
Wicket-Ajax: true' --data '
id40_hf_0=&csrftoken=rd7g3v4jn7qb3tn850tadctgku&workoutRow%3A0%3Amark=on&workoutRow%3A0%3Asport=89&reviewSumbit=1' --compressed
I get :
<ajax-response><redirect><![CDATA[error]]></redirect></ajax-response>
So I didn't even been able to try to submit it with the second command :
curl 'https://www.endomondo.com/?x=WlHAHVtjhk33-6IZe8pKNMcha8tKpVMtc7*LCDzjZIEH14OF2*ZrTz5U6XsxRTk3xhNTap*KHozta0ZwGX4renCl4kla788HolvOCWj8Yz9gkvwj2Yngw-hgnzScvIqHiZAZFeNpfszko*MwYqk2W2GbbT2zy9AALpIO4IAb1lw&random=0.6173482222948223' -H 'Pragma: no-cache' -H 'Origin: https://www.endomondo.com' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: en-US,en;q=0.8,fr-FR;q=0.6,fr;q=0.4' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/xml' -H 'Cache-Control: no-cache' -H 'Referer: https://www.endomondo.com/?x=C-bb6EzoU1JGg3brORVo4w' -H 'Cookie: CSRF_TOKEN=rd7g3v4jn7qb3tn850tadctgku; EndomondoApplication_AUTO=; EndomondoApplication_AUTH="440BDF49EEB9D76EURIPamw77KUpPuQyzORKeykOJHruw8sKNRBWWA0HJ7BP6kfWNLgIy0ZrtapJam0G7F4xt7lZB7M%2FGp7aHoGLRcuXFnNE2UqIonAMHmNL6Nc%3D"; EndomondoApplication_USER="test%40test.test"; JSESSIONID=D44DF5952D9FB9ECB5770809674604BC; AWSELB=13FDC17D1C2B68745BCB41EBB6BDDC3DB8274D93D6BFB2FED334D90D6839B6C1C83CB494F784DFC9E02CB65D818CE77DB9BD0EC99020A8445EE98B4DBDFCA6E4A764395BA73DF1CBDA0BA244DD4CE2E654387EB981; acceptCookies=1; _ga=GA1.2.146159703.1442243029; __utma=162144232.146159703.1442243029.1451137760.1451149929.4; __utmb=162144232.9.10.1451149929; __utmc=162144232; __utmz=162144232.1442243029.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); USER_TOKEN=23EEE323B7AEA408yrCg5GoWVwn5pzcXtsVfJop8VgkqdNw9y6XCU1hTgcylJixgbmFwGy8k7IUp25N2CeS0aSn0B9R0B5KIcbwPK5HhL5znQwSCTQR%2FcV4xHZ8%3D' -H 'Connection: keep-alive' -H 'Wicket-Ajax: true' --data 'id56_hf_0=&csrftoken=rd7g3v4jn7qb3tn850tadctgku&workoutRow%3A0%3Amark=on&workoutRow%3A0%3Asport=8&reviewSumbit=1' --compressed
I guess there should be a cleaner way to do this, but I don't know where to start.
Thanks for reading, feel free to ask more details.
Have a great day.
François

How to enable/disable action rules in VAPIX 3?

Does somebody faced VAPIX 3 api? I need to enable/disable action rules for camera. Leafing through some api from the internet i have not found any specific information for action rules, so i sniffed requests from web-panel. On required action it sends 4 soap requests:
curl 'http://**.***.***.***:****/vapix/services?timestamp=1395407004744'
-X POST -H 'Host: **.***.***.***:****'
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
-H 'Accept-Language: en-US,en;q=0.5'
-H 'Accept-Encoding: gzip, deflate'
-H 'SOAPAction: http://www.axis.com/vapix/ws/action1/RemoveActionRule'
-H 'Content-Type: text/xml; charset=utf-8'
-H 'Referer: http://**.***.***.***:****/operator/action_rule_setup.shtml?doAction=modify&ruleId=18&timestamp=1395406986842'
curl 'http://**.***.***.***:****/vapix/services?timestamp=1395407005154'
-X POST -H 'Host: **.***.***.***:****'
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
-H 'Accept-Language: en-US,en;q=0.5'
-H 'Accept-Encoding: gzip, deflate'
-H 'SOAPAction: http://www.axis.com/vapix/ws/action1/RemoveActionConfiguration'
-H 'Content-Type: text/xml; charset=utf-8'
-H 'Referer: http://**.***.***.***:****/operator/action_rule_setup.shtml?doAction=modify&ruleId=18&timestamp=1395406986842'
curl 'http://**.***.***.***:****/vapix/services?timestamp=1395407005333'
-X POST
-H 'Host: **.***.***.***:****'
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
-H 'Accept-Language: en-US,en;q=0.5'
-H 'Accept-Encoding: gzip, deflate'
-H 'SOAPAction: http://www.axis.com/vapix/ws/action1/AddActionConfiguration'
-H 'Content-Type: text/xml; charset=utf-8'
-H 'Referer: http://**.***.***.***:****/operator/action_rule_setup.shtml?doAction=modify&ruleId=18&timestamp=1395406986842'
curl 'http://**.***.***.***:****/vapix/services?timestamp=1395407005575'
-X POST
-H 'Host: **.***.***.***:****'
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
-H 'Accept-Language: en-US,en;q=0.5'
-H 'Accept-Encoding: gzip, deflate'
-H 'SOAPAction: http://www.axis.com/vapix/ws/action1/AddActionRule'
-H 'Content-Type: text/xml; charset=utf-8'
-H 'Referer: http://**.***.***.***:****/operator/action_rule_setup.shtml?doAction=modify&ruleId=18&timestamp=1395406986842'
Do i really need to delete/create actions for disable/enable it ?

Yes, you need to create/recreate action rules in order the enable or disable them. If you look at the SOAP actions generated form the web interface, it actually does the same.
One work-around would be to combine the conditions in your rule with a virtual (or even non-virtual) input. The input is stateful and can be toggled with the ChangeVirtualInputState method in the EventService. You need to check if your camera supports inputs, though.