This post is by a banned member (_treva) - Unhide
OP 10 July, 2021 - 04:23 AM
(This post was last modified: 14 July, 2022 - 07:39 PM by _treva. Edited 2 times in total.)
Reply
This post is by a banned member (FIB01nacci) - Unhide
10 July, 2021 - 04:24 AM
(This post was last modified: 10 July, 2021 - 04:25 AM by FIB01nacci. Edited 1 time in total.)
Reply
you need to capture an updated official request, and copy the headers. and fill with the info you need.
This post is by a banned member (_treva) - Unhide
OP 10 July, 2021 - 04:29 AM
Reply
Sorry it's an authorization bearer token(don't know if that makes a difference), do I need to login every time to capture the new token before sending a request to that website?
This post is by a banned member (FIB01nacci) - Unhide
10 July, 2021 - 04:33 AM
(This post was last modified: 10 July, 2021 - 04:34 AM by FIB01nacci.)
Reply
(10 July, 2021 - 04:29 AM)_treva Wrote: Show MoreSorry it's an authorization bearer token(don't know if that makes a difference), do I need to login every time to capture the new token before sending a request to that website?
Yes, or you have to interact with the api, do you use postman?
token bearer is generated per transaction or session, have a life span
This post is by a banned member (_treva) - Unhide
OP 10 July, 2021 - 04:34 AM
(This post was last modified: 10 July, 2021 - 04:37 AM by _treva. Edited 1 time in total.)
Reply
(10 July, 2021 - 04:33 AM)FIB01nacci Wrote: Show More (10 July, 2021 - 04:29 AM)_treva Wrote: Show MoreSorry it's an authorization bearer token(don't know if that makes a difference), do I need to login every time to capture the new token before sending a request to that website?
Yes, or you have to interact with the api, do you use postman?
I was just sending a simple get httpwebrequest, with the auth attached in the header that i got from the login but didn't reveal any data, haven't heard of postman
This post is by a banned member (FIB01nacci) - Unhide
10 July, 2021 - 04:38 AM
Reply
(10 July, 2021 - 04:34 AM)_treva Wrote: Show More (10 July, 2021 - 04:33 AM)FIB01nacci Wrote: Show More (10 July, 2021 - 04:29 AM)_treva Wrote: Show MoreSorry it's an authorization bearer token(don't know if that makes a difference), do I need to login every time to capture the new token before sending a request to that website?
Yes, or you have to interact with the api, do you use postman?
I was just sending a simple get httpwebrequest, haven't heard of postman
in postman you can "copy curl" that transaction from your explorer (chrome, firefox) or use fiddler or any https sniffer if device and you'll see all headers and token, maybe cookie involved, read postman documentation.
This post is by a banned member (_treva) - Unhide
OP 10 July, 2021 - 04:45 AM
Reply
(10 July, 2021 - 04:38 AM)FIB01nacci Wrote: Show More (10 July, 2021 - 04:34 AM)_treva Wrote: Show More (10 July, 2021 - 04:33 AM)FIB01nacci Wrote: Show MoreYes, or you have to interact with the api, do you use postman?
I was just sending a simple get httpwebrequest, haven't heard of postman
in postman you can "copy curl" that transaction from your explorer (chrome, firefox) or use fiddler or any https sniffer if device and you'll see all headers and token, maybe cookie involved, read postman documentation.
I've got the bearer token manually from login with developer tools
This is the code I've tried have so far:
Code:
Dim request As HttpWebRequest = HttpWebRequest.Create("https://www.hellofresh.co.nz/gw/vouchers/" & _coupon & "?country=NZ&locale=en-NZ")
request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
request.Headers.Add(HttpRequestHeader.Authorization, "Bearer " & _bearer)
Dim response As HttpWebResponse = request.GetResponse
Dim responsestream As New StreamReader(response.GetResponseStream)
Dim text As String = responsestream.ReadToEnd
Dim data = text
responsestream.Close()
request.Abort()
response.Close()
Console.WriteLine(data)
Console.Read()
but keep getting 403 forbidden
This post is by a banned member (FIB01nacci) - Unhide
10 July, 2021 - 05:13 AM
Reply
(10 July, 2021 - 04:45 AM)_treva Wrote: Show More (10 July, 2021 - 04:38 AM)FIB01nacci Wrote: Show More (10 July, 2021 - 04:34 AM)_treva Wrote: Show Morebut keep getting 403 forbidden
ok, the process is the same any site, any url, so i will show you with some random url.
(download postman Postman url is free up 3 members, just choose the first option. It is multiplatform.)
now copy curl like this from network dev tab
![[Image: postman.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2F1.bp.blogspot.com%2F-AkUvAFdMXHs%2FYOkOT0V9wKI%2FAAAAAAAAA9Q%2FIcazQwBHynM8QGCR3yXZ2ORHzzHHzuK8ACLcBGAsYHQ%2Fs16000%2Fpostman.png)
it produces as result something like this:
Quote:curl 'https://global.edge.bamgrid.com/paywall?' \
-H 'authority: global.edge.bamgrid.com' \
-H 'sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"' \
-H 'x-bamsdk-platform: windows' \
-H 'x-bamsdk-client-id: disney-svod-3d6664fc' \
-H 'x-application-version: 1.1.2' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'authorization: Bearer eyJraWQiOiI4ODA0OGI3MS1jMjhlLTQ5MDQtYWMw6663NzdiMTFmNzUyNDAiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJ1cm46YmFtdGVjaDpzZXJ2aWNlOnRva2VuIiwicGFydG5lck5hbWUiOiJkaXNuZXkiLCJlbnYiOiJwcm9kIiwic3ViIjoiNmU5NWQwZTktNzQ0Zi00OGYxLWJlMTYtYTFmMTM0ZmE1ZGU0IiwiaWF0IjoxNjI1ODg2MDQ5LCJuYmYiOjE2MjU4ODYwNDksImV4cCI6MTYyNTkwMDQ0OSwianRpIjoiZjk2N666ZDAtOGQwMS00ZmE1LWI1ZjgtNTY5OTk5M2JmZjNmIiwiY29udGV4dCI6eyJ2ZXJzaW9uIjoiVjIuMC4wIiwiaWQiOiIwN2FlMmEzMC1lMTJiLTExZWItYjI4My0wMjQyYWMxMTAwMDgiLCJwYXJ0bmVyIjp7Im5hbWUiOiJkaXNuZXkifSwidHlwZSI6IlJFR0lTVEVSRUQiLCJpcF9hZGRyZXNzIjoiMTkwLjE0MC41Ny4xODUiLCJkZXZpY2UiOnsiaWQiOiJlZTE5ODE1Mi1jYzRkLTQ4NzgtYTE0NS1hM2FlNzFiZTgwZTgiLCJwbGF0Zm9ybSI6ImJyb3dzZXIiLCJ0eXBlIjoidXJuOmRzczpkZXZpY2U6aW50ZXJuYWwiLCJhcHBfcnVudGltZSI6ImNocm9tZSIsImZhbWlseSI6ImJyb3dzZXIiLCJwc666aWxlIjoid2luZG93cyIsIm1vZGVsIjoiIn0sImxvY2F0aW9uIjp7InR5cGUiOiJDT1VOVFJZX0NPREUiLCJ6aXBfY29kZSI6IiIsImNvdW50cnlfY29kZSI6IlBBIiwiZG1hIjowLCJjaXR5X25hbWUiOiIiLCJhc24iOjE4ODA5LCJyZWdpb25fbmFtZSI6IiIsInN0YXRlX25hbWUiOiIiLCJjb25uZWN0aW9uX3R5cGUiOiJjYWJsZSIsImNhcnJpZXIiOiJjYWJsZSBvbmRhIn0sImFjY291bnQiOnsidHlwZSI6InVybjpiYW10ZWNoOmFjY291bnQiLCJpZCI6IjZlOTVkMGU5LTc0NGYtNDhmMS1iZTE2LWExZjEzNGZhNWRlNCIsImRhdGEiOnt9LCJsb2NhdGlvbnMiOnsicHVyY2hhc2UiOnsiY291bnRyeSI6IlVTIn0sInJlZ2lzdHJhdGlvbiI6eyJjb3VudHJ5IjoiVVMifX19LCJwcm9maWxlcyI6W3siYWN0aXZlIjp0cnVlLCJ0eXBlIjoidXJuOmJhbXRlY2g6cHJvZmlsZSIsImlkIjoiZTBiNmFkZmMtN2JmYy00MTZjLTgzNjEtNzE1OGQ2NzY2NWFjIiwicGFyZW50YWxfY29udHJvbHMiOnsiZW5hYmxlZCI6dHJ1ZSwibWF0dXJpdHlfcmF0aW5nIjp7InJhdGluZ19zeXN0ZW0iOiJNUEFBQW5kVFZQRyIsImNvbnRlbnRfbWF0dXJpdHlfcmF0aW5nIjoiVFYtMTQiLCJpbXBsaWVkX21hdHVyaXR5X3JhdGluZyI6MH0sImlzX2FnZTIxX3ZlcmlmaWVkIjpmYWxzZSwiaXNfcGluX3Byb3RlY3RlZCI6ZmFsc2UsInBpbl9lbnRyeV9leHBpcmVzX2F0666iIn0sImtpZHNfbW9kZV9lbmFibGVkIjpmYWxzZSwibGFuZ3VhZ2VfcHJlZmVyZW5jZXMiOnsiYXBwX2xhbmd1YWdlIjoiZW4iLCJwbGF5YmFja19sYW5ndWFnZSI6ImVuIiwic3VidGl0bGVfbGFuZ3VhZ2UiOiJlbiJ9LCJhdmF0YXIiOnsiaWQiOiI4MDYzNzA1Ni1iOTI4LTU2ZGQtYTg4OS0zYzlkNGM2YjYzOGYifSwicGxheWJhY2tfc2V0dGluZ3MiOnsicHJlZmVyXzEzMyI6ZmFsc2V9LCJncm91cF93YXRjaCI6eyJlbmFibGVkIjpmYWxzZX19XSwiYWN0aXZlX3Byb2ZpbGVfaWQiOiJlMGI2YWRmYy03YmZjLTQxNmMtODM2MS03MTU4ZDY3NjY1YWMiLCJnZW5lcmF0ZWRfb24iOiIyMDIxLTA3LTEwVDAzOjAwOjQ5LjM2NiswMDAwIiwidXBkYXRlZF9vbiI6IjIwMjEtMDctMTBUMDM6MDA6NDkuMzY2KzAwMDAiLCJleHBpcmVzX29uIjoiMjAyMS0wNy0xMFQwNzowMDo0OS4zNjYrMDAwMCIsIm1lZGlhX3Blcm1pc3Npb25zIjp7ImVudGl0bGVtZW50cyI6WyJESVNORVlfUExVUyJdLCJydWxlcyI6eyJwYXNzZWQiOltdfSwiZGF0YSI6e319LCJibGFja291dHMiOnsiZW50aXRsZW1lbnRzIjpbXSwicnVsZXMiOnsidmlvbGF0ZWQiOltdfSwiZGF0YSI6e319LCJob21lX2xvY2F0aW9uIjp7InR5cGUiOiJDT1VOVFJZX0NPREUiLCJ6aXBfY29kZSI6IiIsImNvdW50cnlfY29kZSI6IlVTIiwiZG1hIjowLCJjaXR5X25hbWUiOiIiLCJhc24iOjAsInJlZ2lvbl9uYW1lIjoiIiwic3RhdGVfbmFtZSI6IiIsImNvbm5lY3Rpb25fdHlwZSI6IiIsImNhcnJpZXIiOiIifSwic3Vic2NyaXB0aW9ucyI6W3siZW50aXRsZW1lbnRzIjpbIkRJU05FWV9QTFVTIl0sImNhbm9uaWNhbFNvdXJjZSI6eyJ0eXBlIjoiSUFQIiwicHJvdmlkZXIiOiJBUFBMRSIsInN1YlR5cGUiOiIiLCJyZWYiOiIzNDAwMDA0MjM3NzY2NzMifSwiaWQiOiJ1cm46YmFtdGVjaG1lZGlhOnN1YnNjcmlwdGlvbi1hcGk6c3Vic2NyaXB0aW9uOklBUDpBUFBMRTozNDAwMDA0MjM3NzY2NzMiLCJleHBpcmVzX29uIjoiIiwicmVuZXdzX29uIjoiMjAyMS0wNy0yMlQyMTo1OToxNC4wMDBaIn1dLCJzdXBwb3J0ZWQiOnRydWUsImNvdW50cnlfc2V0dGluZ3MiOnsiY29kZSI6IlBBIiwidGltZXpvbmUiOnsibmFt6666IkFtZXJpY2EvUGFuYW1hIiwidXRjX29mZnNldCI6Ii0wNTowMCJ9LCJyYXRpbmdfc3lzdGVtcyI6WyJjdXN0b206ZGlzbmV5cGx1czpsYXRhbSJdfSwiZXhwZXJpbWVudHMiOnsid3BueC1EaXNuZXktSldFLWFjY291bnQtYWNjZXNzLXRva2VucyI6eyJ2YXJpYW50X2lkIjoiY29udHJvbCIsInZlcnNpb24iOjF9LCJ3cG54LXZzZl9zYXZlIjp7InZhcmlhbnRfaWQiOiJjZG5GYWxsYmFjayIsInZlcnNpb24iOjF9fSwicHJlZmVycmVkX21hdHVyaXR5X3JhdGluZyI6eyJyYXRpbmdfc3lzdGVtIjoiRGlzbmV5UGx1c0xBVEFNIiwiaW1wbGllZF9tYXR1cml0eV9yYXRpbmciOjE0OTksInByb2ZpbGVfaGFzX21hdHVyaXR5X3Jh666uZyI6dHJ1ZX0sImlkZW50aXR5Ijp7ImlkIjoiYWQ3NGZjYmEtMzNmYS00MGI5LWFiMmMtNDRmZjU4OGY1ZmQ2In19fQ.Rl3ApmyoprCBlv4owcgh0D04z8ohR0MffGClAtV47sSLJxFTCfo7kXy8vCnH1X2XfypZvKtlh8VUQLuXvbs8BQ' \
-H 'content-type: application/json; charset=utf-8' \
-H 'x-bamsdk-version: 8.0' \
-H 'accept: application/vnd.paywall-service+json; version=4' \
-H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36' \
-H 'x-dss-edge-accept: vnd.dss.edge+json; version=2' \
-H 'origin: https://www.disneyplus.com' \
-H 'sec-fetch-site: cross-site' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-dest: empty' \
-H 'referer: https://www.disneyplus.com/' \
-H 'accept-language: en-US,en;q=0.9,es;q=0.8,es-419;q=0.7,es-MX;q=0.6' \
--compressed
That curl, helps you to imitate the request, just like the original one does.
First, test the the one you just copy, to know if it works.
like this
![[Image: postman2.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2F1.bp.blogspot.com%2F-cPC0Dgsyg3I%2FYOkP3pOeQzI%2FAAAAAAAAA9c%2F7yyMFJkfo_0_XF7Sl5_ykXQtU5OAtfXZwCLcBGAsYHQ%2Fs16000%2Fpostman2.png)
and paste the curl in raw text
![[Image: postman3.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2F1.bp.blogspot.com%2F-PJrVX7OFYMo%2FYOkP3nBsCGI%2FAAAAAAAAA9Y%2FPN3OmVAu6Ks_KtmG1PWII4nTIUSAOrAzACLcBGAsYHQ%2Fs16000%2Fpostman3.png)
Continue
and now just press send.
As i told you read postman documentation for more help.
|
