如何使用 REST 控制台对 http API 调用进行逆向工程 [英] how to reverse engineer an http API call using REST console
问题描述
我正在尝试使用 chrome (注意:所以这里没有任何违法行为......我只是用一个休息客户端动作替换了一个 chrome 浏览器动作......我没有攻击任何人,我没有得到我无法得到的信息正常的方式,但如果有人有不同的感觉..请告诉我)..
所以我将与上面相同的参数插入到其余控制台中:
现在我不确定身份验证..但为了安全起见,我在 REST 控制台中输入了与该站点相同的用户名和密码:
但随后我不断收到错误消息作为对我的休息控制台请求的响应:
<小时>更新:正确答案:所以根据 JMTyler's answer.. 我必须简单地在 RAW 正文中包含条件,并将其转换为 url 编码.. 除此之外,我必须在其余控制台正文中显式设置编码..
更仔细地查看 chrome 检查器,结果发现我只需要点击 view source:
获取我需要放入 RAW 正文中的 url 编码值:
我还必须将 encoding 设置为 gzip,deflate,sdch 并且一切正常!
表单在 criteria 字段下发布所有 JSON.您可以在您发布的 chrome 开发控制台的屏幕截图中看到这一点.
只需使用 criteria= 在休息控制台中启动您的原始正文,并确保 json 已进行 url 编码.应该这样做.
不需要身份验证,因为没有通过屏幕截图中的标题传递.您在正常加载页面时拥有的任何 cookie 也会通过 rest 控制台加载,因此您无需担心显式设置它们.
I'm trying to replicate a request I make on a website (ie zoominfo.com) using the same http POST parameters using chrome rest console, but it fails for some reason. I'm not sure if there is a missing field or it's not working because the origin of the request isn't valid.. can someone point me out in the right direction? Below is a detailed explanation of the experiment:
ORIGINAL CASE
basically if I go to zoominfo.com (registered and all) I see a form page that I need to fill:
if I hit enter.. the site makes an ajax call. If I open the chrome web dev tools, and open the network tab, I see the details of the ajax call:
notice the body of the POST has the name John Becker in it:
{"boardMember":{"value":"Include","isUsed":true},"workHistory":{"value":"CurrentAndPast","isUsed":true},"includePartialProfiles":{"value":true,"isUsed":true},"personName":{"value":"john%20becker","isUsed":true},"lastUpdated":{"value":0,"isUsed":true}}
the response is shown under the respones tag:
WHAT I'M TRYING TO DO
basically replicate what i've done above using a REST console (note: so there is nothing illegal here.. i'm just replacing a chrome browser action with a rest client action.. i'm not hacking anyone and i'm not getting information I can't get the normal way, but if someone feels otherwise.. please let me know)..
so I plug in the same parameters as above into the rest console:
now i'm not sure about authentication.. but just to be safe, i entered the same user name and pwd i have for the site into the REST console:
but then I keep on getting an error as a response to my rest console's request:
UPDATE: CORRECT ANSWER: so according to JMTyler's answer.. I had to simply include criteria in the RAW body, and convert it to url encoding.. in addition to that, I had to explicitly set the encoding in the rest console body..
looking at the chrome inspector more closely, it turns out that I simply had to click on view source:
to get the url-encoded value that I needed to put in the RAW body in the rest console:
I also had to set encoding to gzip,deflate,sdch and things worked fine!
The form is posting all that JSON under the field criteria. You can see this in the screencap of the chrome dev console you posted.
Just start your raw body in rest console with criteria= and make sure the json has been url-encoded. That should do it.
No authentication is needed because none is passed through the headers in your screencap. Any cookies you have when you load the page normally will also be loaded through rest console, so you don't need to worry about explicitly setting them.
这篇关于如何使用 REST 控制台对 http API 调用进行逆向工程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
