We Keep Coding

Python Script to post Authorization Header to specific IP/port

I need a python script that posts a given Authorization Bearer header to a specific ipand port.
This is what I have so far.
#!/usr/bin/python
import urllib3
import certifi
http = urllib3.PoolManager(ca_certs=certifi.where())
url = 'http://172.10.10.2:3000'
req = http.request('POST', url, fields={'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbWQiOiJscyR7SUZTfS1sYSR7SUZTfS90bXAvbmMifQ.EziCTtJn1PpPXvemJllF36w7ADNkhKiktZ5sv9ADR3o'})
print(req.data.decode('utf-8'))
I currently get an error when running this stating that the Required authorization token is not found
The bearer code is created manually and then input into the script, if there was a way to import that from the site I create it on that would be helpful.
What I need the output to be in this -
GET / HTTP/1.1
Host: 172.10.10.2:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbWQiOiJpcCR7SUZTfWEifQ.RkoZinBcg2_5HRGgv1AtErhscIVBRv2hUcGIF08ZlCM

How to call Laravel API from Python correctly

I am using Laravel 8 and Sanctum and attempting to make an API call from Python into the Laravel app.
I don't seem to be sending the request variables correctly from python as they are not being picked up as $request->variable (see "auction_item_id":null in Laravel log below) however they do show up in the request (see below Laravel log).
Is this a problem with the python request header?
Python:
import requests
import re
import json
############## LOGIN ####################
url = 'http://127.0.0.1:8082/api/apilogin'
data = {
'email': 'user#email.com',
'password': 'password'}
r = requests.post(url, data=data)
user = json.loads(r.text)
############## MAKE REST API CALL using login token from prior call ####################
url2 = 'http://127.0.0.1:8082/api/beginlivebiddingforitemAPI'
token = "Bearer " + user["token"]
headers = {"Authorization": token, 'Accept': 'application/json'}
data = {
'auction_id' : 103,
'auction_item_id' : 1224
}
rr = requests.get(url2, data=data, headers=headers)
AuctionBidsController:
public function beginlivebiddingforitem (Request $request){
Log::info("AuctionBidsController#beginlivebiddingforitem", ['auction_item_id' => $request->auction_item_id]);
Api.php:
Route::post('/apilogin', 'UsersController#APIlogin');
Route::middleware(['auth:sanctum'])->group(function () {
Route::get('/beginlivebiddingforitemAPI', 'AuctionBidsController#beginlivebiddingforitem');
});
Laravel log:
[2020-11-06 16:46:44] local.INFO: AuctionBidsController#beginlivebiddingforitem {"auction_item_id":null,"request":{"Illuminate\\Http\\Request":"GET /api/beginlivebiddingforitemAPI HTTP/1.1
Accept: application/json
Accept-Encoding: gzip, deflate
Authorization: Bearer 100|3EjawNPRinapHXxZvDirzyKM73AzeuJC8OTP6xOZ
Connection: keep-alive
Content-Length: 35
Content-Type: application/x-www-form-urlencoded
Host: 127.0.0.1:8082
User-Agent: python-requests/2.23.0
auction_id=103&auction_item_id=1224"}}
^^^^^^^^^^^^^^^
THEY ARE HERE
** But look at "auction_item_id":null **
Here is what a normal request looks like inside laravel:
[2020-11-06 18:34:56] local.INFO: AuctionBidsController#beginlivebiddingforitem {"auction_item_id":"1223","request":{"Illuminate\\Http\\Request":"GET /beginlivebiddingforitem?auction_id=103&auction_item_id=1223 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Cookie: laravel_cookie_consent=1; _ga=GA1.1.1339345323.1594720189; PGADMIN_INT_KEY=129e52c8-dddd-41a0-bc43-53e91dec5402; pga4_session=1c3a240a-46a1-4a9e-8e25-d489bb8ddddddddNltIXmby1M+34KepOYCsGAsY=; PGADMIN_LANGUAGE=en; _gid=GA1.1.1579327561.1604514920; _gat_gtag_UA_170463940_1=1; XSRF-TOKEN=eyJpdiI6ImIxT00yWW54REE2emVQSEpZZzZRRmc9PSIsInZhbHVlIjoiWmlCZGhia1pxeVJ0TmU4NGRBV2xMUURsS21RT0cyWGZUYddddddddddddddddddddddU9oUHg3cGQrdWZhd2gybnRCZ0xUajcwdEhuREh5OE5FcWkzV2tWb3lKOTRwUlljWld4TE9KL3BiMFp0M1dzeklmY2VhaEUiLCJtYWMiOiI0OWZhYmE3ZWM0ZjFhNTU5OWM1ZWE1MmY0MmIyMWQ3YTU1YzE3MmI0NWM1YjY0NTE0MzdhYTVmOWNmODIzMWVlIn0%3D; icollect_session=eyJpdiI6Ik5xSlAzR3NaZUR4QUhxV0RBRFBvd2c9PSIsInZhbHVlIjoianJLbFdVUDJCL2FKZEo5NTFUMElVUFJMRm9BdddddddddddddddHdYL3Arc3Avc1JTcUE5RmNPZ1J2MUVxblFUbmREcHJJeUZJaHZNVzJHTVNhR2p6Snp6M2JkQXJObE9BQU91Si9RbVIzRXMiLCJtYWMiOiI5MzcwMjc5ZWQ0MDE5ZDk2NTVmYmJjNGQ5NWYzMGY2YTVkMDI5YWQ0YTlkNGU1YTUyZTIyYzhkODU4NjNiNDA2In0%3D
Dnt: 1
Host: 127.0.0.1:8082
Referer: http://127.0.0.1:8082/bidliveauctioneer/103
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.80 Safari/537.36 Edg/86.0.622.43
X-Csrf-Token: wrdZoCDCVeqddddzVxAxByw183bFMuddddP4QBKy
X-Requested-With: XMLHttpRequest
X-Socket-Id: 9357.547174
Cookie: laravel_cookie_consent=1; _ga=; PGADMIN_INT_KEY=; pga4_session=; PGADMIN_LANGUAGE=; _gid=; _gat_gtag_UA_170463940_1=; XSRF-TOKEN=wrdZoCDCVeqddddzVxAxByw183bFMuddddP4QBKy; icollect_session=Qx2QddddNvlIg3ogQ596BdddducrFk4Bmi0nLA89
**note that variables occur right after the GET
GET /beginlivebiddingforitem?auction_id=103&auction_item_id=1223 **

I was using data = data and it's params = data on requests.get(url2, params=data, headers=headers).
Source: https://requests.readthedocs.io/en/master/user/quickstart

HTTP Digest authentication python

My goal is to access a website that uses HTTP authentication using python. I can open the website from my web browser and the header tells me that I should use HTTBDigestAuth:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Authorization: Digest username="user", realm="CG Downloads", nonce="cTN0pKxqBQA=e46ad250f42f73e9076ebc97c417f0d38bac094a", uri="/fileadmin/teaching/2017/WS/adip/exercises/adip-uebung-00-.pdf", algorithm=MD5, response="5a57ddbcd1b20444100a91b1967a2782", qop=auth, nc=00000001, cnonce="5a6b041b4113bb9a"
Connection: keep-alive
Cookie: fe_typo_user=76b7e7e25372f782d94e91b51b854568
Host: cg.cs.uni-bonn.de
Referer: http://cg.cs.uni-bonn.de/de/lehre/ws-2017/vorlesung-algorithmisches-denken-und-imperative-programmierung/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
However when I try to go the the page using requests and HTTPDigestAuth I get "401 Unauthorized" as a response.
import logging
import requests
from requests.auth import HTTPDigestAuth
try:
import httplib
except ImportError:
import http.client as httplib
httplib.HTTPConnection.debuglevel = 1
logging.basicConfig(level=logging.DEBUG)
url = 'http://cg.cs.uni-bonn.de/fileadmin/teaching/2017/WS/adip/exercises/adip-uebung-00-.pdf'
response = requests.get(url, auth=HTTPDigestAuth('user', 'pass'),
timeout=10)
print(response.status_code)
print(response.headers)
print(r.text)
Am I using the wrong authorization method or is my code wrong? I appreciate any help you can give me.
EDIT:
I am trying to access sites on cg.cs.uni-bonn.de, for example http://cg.cs.uni-bonn.de/fileadmin/teaching/2017/WS/adip/exercises/adip-uebung-00-.pdf

You just need to pass values to auth=HTTPDigestAuth('user', 'pass') like this:
user = 'admin' # change to your username
pass = '123456' # change to your password
...
response = requests.get(url, auth=HTTPDigestAuth(user, pass),
timeout=10)
...

Posting image using requests on python

I'm trying to upload an image using requests on python.
This is what I send using browser
POST /upload-photo/{res1}/{res2}/{res3}/ HTTP/1.1
Host: tgt.tgdot.com
Connection: keep-alive
Content-Length: 280487
Authorization: Basic {value}=
Accept: */*
Origin: http://tgt.tgdot.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryA8sGeB48ZZCvG127
Referer: http://tgt.tgdot.com/{res1}/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,es;q=0.6
Cookie: fttoken={cookie_value}
This is my code
with open(os.getcwd()+"/images/thee1.JPG", "rb") as image_file:
encoded_image = base64.b64encode(image_file.read())
headers = {"Content-Type":"multipart/form-data", "Authorization":"Basic " + authvalue}
cookie = {cookiename: token.value}
r = requests.post(url, headers =headers, cookies = cookie, params=encoded_image)
print r.request.headers
print r.status_code
print r.text
I keep getting 414 Request-URI Too Large
I'm not sure what's missing here. I would really appreciate help

You are encoding the whole image into the request parameters, effectively extending the URL by the length of the image.
If you already encoded the image data, use the data parameter:
r = requests.post(url, headers=headers, cookies=cookie, data=encoded_image)
Note that requests can encode multipart/form-data POST bodies directly, there is no need for you to encode it yourself. Use the files parameter in that case, passing in a dictionary or sequence of tuples. See the POST Multiple Multipart-Encoded Files section of the documentation.
The library can also handle a username and password pair to handle the Authorization header; simply pass in a (username, password) tuple for the auth keyword argument.
Encoding an image to Base64 is not sufficient however. Your content-type header and your POST payload are not matching. You'd instead post the file with a field name:
with open(os.getcwd()+"/images/thee1.JPG", "rb") as image_file:
files = {'field_name': image_file}
cookie = {cookiename: token.value}
r = requests.post(url, cookies = cookie, files=files, auth=(username, password)

Problems with Twitter REST API 1.1 - App Auth only response 403 Error with Python

I'm trying to connect to the twiiter API through a POST request as the docs say but I always get a 403 forbidden error.
This is my code. I'm using urlib2 in python 2.7:
def auth_API():
url = 'https://api.twitter.com/oauth2/token'
header = {}
values = {}
header['User-Agent'] = 'Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1'
header['Authorization'] = 'Basic ' + B64BEARERTOKENCREDS
header['Content-Type'] = 'application/x-www-form-urlencoded;charset=UTF-8'
header['Accept-Encoding'] = 'gzip'
values['grant_type'] = 'client_credentials'
data = urllib.urlencode(values)
req = urllib2.Request(url, data, header)
try:
response = urllib2.urlopen(req)
response.read()
except urllib2.HTTPError as e:
print e
Checking the docs I found an example request wich is the same as mine:
Twitter example:
POST /oauth2/token HTTP/1.1
Host: api.twitter.com
User-Agent: My Twitter App v1.0.23
Authorization: Basic NnB1[...]9JM29jYTNFOA==
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 29
Accept-Encoding: gzip
grant_type=client_credentials
My request:
POST /oauth2/token HTTP/1.1
Content-Length: 29
Accept-Encoding: gzip
Connection: close
User-Agent: Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1
Host: api.twitter.com
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Authorization: Basic NnB1[...]YTNFOA==
grant_type=client_credentials
Any idea with what could be wrong with this?
Regards.
PS: I know that there are some third party libs for this but I want to make it by myself.

I solved my problem, the error was with base64.encodestring() which adds an \n at the end of the string messing up the request.
Using base64.b64encode() instead worked fine.
Regards