Jump to content
xorpas

400 Bad Request ,nginx/1.14.0

Recommended Posts

Hello

when I try to get this link Link  with this headers

Host: apk-dl.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Sec-GPC: 1

using tnethttpclient  like this

 

http := TNetHTTPClient.Create(nil);
      http.UserAgent :=
        'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0';
      http.SecureProtocols := [THTTPSecureProtocol.TLS12];
      http.Accept :=
        'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8';
      Memo2.Text := link;
      http.CustomHeaders['Host:'] := 'apk-dl.com';
      http.CustomHeaders['Accept-Language:'] :=
        'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3';
      http.AcceptEncoding := 'gzip, deflate, br';
      http.CustomHeaders['Connection:'] := 'keep-alive';
      http.CustomHeaders['Upgrade-Insecure-Requests:'] := '1';
      http.CustomHeaders['Sec-Fetch-Dest:'] := 'document';
      http.CustomHeaders['Sec-Fetch-Mode:'] := 'navigate';
      http.CustomHeaders['Sec-Fetch-Site:'] := 'none';
      http.CustomHeaders['Sec-Fetch-User:'] := '?1';
      http.CustomHeaders['Sec-GPC:'] := '1';

 

I get 400 Bad Request ,nginx/1.14.0

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.14.0</center>
</body>
</html>

but when send it with httpliveheader to firefox I get success result

 

How can resolve this

Share this post


Link to post
Guest

install a packet sniffer,
for example http://www.etherdetect.com/
then change https to http in the GET(NetHTTPClient.Get("http:")) part of your code,
Send the request, examine the packet from the packet sniffer to http 80, check the headers, look at the fields going from https in the developer tab of the browser, compare the 2, you will see the problem.

When you send http request, you will either get an error or https redirect 301. If you get 301, the situation is different, in this case, let us know.

Show us what the browser sent with what you sent.

You may have a character encoding problem in the custom header that goes to the server, it should be confirmed with a packet sniffer.

normally you don't need to send host and sec keys,

It already adds them automatically.

 

resim_2023-01-27_230812721.png

Edited by Guest

Share this post


Link to post

the packet sniffer  not work for me because it not supported    i search for other software

 

Untitled.thumb.png.8af447b40024ff100d65221a71ab5d89.png

Share this post


Link to post

I think it use get option  and then extract specific values like cookies then send it with post method I will test it soon

Share this post


Link to post

WinPCap development ceased a few years again, it was taken over by Npcap which is used by most network sniffing software, including Wireshark which is the leader. 

 

I wrote a Delphi sample packet sniffer using WinPCap and Npcap many years ago, very basic really needs better filtering and IPv6 support, must spend some time on it.

 

Angus

 

  • Like 1

Share this post


Link to post
Guest
56 minutes ago, Angus Robertson said:

WinPCap development ceased a few years again, it was taken over by Npcap which is used by most network sniffing software, including Wireshark which is the leader. 

 

I wrote a Delphi sample packet sniffer using WinPCap and Npcap many years ago, very basic really needs better filtering and IPv6 support, must spend some time on it.

 

Angus

 

Hello, It's nice to see you here, I hope you are well.
Even after all these years, your demo is still running.

Yours truly

 

1.png

Edited by Guest

Share this post


Link to post

I recently bought https://www.charlesproxy.com/ for debugging some https header issues.  Easy to use and invaluable insights.

It has a somewhat annoying trial version that may help you spot the difference between the Firefox and Delphi headers.

Share this post


Link to post

ICS has a proxy server sample that includes logging and headers and optionally bodies, I've used it for debugging SSL connections.  You can even fake a server SSL certificate (and some anti-malware packages do, to intercept SSL sessions if you can not originate in HTTP.

 

Angus

 

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×