400 Bad Request ,nginx/1.14.0

[xorpas 4]

Hello

when I try to get this link Link  with this headers

Host: apk-dl.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: none

Sec-Fetch-User: ?1

Sec-GPC: 1

using tnethttpclient  like this

 

http := TNetHTTPClient.Create(nil);
      http.UserAgent :=
        'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0';
      http.SecureProtocols := [THTTPSecureProtocol.TLS12];
      http.Accept :=
        'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8';
      Memo2.Text := link;
      http.CustomHeaders['Host:'] := 'apk-dl.com';
      http.CustomHeaders['Accept-Language:'] :=
        'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3';
      http.AcceptEncoding := 'gzip, deflate, br';
      http.CustomHeaders['Connection:'] := 'keep-alive';
      http.CustomHeaders['Upgrade-Insecure-Requests:'] := '1';
      http.CustomHeaders['Sec-Fetch-Dest:'] := 'document';
      http.CustomHeaders['Sec-Fetch-Mode:'] := 'navigate';
      http.CustomHeaders['Sec-Fetch-Site:'] := 'none';
      http.CustomHeaders['Sec-Fetch-User:'] := '?1';
      http.CustomHeaders['Sec-GPC:'] := '1';

 

I get 400 Bad Request ,nginx/1.14.0

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.14.0</center>
</body>
</html>

but when send it with httpliveheader to firefox I get success result

 

How can resolve this

[Guest]

install a packet sniffer,
for example http://www.etherdetect.com/
then change https to http in the GET(NetHTTPClient.Get("http:")) part of your code,
Send the request, examine the packet from the packet sniffer to http 80, check the headers, look at the fields going from https in the developer tab of the browser, compare the 2, you will see the problem.

When you send http request, you will either get an error or https redirect 301. If you get 301, the situation is different, in this case, let us know.

Show us what the browser sent with what you sent.

You may have a character encoding problem in the custom header that goes to the server, it should be confirmed with a packet sniffer.

normally you don't need to send host and sec keys,

It already adds them automatically.

 

Edited January 27, 2023 by Guest

[xorpas 4]

the packet sniffer  not work for me because it not supported    i search for other software

 

[xorpas 4]

I think it use get option  and then extract specific values like cookies then send it with post method I will test it soon

[Guest]

last version available here, https://www.winpcap.org/install/

im running its on windows 10 pro.

or u can look anthor software.

 

 

[Angus Robertson 574]

WinPCap development ceased a few years again, it was taken over by Npcap which is used by most network sniffing software, including Wireshark which is the leader. 

 

I wrote a Delphi sample packet sniffer using WinPCap and Npcap many years ago, very basic really needs better filtering and IPv6 support, must spend some time on it.

 

Angus

 

[Guest]

56 minutes ago, Angus Robertson said:

WinPCap development ceased a few years again, it was taken over by Npcap which is used by most network sniffing software, including Wireshark which is the leader. 

 

I wrote a Delphi sample packet sniffer using WinPCap and Npcap many years ago, very basic really needs better filtering and IPv6 support, must spend some time on it.

 

Angus

 

Hello, It's nice to see you here, I hope you are well.
Even after all these years, your demo is still running.

Yours truly

 

Edited January 29, 2023 by Guest

[Lars Fosdal 1792]

I recently bought https://www.charlesproxy.com/ for debugging some https header issues.  Easy to use and invaluable insights.

It has a somewhat annoying trial version that may help you spot the difference between the Firefox and Delphi headers.

[Attila Kovacs 629]

I did not buy anything but I'm almost sure that your extra colons are the problem.

[Angus Robertson 574]

ICS has a proxy server sample that includes logging and headers and optionally bodies, I've used it for debugging SSL connections.  You can even fake a server SSL certificate (and some anti-malware packages do, to intercept SSL sessions if you can not originate in HTTP.

 

Angus