Page 1 of 1

RFC 6265 Plugin/Algorithm

Posted: 11 Jun 2019 07:44
by Snify
Hello y'all.

This is something like a mix between a Feature Request and/or seeking for help.

Automagic provides an outstanding and stable HTTP Request Action.
However I am in need to handle cookies for the request, which should be RFC 6265 compliant.

I have read the RFC 6265 and it's not that difficult - but my time is very limited to develop this algorithm to Automagic (via Script).

I also tried plugins such as WebAlert XP - which is really good for easy to use - but lacks of some dynamics such as changing the POST parameters - plus it's a bit slow due to embedded browser transactions.

What I need is a "function", which takes the request URL and any kind of cookies, processes them and returns only the valid/scope cookies for this request.
In addition - the returned cookies for that request, should also be processed afterwards (if any cookies are returned by the HTTP request).

I have found this: https://github.com/js-cookie/java-cookie but I don't know how I could use this with Automagic (if possible)

Any help in handling cookies in Automagic, would be appreciated.

Thank you for the time to read this.


Regards.

Re: RFC 6265 Plugin/Algorithm

Posted: 12 Jun 2019 20:03
by Martin
Hi,

Action HTTP Request already uses the default cookie handling mechanism provided by Android which states that it conforms to RFC 2965 so I assume that it should work in general.
It means that cookies set in responses of action HTTP Request are stored and the cookies are included in subsequent requests again when the scope matches.

Regards,
Martin

Re: RFC 6265 Plugin/Algorithm

Posted: 16 Jun 2019 16:56
by Snify
Thank you for your answer. I got time to test some stuff and I am not quite sure how to delete all the cookies before a request...
(Re)starting a flow which uses http actions, use the same cookies again.

Re: RFC 6265 Plugin/Algorithm

Posted: 16 Jun 2019 20:22
by Martin
Hi,

Automagic currently stores all cookies in memory and does not remove any cookies except when the cookie expires or the process hosting Automagic is terminated.
I could add an action to remove all cookies or all cookies for a certain domain. Would this help or are you looking for other ways to remove cookies?

Regards,
Martin

Re: RFC 6265 Plugin/Algorithm

Posted: 17 Jun 2019 04:53
by Snify
A little bit of cookie control would be actually nice :)
Like storing all saved cookies to a file or load them, etc.
But being able to remove (domain) cookies before a request should be a good start and is exactly what I need. Looking forward to see this action :)
Thank you so much for the support.

Re: RFC 6265 Plugin/Algorithm

Posted: 17 Jun 2019 17:46
by Desmanto
@Martin : Slightly related topic, I have problem with HTTP request when accessing sites with cloudflare DDOS proteciton. The protection use some javascript to do some calculation, wait until 5 seconds and then store some id to the cookies of the browser. Next time when the browser access the sites again, it use this cookie and doesn't get the wait 5 seconds anymore.

However when using HTTP request, it always return the DDOS protection page. Automagic won't wait until 5 seconds for the cookie to be stored first. Hence I never can access any site protected by the cloudflare DDOS protection using HTTP request. I wonder if there is some method for the Automagic to wait for the calculation, redirecting and then return the result. Trying multiple timeout value, still always return only the protection page.

Re: RFC 6265 Plugin/Algorithm

Posted: 20 Jun 2019 19:20
by Martin
I assume that the cloudflare DDOS protection could be difficult to circumvent since it likely requires to interpret some Javascript code and to execute one or multiple other requests to get the cookies.
It would probably be easier to just use a webview to simulate an entire browser and extract the cookies from there or just use the webview to simulate the other HTTP requests too. This is actually something on my todo list to investigate if this can be added since it would also be helpful to automate interactions with java script heavy single page web applications.

Regards,
Martin

Re: RFC 6265 Plugin/Algorithm

Posted: 21 Jun 2019 06:42
by Snify
I heavenly depend on this... I have my stuff coded on my Windows machine with openssl, HTTP libraries and cookie manager. With this I am able to parse important information from my banking, etc.
Altough I could compile for Android too, I still prefer Automagic and I have been looking for methods to get this done with Automagic.

@Martin if you could also implement DOM for easier form access etc. this would be a huge milestone and opens up huge opportunities.

Also, I don't remember to have ever needed to execute Javascript for correct requests/responses