• Announcements

    • Bommuraj Paramaraj

      Important Security Advisory   06/07/2016

      On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums.
      The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts. As a result, attackers were able to download a list of our forum users. We are investigating further to learn if any other information was accessed.Our vendor has made backend changes so that the hashes in the file do not appear to be a usable attack vector. As a precaution, we are advising our users to change their passwords. While the passwords may not be used as a vector on the forums, those hashed passwords should be considered compromised. Anyone using the same password for forums as well as other places is strongly advised to update their passwords and/or practice good personal security practices.

davidv7

Members
  • Content count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About davidv7

  • Rank
    Newbie
  • Birthday
  1. There's recently been some trouble in connecting to a WebAPI using a global IP using my mobile connection.
  2. The project I'm working on does not allow sessions. So I have to send tokens with every request. How can I combine an action request with a token?
  3. I'm building an android APP. However, I keep getting unauthorized responses. These are the URL's I'm trying with, since I do not know if you can log in any other way since there is no browser in my app. 1. http://username:password@IP:PORT/gui/token.html This is supposed to get the cookie. conn.setRequestProperty("Connection", "keep-alive"); conn.setRequestProperty("Accept-Language", "ru,en-GB;q=0.8,en;q=0.6"); conn.setRequestProperty("Accept-Charset", "utf-8"); conn.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"); conn.setRequestProperty("Cookie", ""); TThis works alright. I get the cookie, it's not supposed to be authorized yet anyways. I call the first URL again, this time adding the cookie in request header. However this STILL returns unauthorized. Why does the url not log me in? I've checked, the Username and Password are correct, so is the IP and PORT. connection.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/*;q=0.8"); connection.setRequestProperty("Accept-Encoding", "gzip, deflate, lzma, sdch"); connection.setRequestProperty("Accept-Language", "ru,en-GB;q=0.8,en;q=0.6"); // //connection.setRequestProperty("Accept-Charset", "utf-8"); connection.setRequestProperty("Cookie", cookie); connection.setRequestProperty("Referer", "http://192.168.1.4:8080/gui/token.html"); connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36 OPR/41.0.2353.46"); So far I've gotten 0 responses from StackOverflow and every question I've asked here so far has been ignored. Does no one have the answer? You can't even access the API without logging in first.
  4. It appears as if I am missing the cookie thing. However I have no idea how to implement it. Where is the set-cookie header?
  5. Am I missing the cookie thing? Shouldnt I be able to access the token without the cookie?
  6. When you want to access the API from other networks you cannot use the 8080 port. Check your router for forwarded ports(look for BitTorrent I think specifically), use the Outside port(mine was 32610). Also your IP is different if you access it from within a network or from outside. Also check that.
  7. This should be the relevant code. try { Log.w("URLString",result); connection = (new URL(result)).openConnection(); connection.setConnectTimeout(5000); connection.setReadTimeout(5000); connection.connect(); // Read and store the result line by line then return the entire string. InputStream in = connection.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); StringBuilder html = new StringBuilder(); for (String line; (line = reader.readLine()) != null; ) { html.append(line); } reader.close(); Log.w("Code ",html.toString()); } This is the URL i'm using. I'm connecting from my phone to my laptop(on the same wi-fi). readWebsite.execute("http://username:password@192.168.1.5:8080/gui/token.html"); Anyone got any ideas? I've been stuck on this forever, asked everyone I knew and no one could give me any advice. I've read some stuff about cookies, could that be it?