Multiple tries to retrieve CSRF

Try to get CSRF on three different URLS
This commit is contained in:
Alex 2019-06-28 23:14:00 +02:00 committed by GitHub
parent 1c7d55e56c
commit 8162ab9285
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 6 deletions

View File

@ -39,7 +39,8 @@
# 2019-02-03: v0.11a fixed string escape for automation and speak commands
# 2019-02-10: v0.12 added "-d ALL" to the plain version, lastalexa now checks for SUCCESS activityStatus
# 2019-02-14: v0.12a reduced the number of replaced characters for TTS and automation
# 2019-06-18: v0.12c fixed CSRF
# 2019-06-18: v0.12b fixed CSRF
# 2019-06-28: v0.12c properly fixed CSRF
#
###
#
@ -426,14 +427,32 @@ fi
#
${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\
-H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\
https://${ALEXA}/templates/oobe/d-device-pick.handlebars > /dev/null
# https://${ALEXA}/api/language > /dev/null
https://${ALEXA}/api/language > /dev/null
if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then
echo "trying to get CSRF from handlebars"
${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\
-H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\
https://${ALEXA}/templates/oobe/d-device-pick.handlebars > /dev/null
fi
if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then
echo "trying to get CSRF from devices-v2"
${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\
-H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\
https://${ALEXA}/api/devices-v2/device?cached=false > /dev/null
fi
rm -f "${TMP}/.alexa.login"
rm -f "${TMP}/.alexa.header"
rm -f "${TMP}/.alexa.header2"
rm -f "${TMP}/.alexa.postdata"
rm -f "${TMP}/.alexa.postdata2"
if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then
echo "ERROR: no CSRF cookie received"
exit 1
fi
}
#

View File

@ -3,7 +3,7 @@
# Amazon Alexa Remote Control (PLAIN shell)
# alex(at)loetzimmer.de
#
# 2019-02-14: v0.12c (for updates see http://blog.loetzimmer.de/2017/10/amazon-alexa-hort-auf-die-shell-echo.html)
# 2019-06-28: v0.12c (for updates see http://blog.loetzimmer.de/2017/10/amazon-alexa-hort-auf-die-shell-echo.html)
#
###
#
@ -371,14 +371,32 @@ fi
#
${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\
-H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\
https://${ALEXA}/templates/oobe/d-device-pick.handlebars > /dev/null
# https://${ALEXA}/api/language > /dev/null
https://${ALEXA}/api/language > /dev/null
if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then
echo "trying to get CSRF from handlebars"
${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\
-H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\
https://${ALEXA}/templates/oobe/d-device-pick.handlebars > /dev/null
fi
if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then
echo "trying to get CSRF from devices-v2"
${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\
-H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\
https://${ALEXA}/api/devices-v2/device?cached=false > /dev/null
fi
rm -f "${TMP}/.alexa.login"
rm -f "${TMP}/.alexa.header"
rm -f "${TMP}/.alexa.header2"
rm -f "${TMP}/.alexa.postdata"
rm -f "${TMP}/.alexa.postdata2"
if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then
echo "ERROR: no CSRF cookie received"
exit 1
fi
}
#