From 8162ab9285a818eed6c65c7a441cd15a63d93f64 Mon Sep 17 00:00:00 2001 From: Alex Date: Fri, 28 Jun 2019 23:14:00 +0200 Subject: [PATCH] Multiple tries to retrieve CSRF Try to get CSRF on three different URLS --- alexa_remote_control.sh | 25 ++++++++++++++++++++++--- alexa_remote_control_plain.sh | 24 +++++++++++++++++++++--- 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/alexa_remote_control.sh b/alexa_remote_control.sh index d8e1eeb..bb2e502 100644 --- a/alexa_remote_control.sh +++ b/alexa_remote_control.sh @@ -39,7 +39,8 @@ # 2019-02-03: v0.11a fixed string escape for automation and speak commands # 2019-02-10: v0.12 added "-d ALL" to the plain version, lastalexa now checks for SUCCESS activityStatus # 2019-02-14: v0.12a reduced the number of replaced characters for TTS and automation -# 2019-06-18: v0.12c fixed CSRF +# 2019-06-18: v0.12b fixed CSRF +# 2019-06-28: v0.12c properly fixed CSRF # ### # @@ -426,14 +427,32 @@ fi # ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\ -H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\ - https://${ALEXA}/templates/oobe/d-device-pick.handlebars > /dev/null -# https://${ALEXA}/api/language > /dev/null + https://${ALEXA}/api/language > /dev/null + +if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then + echo "trying to get CSRF from handlebars" + ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\ + -H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\ + https://${ALEXA}/templates/oobe/d-device-pick.handlebars > /dev/null +fi + +if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then + echo "trying to get CSRF from devices-v2" + ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\ + -H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\ + https://${ALEXA}/api/devices-v2/device?cached=false > /dev/null +fi rm -f "${TMP}/.alexa.login" rm -f "${TMP}/.alexa.header" rm -f "${TMP}/.alexa.header2" rm -f "${TMP}/.alexa.postdata" rm -f "${TMP}/.alexa.postdata2" + +if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then + echo "ERROR: no CSRF cookie received" + exit 1 +fi } # diff --git a/alexa_remote_control_plain.sh b/alexa_remote_control_plain.sh index 969b45e..66b8a43 100644 --- a/alexa_remote_control_plain.sh +++ b/alexa_remote_control_plain.sh @@ -3,7 +3,7 @@ # Amazon Alexa Remote Control (PLAIN shell) # alex(at)loetzimmer.de # -# 2019-02-14: v0.12c (for updates see http://blog.loetzimmer.de/2017/10/amazon-alexa-hort-auf-die-shell-echo.html) +# 2019-06-28: v0.12c (for updates see http://blog.loetzimmer.de/2017/10/amazon-alexa-hort-auf-die-shell-echo.html) # ### # @@ -371,14 +371,32 @@ fi # ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\ -H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\ - https://${ALEXA}/templates/oobe/d-device-pick.handlebars > /dev/null -# https://${ALEXA}/api/language > /dev/null + https://${ALEXA}/api/language > /dev/null + +if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then + echo "trying to get CSRF from handlebars" + ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\ + -H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\ + https://${ALEXA}/templates/oobe/d-device-pick.handlebars > /dev/null +fi + +if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then + echo "trying to get CSRF from devices-v2" + ${CURL} ${OPTS} -s -c ${COOKIE} -b ${COOKIE} -A "${BROWSER}" -H "DNT: 1" -H "Connection: keep-alive" -L\ + -H "Referer: https://alexa.${AMAZON}/spa/index.html" -H "Origin: https://alexa.${AMAZON}"\ + https://${ALEXA}/api/devices-v2/device?cached=false > /dev/null +fi rm -f "${TMP}/.alexa.login" rm -f "${TMP}/.alexa.header" rm -f "${TMP}/.alexa.header2" rm -f "${TMP}/.alexa.postdata" rm -f "${TMP}/.alexa.postdata2" + +if [ -z "$(grep ".${AMAZON}.*csrf" ${COOKIE})" ] ; then + echo "ERROR: no CSRF cookie received" + exit 1 +fi } #