开发者

Creating a logical connection and calling procedures on a XML-RPC server which verifies CSRF tokens - python xmlrpclib

开发者 https://www.devze.com 2023-02-10 00:07 出处:网络
I am using xmlrpclib in python to connect to a xml-rpc server that verifies csrf tokens. proxy = ServerProxy(\"http://127.0.0.1:9091/transmission/rpc/\")

I am using xmlrpclib in python to connect to a xml-rpc server that verifies csrf tokens.

proxy = ServerProxy("http://127.0.0.1:9091/transmission/rpc/") 
proxy.system.listMethods()

I am getting the following exception

ProtocolError: <ProtocolError for 127.0.0.1:9091/transmission/rpc/: 409 Conflict>

When trying to access the same xml-rpc server from a browser i get 开发者_JAVA百科the following error message.

Your request had an invalid session-id header.

To fix this, follow these steps:

  1. When reading a response, get its X-Transmission-Session-Id header and remember it
  2. Add the updated header to your outgoing requests
  3. When you get this 409 error message, resend your request with the updated header

This requirement has been added to help prevent CSRF attacks.

X-Transmission-Session-Id: lhfIlFPd1W6pctlHSiS3BuNXdFr0al1qxfM4wSLvVkdh5wOu

Now, i am looking for a way to send this session-id to the server whenever i use ServerProxy object to call the remote procedures. Is it possible?


First of all, Transmission doesn't expose an XML-RPC service. It's a JSON-RPC service. Using xmlrpclib won't work at all.

You'll need to do exactly what the error message says... record the X-Transmission-Session-Id from the response header whenever you receive a 409 error, then re-send the request with X-Transmission-Session-Id added to the request header. One way to accomplish this is by using httplib.

Transmission's RPC service expects valid JSON in the body of the request. You can find the specification here: https://trac.transmissionbt.com/browser/trunk/extras/rpc-spec.txt

0

精彩评论

暂无评论...
验证码 换一张
取 消