ByetHost server passing html values Checking your browser with JSON String
Solved!
I had the same issue using Byethost to retrieve JSON data from my PHP server. We just need to add a cookie to the HTTP request to pass the testcookie-nginx-module
As Richard's answer says:
The main problem is that Byet Host implement a simple security antibots module >named testcookie-nginx-module
https://kyprizel.github.io/testcookie-nginx-module/
On the link he provided we can see that the testcookie-nginx-module makes a 2-steps validation:
- The first time that a HTTP request is done, the module returns a javascript instead of the JSON we are expecting. This script is executed on the client (tipically a web browser) and generates a validation cookie containing an AES key.
Here's the script I've received form my server:
<html>
<body>
<script type="text/javascript" src="/aes.js" ></script>
<script>
function toNumbers(d){
var e=[];
d.replace(/(..)/g,function(d){
e.push(parseInt(d,16))});
return e
}
function toHex(){
for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)
e+=(16>d[f]?"0":"")+d[f].toString(16);
return e.toLowerCase()
}
var a=toNumbers("f655ba9d09a112ffff8c63579db590b4"),
b=toNumbers("98344c2eee86c3ffff90592585b49f80"),
c=toNumbers("1286963467aa92ffff8323bdca0d7be9");
document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";
location.href="http://myserver.byethost8.com/myPhpPage.php?i=1";
</script>
<noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript>
</body>
- The script adds the validation cookie to the document and redirects it to the url we actually want to access. The testcookie-nginx-module validates the cookie AES key and and let the request hit the url that will response with the JSON data we want to access.
On the following HTTP requests the client will have stored the cookie and will add it to the request skipping the step 1.
Solution for our Android App
We are going to skip the cookie generation by getting it from a web browser and add it directly to our Android HTTP request (Unless of course you want to get involved in generating it).
Before you get the cookie from the web browser make sure you accessed the url at least once with the browser to generate it.
Getting the cookie key from the web browser. I used Google Chrome for it:
- From the Chrome menu in the top right corner of the browser, select Settings.
- At the bottom of the page, click Show advanced settings....
- Under Privacy, select Content settings....
- select All cookies and site data....
- Search for you website name. By searching "byethost" you'll find it.
- Open the cookie named __test and copy the values of content, path and expires
Setting the cookie on our Android app. On your code should be something like:
try
{
if(post == "POST")
{
HttpClient httpClient = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(loginUrl);
httpPost.setEntity(new UrlEncodedFormEntity(para));
httpPost.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 ");
httpPost.addHeader("Cookie", "__test=THE_CONTENT_OF_YOUR_COOKIE_HERE; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/");
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
is = httpEntity.getContent();
}
else if(post == "GET")
{
HttpClient httpClient = new DefaultHttpClient();
String paramString = URLEncodedUtils.format(para, "utf-8");
loginUrl += "?" + paramString;
HttpGet httpGet = new HttpGet(loginUrl);
httpGet.addHeader("Cookie", "__test=THE_CONTENT_OF_YOUR_COOKIE_HERE; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/");
HttpResponse httpResponse = httpClient.execute(httpGet);
HttpEntity httpEntity = httpResponse.getEntity();
is = httpEntity.getContent();
}
}
And that's it. Now every time the app makes an HTTP request it will include the cookie to pass the testcookie-nginx-module and will be retrieving your JSON data.
I hope this helps and is not too late.
Regards
org.json.JSONException: Value html body script of type java.lang.String cannot be converted to JSONObject
Thank you guys, there is no problem with the code. This is an extra protection that has been added deliberately by byethost.com to block bots from accessing our sites resulting in huge security benefits to our scripts. I reuploaded these files into 000webhost.com and it worked like a charm.
For further information, refer this discussion
ByetHost server passing html values "Checking your browser" with JSON String
Related Topics
Upload Video Files Via PHP and Save Them in Appropriate Folder and Have a Database Entry
In PHP With Pdo, How to Check the Final SQL Parametrized Query
How to Add Exif Data to an Image
Eloquent Orm Code Hinting in PHPstorm
PHP: Check If an Array Contains All Array Values from Another Array
PHP Setcookie "Samesite=Strict"
Visual Studio Code PHP Intelephense Keep Showing Not Necessary Error
Doctrine 2 and Many-To-Many Link Table With an Extra Field
How to Hide/Encode/Encrypt PHP Source Code and Let Others Have the System
Why Use a Psr-0 or Psr-4 Autoload in Composer If Classmap Is Actually Faster
PHP Substring Extraction. Get the String Before the First '/' or the Whole String
Error Logging, in a Smooth Way
Codeigniter: "The Filetype You Are Attempting to Upload Is Not Allowed."