Http Error 401 - Server dint respond

[amkhullar]

What's the problem (or question)?

We are trying to to a hit a box for Web App Attack through nosqlmap but it gives 401 error. Though we can access the same url from the browser and it works with a response

Do you have an idea for a solution?

No idea

How can we reproduce the issue?

---

| | |/ |/ _ | | | / | _ _ __
| . / _ \__ \ (_) | |__| |\/| / _ | '
||__//___|| |_,| .__/
v0.7 codingo@protonmail.com |_|
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
Select an option: 3

Web App Attacks (GET)
===============
Checking to see if site at qa.orrc.com:443/v1/entity/info/5d2f10c252faff0001b865ef is up...
https://qa.orrc.com:443/v1/entity/info/5d2f10c252faff0001b865ef
HTTP Error 401:
Looks like the server didn't respond.  Check your options.
Press enter to continue...

What are the running context details?

• Installation method (e.g. pip, apt-get, git clone or zip/tar.gz): zip
• Client OS (e.g. Microsoft Windows 10) Windows 10
• Program version (python sqlmap.py --version or sqlmap --version depending on installation): 0.7
• Target DBMS (e.g. Mongo): Mongo
• Detected WAF/IDS/IPS protection (e.g. ModSecurity or unknown):
• Results of manual target assessment
• Relevant console output (if any):
• Exception traceback (if any):

[amkhullar]

I am doing some debugging by printing the code variables to see where the issue might be it seems the headers are not getting set properly.
Below is the option i use and the value i am setting, let me know if the format is wrong.

Select an option: h
Enter HTTP Request Header data in a comma separated list (i.e. header name 1,value1,header name 2,value2)
Authorization,eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiJ2bXAuYWRtaW5AbWFya2l0LmNvbSIsInNvbHV0aW9ucyI6WyJWTVAiXSwicm9sZXMiOlsiU09MVVRJT05fQURNSU4iXX0.I2-GBOUjulshJGAXCsV9yd0X9PflA5Q13r6aXD1AjuA

and when i am trying to print the variable

if https == "OFF":
        appURL = "http://" + str(victim).strip() + ":" + str(webPort).strip() + str(uri).strip()
        print(appURL)
    elif https == "ON":
        appURL = "https://" + str(victim).strip() + ":" + str(webPort).strip() + str(uri).strip()
        print(appURL)
	print(requestHeaders)
    try:
        req = urllib2.Request(appURL, None, requestHeaders)
        appRespCode = urllib2.urlopen(req).getcode()

i get {} as output for requestHeaders

This can be fixed with below code:

elif select == "h":
            reqHeadersIn = raw_input("Enter HTTP Request Header data in a comma separated list (i.e. header name 1,value1,header name 2,value2)\n")
            requestHeaders = build_request_headers(reqHeadersIn)

[codingo]

@amkhullar saw you closed this, are you planning on submitting a pull request or this wasn't correct in the end?

[amkhullar]

If some one can put the change in code it would be great.  It’s closed from my side. I can’t push the code fix from here  Sent from Yahoo Mail for iPhone On Wednesday, August 7, 2019, 1:46 PM, Michael Skelton <notifications@github.com> wrote: @amkhullar saw you closed this, are you planning on submitting a pull request or this wasn't correct in the end? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.