OH3 sendHttpPostRequest cookie error

alex75 · November 28, 2021, 9:38am

Platform information:
- Hardware: _Raspberry PI 3B
- OS: openhabian
- Java Runtime Environment: which java platform is used and what version
- openHAB version: 3.1

Hello to all,
i just started with openhab and the first thing i wanted to implement was opening a gate.
The gate is connected to a video door entry unit:

Dahua VTO3211D-P4-S2

with the ability to receive http commands.
If I open the address from a browser:

http://user:password@dahua_IP/cgi-bin/accessControl.cgi?action=open&Doorchannel=1&Type=Remote

the gate is correctly opened.

If I create a script in OH3 with only one row:

sendHttpPostRequest (“http://user:password@dahua_IP/cgi-bin/accessControl.cgi?action=open&Doorchannel=1&Type=Remote”)

I get an error in the log:

[java.net.CookieManager] - Invalid cookie for -http address-: secure; HttpOnly

I’ve been trying to figure out what I’m doing for days but I can’t find the solution.
Could someone please be of help to me?

A thousand thanks.
Alessio.

Wolfgang_S · November 28, 2021, 11:16am

This sounds like besides the user, password the system also requires a cookie being set.
As it looks like the communication uses http ( which seems a bit strange from security point of view ) you easily can sniff the network traffic by using either wireshark or an extension like HTTP header live ( for firefox ) and trace the network communication. This will show the cookies that are used.
Alternatively you may try to use curl and check if you get better results on the command line.

helipus · August 4, 2023, 1:13pm

Hi Alessio,
I’m having the same problem. Did you find a solution?

I try to call my Dahua camera like this:

sendHttpPostRequest("http://username:password@192.168.0.25/cgi-bin/ptz.cgi?action=start&channel=%201&code=GotoPreset&arg1=0&arg2=7&arg3=0", 1000);

If I call this url in the browser it works.

But here in openhab I always get this error:

Invalid cookie for http://192.168.0.25/cgi-bin/ptz.cgi?action=start&channel=%201&code=GotoPreset&arg1=0&arg2=7&arg3=0: secure; HttpOnly

I also tried this:

val headers = newHashMap("Cache-control" -> "no-cache", "Authorization" -> "Basic base64Encoded(username:password)")
val output = sendHttpGetRequest("http://192.168.0.25/cgi-bin/ptz.cgi?action=start&channel=%201&code=GotoPreset&arg1=0&arg2=7&arg3=0", headers, 1000)

Still the same error.
I found this in the manual from the cam:

Can anyone help?

Wolfgang_S · August 4, 2023, 1:45pm

Browsers do have more intelligence in their code. E.g. they are able to deal with redirect requests.
Best would be to record the communication e.g. using a network sniffer or something like a browser plugin like http-header-live for firefox ( there are others as well ).

As long as it is http traffic you can do the following:
a) trace the traffic by running the connection in a browser
then
b) trace the traffic by running the connection from within openhab
c) compare results from a) and b) resp. b) against the specification do adjustments and run b) again.

helipus · August 4, 2023, 1:51pm

Thank you Wolfgang. I accomplished a)

Host: 192.168.0.25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Authorization: Digest username="XXX", realm="Login to 5dcad16d98b46f94dd2313e3bfefb06e", nonce="682939978", uri="/cgi-bin/ptz.cgi?action=start&channel=%201&code=GotoPreset&arg1=0&arg2=7&arg3=0", response="0f0835bc1ade0b5d0efc73df623782c3", opaque="3ef4eea4f15d1c3b32a769d2e04dc489f2940226", qop=auth, nc=00000001, cnonce="da4e10b79e1d9417"
Cookie: secure

But how can I do b)?

Wolfgang_S · August 4, 2023, 2:01pm

To compare the traffic and its differences it may be better to use wireshark and tcpdump.
You can use wireshark on linux/windows. In case of a Pi you would use tcpdump and record the traffic into a file that can be copied to your PC running wireshark and then opened in wireshark.

An example http analysis with wireshark: HTTP analysis using Wireshark
In case https is being used the traffic will be encrypted and it is more effort/complex to decrypt the traffic.

helipus · August 4, 2023, 2:06pm

Whow thats way to complex for me. I just wanted openhab to call one URL. That easy.
Isn’t there a simple solution in openhab to do that?

Wolfgang_S · August 4, 2023, 4:45pm

The call from within openhab may be easy but first one needs to know what the problem is.
The browser does many things one after an other. I think the http action does just one and as long as it is not clear what is not working it needs to be analysed. Wireshark/tcpdump is about doing the analysis.
Alternatively you may check if you cam is supported by the ipcamera binding.

helipus · August 5, 2023, 8:41pm

I have installed openhab 4 on a Synology Disk Station in a docker container. I also installed wireshark in a docker container but I’m not able to see the http traffic when I call the rule with the sendHttpGetRequest. Maybe it is because both run in docker containers.

I did install wireshark on my windows laptop and I did work like in firefox. I got the same result there.
So I guess I need to find the solution without wireshark on the openhab side.

Anyone an idea?

helipus · August 5, 2023, 9:25pm

Danke für die Empfehlung. Das ipcamera binding funktioniert.