-1

I am trying to access checkpoint firewall by using it's API but for some reason I am getting HTTP Error 400: Bad Request, I have never had this before. Any ideas? Here is my code:

import json
import ssl
import urllib.request, urllib.parse, urllib.error
import urllib.request, urllib.error, urllib.parse
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
sslctx = ssl.create_default_context()
sslctx.check_hostname = False
sslctx.verify_mode = ssl.CERT_NONE

def checkpoint_api_call(cp_ip, port, command, json_payload, sid):
    apiurl = 'https://' + cp_ip + '/web_api/' + command
    req = urllib.request.Request(apiurl)
    if sid == '':
        req.add_header('Content-Type', 'application/json')
    else:
        req.add_header('Content-Type', 'application/json')
        req.add_header('X-chkp-sid', sid)
    try:
        data1 = urllib.parse.urlencode(json_payload).encode("utf-8")
        resp = urllib.request.urlopen(req, data=data1, context=sslctx)
        res_code = resp.getcode()
        return resp_output, res_code
    except urllib.error.HTTPError as e:
        print((str(e)))
main()
    payload = {'user': admin, 'password': password}
    response, res_code = checkpoint_api_call(x.x.x.x, 443, 'login', payload, '')

basically same thing is working fine with python 2

this is python2 code

import ssl
import urllib
import urllib2
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
sslctx = ssl.create_default_context()
sslctx.check_hostname = False
sslctx.verify_mode = ssl.CERT_NONE
def checkpoint_api_call(cp_ip, port, command, json_payload, sid):
    apiurl = 'https://' + cp_ip + '/web_api/' + command
    jencode = json.dumps(json_payload)
    resp_output = ""
    req = urllib2.Request(apiurl)
    if sid == '':
        req.add_header('Content-Type', 'application/json')
    else:
        req.add_header('Content-Type', 'application/json')
        req.add_header('X-chkp-sid', sid)
    try:
        resp = urllib2.urlopen(req, data=jencode, context=sslctx)
        res_code = resp.getcode()
        resp_output = json.load(resp)
        return resp_output, res_code
    except urllib2.HTTPError as e:
        res_code = e.getcode()
        print e.getcode()
        return resp_output, res_code

main()
    payload = {'user': user, 'password': password}
    response, res_code = checkpoint_api_call(x.x.x.x, 443, 'login', payload, '')
Kshitij Gupta
  • 9
  • 3
  • 4
    400 is the most generic HTTP error, how do you expect us to tell anything from this? Any firewall API reference, anything in the response payload, at least? – bereal Dec 26 '21 at 19:13
  • If my memory serves me right, some of these firewalls require enabling connections from your IP address. Have you enabled the management server to accept connections from your IP? –  Dec 26 '21 at 19:37
  • @EyalGolan basically same thing is working fine with python 2 i have updated the python 2 code as well – Kshitij Gupta Dec 28 '21 at 12:16
  • @bereal i have update the added python2 code as well – Kshitij Gupta Dec 28 '21 at 12:17
  • @KshitijGupta in your working code you send json, and in the python 3 code you `urlencode` it. It's not the same. – bereal Dec 28 '21 at 12:27

1 Answers1

0

use this

try:
    jencode = json.dumps(json_payload)
    jencode = jencode.encode("utf-8")
    resp = urllib.request.urlopen(req, data=jencode, context=sslctx)
    res_code = resp.getcode()
    resp_output = json.load(resp)
    return resp_output, res_code
Kshitij Gupta
  • 9
  • 3