Reverse API of Huawei router management panel
🧪 Working in Progress
Before logging in, the client initiates a request to /api/system/user_login_nonce. The request body includes the csrf. If csrf is not included or is incorrect, the response will contain Menu.csrf_err. In this case, the client needs to obtain the csrf_token and csrf_param from the response body and make the request again.
Subsequently, the client makes a request to /api/system/user_login_proof. In this request, the response will include a Set-Cookie header containing a SessionID_R3. This SessionID_R3 must be included in the headers of subsequent requests; otherwise, no content will be returned.
Warning
It has been observed that these requests always include csrf_token and csrf_param. In the event of encountering Menu.csrf_err, proceed by obtaining the csrf_token and csrf_param from the response body and making the request again.
Additionally, after each request, it is necessary to save the latest csrf_token and csrf_param.
The following example is valid (assuming SessionID_R3 is valid):
curl 'http://192.168.3.1/api/system/heartbeat' --cookie 'SessionID_R3=xxxxxx'
# Response: {"interval":"5000"}The following is invalid:
curl 'http://192.168.3.1/api/system/heartbeat'
# No ResponseJust by looking at ErrReason, would you think it represents the "error reason"? No, this is Huawei's "error," and it's a very misleading one. Under normal circumstances, it returns "Success", which is highly counterintuitive.
{
// ...
"ErrReason": "Success"
// ...
}The interfaces affected by this "error" include:
ntwk/WanDetect.tsntwk/WANDiagnose.ts