Reverse API of Huawei router management panel
🧪 Working in Progress
Before logging in, the client initiates a request to /api/system/user_login_nonce
. The request body includes the csrf
. If csrf
is not included or is incorrect, the response will contain Menu.csrf_err
. In this case, the client needs to obtain the csrf_token
and csrf_param
from the response body and make the request again.
Subsequently, the client makes a request to /api/system/user_login_proof
. In this request, the response will include a Set-Cookie
header containing a SessionID_R3
. This SessionID_R3
must be included in the headers of subsequent requests; otherwise, no content will be returned.
Warning
It has been observed that these requests always include csrf_token
and csrf_param
. In the event of encountering Menu.csrf_err
, proceed by obtaining the csrf_token
and csrf_param
from the response body and making the request again.
Additionally, after each request, it is necessary to save the latest csrf_token
and csrf_param
.
The following example is valid (assuming SessionID_R3
is valid):
curl 'http://192.168.3.1/api/system/heartbeat' --cookie 'SessionID_R3=xxxxxx'
# Response: {"interval":"5000"}
The following is invalid:
curl 'http://192.168.3.1/api/system/heartbeat'
# No Response
Just by looking at ErrReason
, would you think it represents the "error reason"? No, this is Huawei's "error," and it's a very misleading one. Under normal circumstances, it returns "Success", which is highly counterintuitive.
{
// ...
"ErrReason": "Success"
// ...
}
The interfaces affected by this "error" include:
ntwk/WanDetect.ts
ntwk/WANDiagnose.ts