Closed Velaa98 closed 5 years ago
Gotta provider a little more information please. At least the output of $PSVersionTable. Have you tried this on a different system? thanks
My system is a Windows 10 and i haven't another system to test.
PS C:\WINDOWS\system32> $PSVersionTable
Name Value
---- -----
PSVersion 5.1.17763.316
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.316
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
I tried to execute the code of fuction line for line, and it returned the error 403.
PS C:\WINDOWS\system32> $EmailAddress = "test@gmail.com"
PS C:\WINDOWS\system32> $UserAgent = "HaveIBeenPwned Powershell Module"
PS C:\WINDOWS\system32> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
PS C:\WINDOWS\system32> $URI = "https://haveibeenpwned.com/api/v2/breachedaccount/$EmailAddress"
PS C:\WINDOWS\system32> $EmailAddress = (New-Object -TypeName System.Net.Mail.MailAddress -ArgumentList @($EmailAddress)).Address
PS C:\WINDOWS\system32> $Request = Invoke-RestMethod -Uri $URI -UserAgent $UserAgent
Invoke-RestMethod : Error en el servidor remoto: (403) Prohibido.
En línea: 1 Carácter: 12
+ $Request = Invoke-RestMethod -Uri $URI -UserAgent $UserAgent
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
PS C:\WINDOWS\system32> Get-PwnedAccount -EmailAddress test@gmail.com
PS C:\WINDOWS\system32> Get-PwnedAccount test@gmail.com
PS C:\WINDOWS\system32> Get-PwnedAccount
cmdlet Get-PwnedAccount en la posición 1 de la canalización de comandos
Proporcione valores para los parámetros siguientes:
EmailAddress: test@gmail.com
PS C:\WINDOWS\system32>
If u need more info just tell me. Thanks you :)
Thanks, that's great. I'm wondering if it's related to the UserAgent string. HaveIBeenPwned won't work without a UserAgent string.
Can you break it down a little further and try
Invoke-RestMethod -Uri https://haveibeenpwned.com/api/v2/breachedaccount/test@gmail.com
You should receive the same 403 error. Then try
Invoke-RestMethod -Uri https://haveibeenpwned.com/api/v2/breachedaccount/test@gmail.com -UserAgent "HaveIBeenPwned Powershell Module"
If that fails too try a simpler UserAgent like below
Invoke-RestMethod -Uri https://haveibeenpwned.com/api/v2/breachedaccount/test@gmail.com -UserAgent "Mozilla"
Let me know how that goes.
thanks
After of tests:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
)You have been blocked from accessing this resource on Have I Been Pwned
This may be due to violating one or more of the acceptable use terms of the API or for not complying with the API specifications. It may also be due to your traffic patterns being similar to other users who may have violated the acceptable use terms.
Tips to avoid requests being blocked include:
Stick well within the published rate limit
Don't distribute requests over multiple IP addresses in an attempt to circumvent the rate limit
Only query the email addresses of people who have a reasonable expectation that you should do so
Avoid prolonged querying of the API over an extended period of time
Clearly identify your app in the user agent string per the API docs.
If you believe your request meets these requirements and was still blocked, please send this entire response body along with any communication you send regarding the error.
Access denied
This website is using a security service to protect itself from online attacks.
Requested URL: haveibeenpwned.com/api/v2/breachedaccount/test@gmail.com
Error reference number: 1020
Server ID: FL_40F33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
[...]
Should I contact the creators of the API??
Thanks :)
Edit: I never used the API before, and now that I've used it, it has never returned anything other than error 403.
Correct, if you're using PowerShell 5.1 or below you need to use [Net.ServicePointManager] line.
I believe it's also normal to get that error message if you browse directly to the URL in a web browser.
Why you're still getting the 403 error I really don't know. It's not my module as it's more PowerShell and Troy's APIs that are causing the problem. It could still be the UserAgent part and maybe a proxy that you might be going through. It's really hard to say. If possible try it on a completely different network.
I've tried using VPN services and I will get this issue. It seems Have I Been Pwned doesn't like some VPN services. So there is a chance that your network / IP that Have I Been Pwned doesn't like.
It Works!!!!
I had already tried from a different network, but now when I retry... It works!
PS C:\Temp> Get-PwnedAccount -EmailAddress test@gmail.com
Name : 000webhost
Title : 000webhost
Domain : 000webhost.com
BreachDate : 2015-03-01
AddedDate : 2015-10-26T23:35:45Z
ModifiedDate : 2017-12-10T21:44:27Z
PwnCount : 14936670
Description : In approximately March 2015, the free web hosting provider <a
[...]
Thanks for everything :)
hi, i installed the latest version (1.3.1) and when execute:
Get-PwnedAccount -EmailAddress test@gmail.com
Doesn't return anything. What happen?