api reverse engineering

CREDENTIALS

@@ -0,0 +1 @@
+TAPO ADMIN: vT6Vsd^p

backend/api-test.drucker.py

@@ -0,0 +1,95 @@
+import requests
+import json
+
+# Basis-URL inkl. Token
+url = "http://192.168.0.101:80/app?token=48284E8B91424E897B2E4C89175B4C88"
+
+# HTTP-Header wie in der Originalanfrage
+headers = {
+    "Referer": "http://192.168.0.101:80",
+    "Accept": "application/json",
+    "requestByApp": "true",
+    "Content-Type": "application/json; charset=UTF-8",
+    "Host": "192.168.0.101",
+    "Connection": "Keep-Alive",
+    "Accept-Encoding": "gzip",
+    "User-Agent": "okhttp/3.14.9"
+}
+
+# Liste der Payloads (als Python-Dictionaries)
+payloads = [
+    {
+        "method": "securePassthrough",
+        "params": {
+            "request": (
+                "ZC4CHp6bbfBO1rtmuH6I+TStBIiFRfQpayYPwet5NBmL35dib5xXHeEeLM7c0OSQSyxO6fnbXrC1\n"
+                "gXdfowwwq4Fum9ispgt8yT7cgbDcqnoVrhxEtHIDfuwLh8YAGmDSfTMo/JlsGspWPYMKd1EWXtb5\n"
+                "gP9FA9LHnV2kxKsNSPQ=\n"
+            )
+        }
+    },
+    {
+        "method": "securePassthrough",
+        "params": {
+            "request": (
+                "k111EbfCcfVzAouNbu1vyos9Ltsg+a97n4xUUQMviQVJfhqxvKOhv1SrvEk2LvpD0LwNVUNPZdwU\n"
+                "6pH5E/NOwdc1WzTPeqHiY760GpUuqn0tToHEHEyO2HaSKdrAYnw2gN410bvHb0pM3gYWS43eOA==\n"
+            )
+        }
+    },
+    {
+        "method": "securePassthrough",
+        "params": {
+            "request": (
+                "7/uYVDwyNfFhg9y7rHyp+4AGKBYQPyaBN6cFMl9j4ER/JpJTcGBdaUteSmx8P8Fkz+b2kkNLjYa2\n"
+                "wQr2gA3m6vEq9jpnAF2V3fv9c4Yg9gja9MlTIZqM6EdMi7YbfbhLme34Bh8kMcohDR3u1F4DwFDz\n"
+                "hNZPckf/CegbY9KGFeGwT4rWyX3BTk9+FE7ldtJn\n"
+            )
+        }
+    },
+    {
+        "method": "securePassthrough",
+        "params": {
+            "request": (
+                "EjWZb+YYS9tihgLdX4x+Wwx7q+e5X/ZHicr4jOnYmpFToDANzpm5ZpzD49BITcTCdQMOHlJBis85\n"
+                "9GX6Hv8j66OITyH0XmfG9dQo2tgIykyagCZIofr/BpAWYX4aRaOkU4z14mVa2XpDtHJQjc+pXYkh\n"
+                "JuWvLE+h01U5RoyPtvE=\n"
+            )
+        }
+    },
+    {
+        "method": "securePassthrough",
+        "params": {
+            "request": (
+                "OwyTsm5HdB/ReJMhVRrkjnV0NLTanw6iXOxVrDDexT456edWuwKiBOsZUyBHmUyJKgiPQzOXqyWWi220bX8IjLX4q8YNgPwRlj+7nRbfzpC/I57wBZBTWIt626pSdIH0vpiuPq84KMfPD5BB2p78/LjsqlzyeLGYzkSsGRBMT8TnLMDFzZE864nfDUZ9muH2kk8NRMN9l6xoCXBJqGA9q8XxIWRTpsl0kTx52kUszY69hYlfFSrrCDIls1ykul14/T1NtOVF8KOgiwaSGOZf7L4QlbhYvRj9kkVVkrxhlwt8jtMqfJKEqq+CIPh3Mp4440WYMLRo6VNIEJ3pWjplkJmc+htnYC4FwVgT7mHZ8eeGGKBvsJz+78gTaHnGBnwZ26I8UdFparyp6QXpOhK9zFmGVh0yapiTHo6jOOI+4Q3Ru+aPnidX/ZASPmR7CZO70CUpvv9zIKJnrAaoTMmH7A6+kcmCRLgLFaTaM+4DFmiz6JGP+4W7MmVPJxxvn0IFlo1P/xwNDuL3T6GLUIEVNk89JG5roBm7AdchUZJO38dGZ0eFiiTK/NhKPvjj+fk9A4FGh7EDshXZhL2u50cdLcdUtcP/CAMDjgWlMm4Kk3vxMQO+UGE+jsB7NkaulmTW1jcl+PSnAE5P71oqVVQ0ng==\n"
+            )
+        }
+    },
+    {
+        "method": "securePassthrough",
+        "params": {
+            "request": (
+                "7/uYVDwyNfFhg9y7rHyp+4AGKBYQPyaBN6cFMl9j4ER/JpJTcGBdaUteSmx8P8FkURmv/LWV1FpO\n"
+                "M3RWvsiC5UAsei2G+vwTVuQpOPjKKAx+qwftr9Qs2mSkPNjNLpWHK68EZkIw+h04TQkt0Q99Dirg\n"
+                "0BcrPgHTVKjiK8mdZ6w6gcld/h/FOKYMqJrP0Z+2\n"
+            )
+        }
+    },
+    {
+        "method": "securePassthrough",
+        "params": {
+            "request": (
+                "ZE/+XlUmTA9D3DFfp4x3xhS3vdsQ+60tz4TOodtZDby/4DPoqk9EBvJZ1JtUCr5c0AHuv/sfwcvN\n"
+                "Vx1zJP9RkltrAKVTWoaESAeewLozpXt/x0s/jkYC1rh7eTrxm+nYTZ5LJgNtcQq8yJxhEPez1w==\n"
+            )
+        }
+    }
+]
+
+# Sende die Payloads sequenziell per POST-Anfrage
+for idx, payload in enumerate(payloads, start=1):
+    response = requests.post(url, headers=headers, data=json.dumps(payload))
+    print(f"Anfrage {idx}:")
+    print("Status Code:", response.status_code)
+    print("Response Text:", response.text)
+    print("-" * 60)