How to fill and send forms without using IE.au3?

[Mithrandir]

I have been searching around the forum and I read some threads about an UDF called WinHTTP.au3 and using the post method but I would like some directions to search for documentation, tutorials or examples. From what I read, I understood that the POST method is useful for login ie sending username and password but I also read that it is useless when sending large amounts of data in which case GET method should be used. The problem is that the forms that I know to post a message in a forum use POST method, but in this case they are processing large amounts of data (images, youtube videos, flash in some cases) so is this contradictory? As you can see I have some questions that maybe with a good read of some documentation and tutorials I should solve them or at least ask them more specifically. Thanks for your help!

[wakillon]

There is a WinHttp.chm file with examples with the last WinHttp_1.6.1.7\WinHttp.au3 !

[Mithrandir]

There is a WinHttp.chm file with examples with the last WinHttp_1.6.1.7\WinHttp.au3 !

Ok thanks! I found this thread: http://www.autoitscript.com/forum/index.php?showtopic=84133 where it is attached winhttp.au3 . Now, I also found this thread in the spanish forum: http://www.emesn.com/autoitforum/viewtopic.php?f=3&t=2316 where they point to another library, http.au3 . What's the difference between them?

[wakillon]

WinHttp.au3 seems to be more complete and recent...

[Mithrandir]

Well I have been modifying the example of _WinHttpAddRequestHeaders of winhttp.au3 to make the login of the autoit forum but it shows "!No data available."

Here's what I tried so far:

expandcollapse popup

#AutoIt3Wrapper_AU3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6

#include "WinHttp.au3"

Opt("MustDeclareVars", 1)

; !!!Note that this example will fail because of invalid username and password!!!

Global $sAddress = "http://www.autoitscript.com"; I also tried http://www.autoitscript.com/forum/index.php?app=core&module=global&section=login
Global $sUserName = "myusername"
Global $sPassword = "mypassword"
; Post data:
Global $sPostData = "referer=http%3A%2F%2Fwww.autoitscript.com%2Fforum%2Findex.php%3Fact%3Didx&username="&$sUserName&"&password="&$sPassword&"&rememberMe=1"

; Initialize and get session handle
Global $hOpen = _WinHttpOpen("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 (.NET CLR 3.5.30729)")

; Get connection handle
Global $hConnect = _WinHttpConnect($hOpen, $sAddress)

; Make a request
Global $hRequest = _WinHttpOpenRequest($hConnect, _
        "POST", _
        "/forum/index.php?app=core&module=global&section=login&do=process", _
        Default, _
        "http://www.autoitscript.com/forum/index.php?app=core&module=global&section=login", _
        "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")


; Enable cookies for sure
_WinHttpSetOption($hRequest, $WINHTTP_OPTION_DISABLE_FEATURE, $WINHTTP_DISABLE_COOKIES)

; Add header fields to the request
_WinHttpAddRequestHeaders($hRequest, "Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3")
_WinHttpAddRequestHeaders($hRequest, "Content-Type: application/x-www-form-urlencoded")
_WinHttpAddRequestHeaders($hRequest,"Accept-Encoding: gzip,deflate")
_WinHttpAddRequestHeaders($hRequest, "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7")
_WinHttpAddRequestHeaders($hRequest, "Keep-Alive: 115")
_WinHttpAddRequestHeaders($hRequest, "Connection: keep-alive")

; Send it
_WinHttpSendRequest($hRequest, $WINHTTP_NO_ADDITIONAL_HEADERS, $sPostData)
; Wait for the response
_WinHttpReceiveResponse($hRequest)
; Check if there is a response
Global $sHeader, $sReturned
If _WinHttpQueryDataAvailable($hRequest) Then
    $sHeader = _WinHttpQueryHeaders($hRequest)
    MsgBox(64, "Header", $sHeader)
    Do
        $sReturned &= _WinHttpReadData($hRequest)
    Until @error
    ; Print returned
    ConsoleWrite($sReturned)
Else
    ConsoleWriteError("!No data available." & @CRLF)
    MsgBox(48, "Failure", "No data available.")
EndIf

; Close handles
_WinHttpCloseHandle($hRequest)
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)

I used the plugin http live headers of firefox to see what was being sent while manually login in (I edited my data and the cookie just in case):

expandcollapse popup

http://www.autoitscript.com/forum/index.php?app=core&module=global&section=login&do=process

POST /forum/index.php?app=core&module=global&section=login&do=process HTTP/1.1
Host: www.autoitscript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.autoitscript.com/forum/index.php?app=core&module=global&section=login
Cookie: autoitforumsession_id=***; autoitforumitemMarking_forums_items=***; autoitforummember_id=***; autoitforumpass_hash=***; autoitforumcoppa=***; autoitforummqtids=***; autoitforumsfc=***; autoitforumsfct=WinHttp.au3; autoitforumanonlogin=-1
Content-Type: application/x-www-form-urlencoded
Content-Length: 125
referer=http%3A%2F%2Fwww.autoitscript.com%2Fforum%2Findex.php%3Fact%3Didx&username=myuser&password=mypass&rememberMe=1
HTTP/1.1 200 OK
Date: Wed, 20 Oct 2010 02:20:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Set-Cookie: autoitforumsession_id=***; path=/forum/; domain=.autoitscript.com; httponly
Set-Cookie: autoitforummember_id=***; expires=Thu, 20-Oct-2011 02:20:01 GMT; path=/forum/; domain=.autoitscript.com; httponly
Set-Cookie: autoitforumpass_hash=***; expires=Wed, 27-Oct-2010 02:20:01 GMT; path=/forum/; domain=.autoitscript.com; httponly
Set-Cookie: autoitforumcoppa=0; path=/forum/; domain=.autoitscript.com
Set-Cookie: autoitforumsession_id=***; path=/forum/; domain=.autoitscript.com; httponly
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 1219
Keep-Alive: timeout=2, max=1000
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
----------------------------------------------------------
http://www.autoitscript.com/forum/index.php?act=idx

GET /forum/index.php?act=idx HTTP/1.1
Host: www.autoitscript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.autoitscript.com/forum/index.php?app=core&module=global&section=login&do=process
Cookie: autoitforumsession_id=***; autoitforumitemMarking_forums_items=***;
autoitforummember_id=***; autoitforumpass_hash=***; autoitforumcoppa=***; autoitforummqtids=***; autoitforumsfc=***; autoitforumsfct=WinHttp.au3; autoitforumanonlogin=-1

HTTP/1.1 200 OK
Date: Wed, 20 Oct 2010 02:20:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Set-Cookie: autoitforumpass_hash=***; expires=Wed, 27-Oct-2010 02:20:04 GMT; path=/forum/; domain=.autoitscript.com; httponly
Set-Cookie: autoitforumsession_id=***; path=/forum/; domain=.autoitscript.com; httponly
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 8750
Keep-Alive: timeout=2, max=1000
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

Now I realize that there's the string "WinHttp.au3" inside the requests. It's strange!

Anyway, any idea how to continue the code? I didn't tried _WinHttpSimpleFormFill because I can't set the referrer there. My doubts in the code are:

1)In _WinHttpOpenRequest I was not sure what to put in

$sObjectName [optional] The name of the target resource of the specified HTTP verb.

is it the url in the "action" property of the form? or is the url of the form itself? Here is the source of the login form:

expandcollapse popup

<form id="login" method="post" action="http://www.autoitscript.com/forum/index.php?app=core&amp;module=global&amp;section=login&amp;do=process">
            
            <input type="hidden" value="http://www.autoitscript.com/forum/index.php?act=idx" name="referer">
            
            <div id="regular_signin">
                <a id="_regularsignin"></a>
                <h3 class="bar">Enter your sign in name and password</h3>
                <ul>
                    <li class="field">
                        <label for="username">Username:</label>
                        <input type="text" size="25" name="username" class="input_text" id="username">
                    </li>
                    <li class="field">
                        <label for="password">Password:</label>
                        <input type="password" size="25" name="password" class="input_text" id="password"><br>
                        <a title="Retrieve password" class="desc" href="http://www.autoitscript.com/forum/index.php?app=core&amp;module=global&amp;section=lostpass">I've forgotten my password</a>
                    </li>
                </ul>
                
                
                
            </div>
            
            
            <hr>
            <fieldset id="signin_options">
                <legend>Sign in options</legend>
                <ul>
                    <li class="field checkbox">
                        <input type="checkbox" class="input_check" value="1" name="rememberMe" checked="checked" id="remember">
                        <label for="remember">
                            Remember me<br>
                            <span class="desc">This is not recommended for shared computers</span>
                        </label>
                    </li>
                    
                        <li class="field checkbox">
                            <input type="checkbox" class="input_check" value="1" name="anonymous" id="invisible">
                            <label for="invisible">
                                Sign in anonymously<br>
                                <span class="desc">Don't add me to the active users list</span>
                            </label>
                        </li>
                    
                </ul>
            </fieldset>
            <fieldset class="submit">
                <input type="submit" value="Sign In" class="input_submit"> or <a class="cancel" title="Cancel" href="http://www.autoitscript.com/forum/index.php?">Cancel</a>
            </fieldset>
        </form>

2)Also in this part of the example code:

; Enable cookies for sure
_WinHttpSetOption($hRequest, $WINHTTP_OPTION_DISABLE_FEATURE, $WINHTTP_DISABLE_COOKIES)

isn't it actually disabling cookies?

3)Another thing that I don't understand completely is that in an example that it logins into a yahoo account, after executing the script I tried to enter manually in my browser and I wasn't loged in. However, the script showed the body of my mail account at the end of the execution. How can this be?

Sorry for the questions of a beginner and thanks again for your help!

[trancexx]

Don't try to automate logging procedure (or whatever) for this forum. Read this to see why.

Why would referrer matter?

These are like two negations:

_WinHttpSetOption($hRequest, $WINHTTP_OPTION_DISABLE_FEATURE, $WINHTTP_DISABLE_COOKIES)

It means what I said it means. It disables the ability to disable something. Therefore it enables.

WinHttp have nothing to do with your browser. That's why you weren't logged when in your browser afterwards. That's a good thing, you know.

Edited October 20, 2010 by trancexx

[Tvern]

Well I have been modifying the example of _WinHttpAddRequestHeaders of winhttp.au3 to make the login of the autoit forum but it shows "!No data available."

On line 9, remove: "http://" from "$sAddress".

On line 36, remove the entire line: "_WinHttpAddRequestHeaders($hRequest, "Accept-Encoding: gzip,deflate")" (You have no way to unzip the encoded content.)

See if that get's you going again.

I used the plugin http live headers of firefox to see what was being sent while manually login in (I edited my data and the cookie just in case):

As do I and it's usefull, but keep in mind that most headers are added by WinHttp automatically, so once you have something running. See what lines are not needed. Also the reverse is sometimes usefull. Add lines one by one. (would have helped against the Gzip header.

2)Also in this part of the example code:

; Enable cookies for sure
_WinHttpSetOption($hRequest, $WINHTTP_OPTION_DISABLE_FEATURE, $WINHTTP_DISABLE_COOKIES)

isn't it actually disabling cookies?

I think cookies are on by default, but there is a feature to disable them. You're making sure that feature is disabled.

3)Another thing that I don't understand completely is that in an example that it logins into a yahoo account, after executing the script I tried to enter manually in my browser and I wasn't loged in. However, the script showed the body of my mail account at the end of the execution. How can this be?

If you log into yahoo using IE. Are you then logged into yahoo when you go there in Firefox? I see you have set your user agent to firefox, but I don't think the cookiesare shared and there might be other ways Yahoo realises you're not using the same program to view the site after a login.

Sorry for the questions of a beginner and thanks again for your help!

You're doing better than me, when I first tried this UDF. Although it's much better documented now. (Thank you trancexx!)

[Mithrandir]

Don't try to automate logging procedure (or whatever) for this forum. Read this to see why.

Why would referrer matter?

These are like two negations:

_WinHttpSetOption($hRequest, $WINHTTP_OPTION_DISABLE_FEATURE, $WINHTTP_DISABLE_COOKIES)

It means what I said it means. It disables the ability to disable something. Therefore it enables.

WinHttp have nothing to do with your browser. That's why you weren't logged when in your browser afterwards. That's a good thing, you know.

First of all I want to congratulate and praise you (and also ProgAndy and the others) for this great UDF!

Concerning the automation of the login... I have no intentions of abuse. I wanted to practice with an example and I guessed that using another site would be more suspicious -even though as I said I'm just practising- that this one since I would not spoil a community where I learn so many things. Anyway, from now on I won't use autoit site or forum as the rule -which is wise and I truly agree with by the way- says.

Now on the thread topic: I understand the double negation and I agree that it is useful that winhttp and the browser are independent. Concerning the importance of the referrer, I read that some sites don't accept your request if it doesn't come from the correct refferer ie: blank referrers are rejected. Is it blank the referrer in _WinHttpSimpleFormFill?

By the way, every day one learns something new Believe it or not I didn't know the use of &= that you used in

Do
        $sReturned &= _WinHttpReadData($hRequest)
    Until @error
    ; Print returned
    ConsoleWrite($sReturned)

You are like concatenating the requests or adding them to the string variable! Lol, I used to write lines in files one by one

On line 9, remove: "http://" from "$sAddress".

On line 36, remove the entire line: "_WinHttpAddRequestHeaders($hRequest, "Accept-Encoding: gzip,deflate")" (You have no way to unzip the encoded content.)

See if that get's you going again.

As do I and it's usefull, but keep in mind that most headers are added by WinHttp automatically, so once you have something running. See what lines are not needed. Also the reverse is sometimes usefull. Add lines one by one. (would have helped against the Gzip header.

I think cookies are on by default, but there is a feature to disable them. You're making sure that feature is disabled.

If you log into yahoo using IE. Are you then logged into yahoo when you go there in Firefox? I see you have set your user agent to firefox, but I don't think the cookiesare shared and there might be other ways Yahoo realises you're not using the same program to view the site after a login.

You're doing better than me, when I first tried this UDF. Although it's much better documented now. (Thank you trancexx!)

Thanks! I followed your tips and it functioned! Anyway in all the examples I saw that $sVerb and $sObjectName are included. I'm right to say that these two headers are necessary to perform any request? And why it didn't function when sending gzip/deflate with the requests in autoit but it appears when I send the request manually in the browser as it shows live http headers?

I would also like to know where are the cookies obtained with winhttp stored. Or the only way to access them is parsing the response to the request? (I saw in some responses from servers they have the header Set-Cookie: bblastvisit=**** Set-Cookie: bbsessionhash=*** and also Cookie: )

Anyway now I'm understanding more and appreciating the importance of this UDF, one of which is not having to wait for a page to load which happened in IE.au3 and also when a page have more than one redirects you had to use several ieloadwaits and sleeps However, new doubts arised:

1) Is it possible to use several winhttp functions at the same time? because in the function notes it says this:

Caution WinHTTP is not reentrant except during asynchronous completion callback. That is, while a thread has a call pending to one of the WinHTTP functions such as WinHttpSendRequest, WinHttpReceiveResponse, WinHttpQueryDataAvailable, WinHttpSendData, or WinHttpWriteData, it must never call WinHTTP a second time until the first call has completed. One scenario under which a second call could occur is as follows: If an application queues an Asynchronous Procedure Call (APC) to the thread that calls into WinHTTP, and if WinHTTP performs an alertable wait internally, the APC can run. If the APC routine happens also to call WinHTTP, it reenters the WinHTTP API, and the internal state of WinHTTP can be corrupted.

which I think it means it isn't possible.

2) Does winhttp support the ability to stay logged in? Because the function notes says it doesn't support 'cookie persistence' but it does support 'session cookies' . What's the difference between them?

WinHTTP is also designed for use in system services and HTTP-based client applications. WinHTTP is more secure and robust than WinINet. However, single-user applications that require FTP or Gopher protocol functionality, cookie persistence, caching, automatic credential dialog handling, Internet Explorer compatibility, or downlevel platform support should consider using WinInet.

The following features have been added in version 5.1 of WinHTTP:

HTTP/1.0 protocol, including support for keep-alive (persistent) connections and session cookies.

3) If I have already logged in a site using http and received the '200 ok' code in the server response. Is it necessary when actually submitting the POST request to wait for the server response in order to have it delivered properly? Because I remember once that when sending a post by the webrowser and cancelling immediately so the page didn't load completely, the post had gone through anyway. In other words, if I'm not going to use the server response like using _WinHttpReadData it isn't necessary to use _WinHttpReceiveResponse or I am wrong and in order to have my request processed I have to use it?

4) Another thing that I stumbled upon was the internal function __WinHttpURLEncode. Is it related to what Tvern said that winhttp.au3 'resolves' many issues? For instance I remember that in one request info I get with live http headers I got urls like

http%3A%2F%2Fwww.google.com but if I input http://www.google.com in the requests of the functions of winhttp.au3 it went all well -unlike in HTTP.au3 which has a function _HTTPEncodeString($string) which by the way I tested and it returned the same string http://www.google.com without being encoded apparently...- So, can I 'relax' and trust that encoding is taken care of by winhttp.au3 UDF?

5) This question is a bit offtopic since it's about automating the reconnection of my router using winhttp so I made a new thread . In a nutshell, my main problem is not knowing what to input in the parameters $iAuthTargets and $iAuthScheme of _WinHttpSetCredentials.

Edited October 21, 2010 by Mithrandir

[Tvern]

You have allot of questions and they are getting harder to answer for me as I've only recently started using the UDF myself, but I'll give it a shot. I'm sure someone will correct me if I'm wrong.

I see I completely overlooked your question about $sObjectName in your older post. I've used the url of the form sucessfully and guess that's what it has to be

Is it blank the referrer in _WinHttpSimpleFormFill?

I assume some form of standard url is used and I expected to find either the servername used in _WinHttpConnect, the last loaded page, or a blank page, but after a quick look at the function I'm still as clueless as before. Perhaps Trancexx can clarify. It doesn't seem common to allow, or dissallow access based on the referrer though.

I saw that $sVerb and $sObjectName are included. I'm right to say that these two headers are necessary to perform any request?

When opening a request you seem to be poking the server to do something, but you have to tell it what to do ($sVerb) and where to do it ($sObjectName). There might be a "default verb" and you might be able to leave out $sObjectName if you are referring to the main page, but then the server would still know what to do, on what page.

And why it didn't function when sending gzip/deflate with the requests in autoit but it appears when I send the request manually in the browser as it shows live http headers?

I guess most browsers and servers have a way of dealing with gzip as it's very commonly used. It probably wouldn't be hard to add gzip support to WinHttp.au3 if you use an external executable, or dll. However it's probably even easier to not add a header to specifically ask for a return format you can't use.

I would also like to know where are the cookies obtained with winhttp stored. Or the only way to access them is parsing the response to the request? (I saw in some responses from servers they have the header Set-Cookie: bblastvisit=**** Set-Cookie: bbsessionhash=*** and also Cookie: )

2) Does winhttp support the ability to stay logged in? Because the function notes says it doesn't support 'cookie persistence' but it does support 'session cookies' . What's the difference between them?

It's like assigning something to a variable in AutoIt rather than writing it to an file on your hard drive. As long as the script runs it's there, when you close the script it's gone. So unless you store and reset the cookies yourself (don't ask me!) you won't stay logged on. On the plus side you can always enjoy fresh baked cookies!

1) Is it possible to use several winhttp functions at the same time?

AutoIt still has to perform actions one after the other, so it's not technically "at the same time", but you can use a single _WinHttpOpen, to _WinHttpConnect to multiple servers, send requests to multiple pages on each server, read the response from all the different requests back after that and then close all the handles. In short: You can have multiple connections open at the same time and weave the requests together.

3) If I have already logged in a site using http and received the '200 ok' code in the server response. Is it necessary when actually submitting the POST request to wait for the server response in order to have it delivered properly? Because I remember once that when sending a post by the webrowser and cancelling immediately so the page didn't load completely, the post had gone through anyway. In other words, if I'm not going to use the server response like using _WinHttpReadData it isn't necessary to use _WinHttpReceiveResponse or I am wrong and in order to have my request processed I have to use it?

In most cases you will want to know if your POST succeeded, or wait for it to succeed before proceeding, but I can think of exceptions.

* If you want to log into a page and then read some data you need to be logged in for, you'd have high change of failing you you just send the two requests one after the other, so you should check.

* If you want to flood a forum with advertisements for herbal supplements that will make it grow inches, it wouldn't matter if a posts gets lost and they don't have to be posted in the order you are sending them, so you can skip the check.

Can I 'relax' and trust that encoding is taken care of by winhttp.au3 UDF?

It has worked well for me so far is all I can say. The function doesn't seem terribly complicated either, so there is not much space for the bugs to hide.

What to input in the parameters $iAuthTargets and $iAuthScheme of _WinHttpSetCredentials.

I think these are your options:

$WINHTTP_AUTH_SCHEME_BASIC <--- You'll likely want this one as $iAuthScheme

$WINHTTP_AUTH_SCHEME_NTLM

$WINHTTP_AUTH_SCHEME_PASSPORT

$WINHTTP_AUTH_SCHEME_DIGEST

$WINHTTP_AUTH_SCHEME_NEGOTIATE

$WINHTTP_AUTH_TARGET_SERVER <--- You'll likely want this one as $iAuthTargets

$WINHTTP_AUTH_TARGET_PROXY

(Tip: If a global constant is used in the example, it's worth checkign where it's declared to find related constants.)

[Mithrandir]

I think these are your options:

$WINHTTP_AUTH_SCHEME_BASIC <--- You'll likely want this one as $iAuthScheme

$WINHTTP_AUTH_SCHEME_NTLM

$WINHTTP_AUTH_SCHEME_PASSPORT

$WINHTTP_AUTH_SCHEME_DIGEST

$WINHTTP_AUTH_SCHEME_NEGOTIATE

$WINHTTP_AUTH_TARGET_SERVER <--- You'll likely want this one as $iAuthTargets

$WINHTTP_AUTH_TARGET_PROXY

(Tip: If a global constant is used in the example, it's worth checkign where it's declared to find related constants.)

Thanks for all your help and don't worry about my questions, the idea is to learn by exchanging our knowledge. I tried all the combinations that you mentioned but I always received '401 Unauthorized' , here's the code I tried:

***EDIT***

I examined more closely what live http headers traced one last time before replying and I realised what happened. As you can see -I edited in the code the method of Authorization because from what I understood from what I read in Assigning Basic Authorization HTTP Header to HttpWebRequest and in [Tutorial] Router Reconnect mit cURL [Tutorial] Router Reconnect with cURL what follows Authorization: Basic is the user and password encoded in 64 bits or binary and someone could deencode it. Also, I am a bit reliant of posting my IP because I'm afraid someone could login my router although I have Remote Management disabled. I'm right or I'm just paranoid?-

Anyway what happened when login in my router and being prompted to enter my user and pass was this:

http://ip of my router/

GET / HTTP/1.1
Host: ip of my router
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
If-Modified-Since: Tue, 21 Feb 2006 17:44:55 GMT
Authorization: Basic YWR********==

HTTP/1.1 401 Unauthorized
Server: Waveplus HTTPD
Date: Mon, 16 Feb 1970 09:48:58 GMT
WWW-Authenticate: Basic realm=""
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Connection: close

After entering the user and password these headers were traced :

http://my ip/

GET / HTTP/1.1
Host: my ip
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
If-Modified-Since: Tue, 21 Feb 2006 17:44:55 GMT
Authorization: Basic YWR******A==

HTTP/1.1 200 Ok
Server: Waveplus HTTPD
Date: Mon, 16 Feb 1970 09:49:02 GMT
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html; charset=
Last-Modified: Tue, 21 Feb 2006 17:44:56 GMT
Connection: close

And then came headers that are not important which deals with utils.js and css and other things. So what I was doing wrong is that I sent ONE request and obviously I received the 401 response but if then I send another one I would receive the 200 Ok and that's what I did. Now I understand more the process. The moral is: Try to re create everything that is traced by live http headers, step by step. Here's the code so far -I guess that in the first connect is useless to send the credentials but I'm posting this now cause I'm excited for realising by myself and I'm eager to continue working and improving it. Now I have to connect and reconnect and trace the process with live http headers- <--wow I realise that I'm flattering this plugin too much but it is really useful!:

expandcollapse popup

#AutoIt3Wrapper_AU3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6

#include "WinHttp.au3"

Opt("MustDeclareVars", 1)

; My server
Global $sLocalIP = "my ip"
; Initialize and get session handle
Global $hOpen = _WinHttpOpen("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 (.NET CLR 3.5.30729)")
; Get connection handle
Global $hConnect = _WinHttpConnect($hOpen, $sLocalIP)
; Specify the reguest
Global $hRequest = _WinHttpOpenRequest($hConnect,"GET","/sys_status.htm")
; Set credentials
_WinHttpSetCredentials($hRequest, $WINHTTP_AUTH_TARGET_SERVER, $WINHTTP_AUTH_SCHEME_BASIC, "my user", "my password")

If @error = 1 Then
    MsgBox(0,"ERROR","DllCall failed")
EndIf

; Send request
_WinHttpSendRequest($hRequest)
; Wait for the response
_WinHttpReceiveResponse($hRequest)

Global $sHeader, $sReturned
If _WinHttpQueryDataAvailable($hRequest) Then
    $sHeader = _WinHttpQueryHeaders($hRequest)
    MsgBox(64, "Header", $sHeader)
    Do
        $sReturned &= _WinHttpReadData($hRequest)
    Until @error
    ; Print returned
    ConsoleWrite($sReturned)
Else
    ConsoleWriteError("!No data available." & @CRLF)
    MsgBox(48, "Failure", "No data available.")
EndIf
; Close handles
_WinHttpCloseHandle($hRequest)
_WinHttpCloseHandle($hConnect)
;_WinHttpCloseHandle($hOpen)

$hConnect = _WinHttpConnect($hOpen, $sLocalIP)
; Specify the reguest
$hRequest = _WinHttpOpenRequest($hConnect,"GET","/sys_status.htm")
; Set credentials
_WinHttpSetCredentials($hRequest, $WINHTTP_AUTH_TARGET_SERVER, $WINHTTP_AUTH_SCHEME_BASIC, "my user", "my password")

If @error = 1 Then
    MsgBox(0,"ERROR","DllCall failed")
EndIf

; Send request
_WinHttpSendRequest($hRequest)
; Wait for the response
_WinHttpReceiveResponse($hRequest)


If _WinHttpQueryDataAvailable($hRequest) Then
    $sHeader = _WinHttpQueryHeaders($hRequest)
    MsgBox(64, "Header", $sHeader)
    Do
        $sReturned &= _WinHttpReadData($hRequest)
    Until @error
    ; Print returned
    ConsoleWrite($sReturned)
Else
    ConsoleWriteError("!No data available." & @CRLF)
    MsgBox(48, "Failure", "No data available.")
EndIf
; Close handles
_WinHttpCloseHandle($hRequest)
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)

Edited October 22, 2010 by Mithrandir

[Tvern]

Good to hear you got it working.

I don't know if you're being paranoid about the IP thing. I do know the router firmware sometimes gets "improved" by companies that don't know what they're doing and wouldn't be surprised if they introduced a whole bunch of vulnerabilities while doing so, but I know even less about that sort of thing than they do.

The simon says method using Live Headers has worked well for me but you might still run into issues. I did, when I stumbled upon an automatic redirect. (solved in this post if you're interested)