Sign in to follow this  
Followers 0
/dev/null

COM problem with WinHTTP

4 posts in this topic

Hi guys,

I'm doing this:

$oMyError = ObjEvent("AutoIt.Error","MyErrFunc") 

$obj = ObjCreate ("winhttp.winhttprequest.5.1")

;----- setting this option should ignore SSL errors according to the following link:

$WinHttpRequestOption_SslErrorIgnoreFlags = 3
$obj.option($WinHttpRequestOption_SslErrorIgnoreFlags) = 0x3300

$obj.open ("GET", "https://securityalliance.com/")
$obj.send ()

Func MyErrFunc() 
   $HexNumber=hex($oMyError.number,8) 
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
               "Description is: " & $oMyError.description & @CRLF & _
               "Number is: " & $HexNumber & @CRLF & _
               "Source: " & $oMyError.source & @CRLF & _
               "Scriptline: " & $oMyError.scriptline & @CRLF & _
               "Windescription is: " & $oMyError.windescription ) 
Endfunc

I'm trying to connect to a https web site. However, there are some problems with this site (see code).

1.) The CN of the cert does not match if I request securityalliance.com instead of www.securityalliance.com

2.) The server requests a client certificate.

Now, with the help of SvenP I figured out, that I had to set some options for WinHTTP to ignore SSL errors. That's what the two lines with WinHttpRequestOption_SslErrorIgnoreFlags are supposed to do. However, I still get the same errors. According to WinHTTP Enumerations this should work.

Any idea?

Thanks

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I don't have the cert to know what you see, but this worked for me to get in.

$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

$obj = _IE_connect("https://www.securityalliance.com/")

Func MyErrFunc()
   $HexNumber=hex($oMyError.number,8)
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
               "Description is: " & $oMyError.description & @CRLF & _
               "Number is: " & $HexNumber & @CRLF & _
               "Source: " & $oMyError.source & @CRLF & _
               "Scriptline: " & $oMyError.scriptline & @CRLF & _
               "Windescription is: " & $oMyError.windescription ,5)
Endfunc

Func _IE_connect($url = "www.autoitscript.com")
   Dim $ObjShell = ObjCreate ("Shell.Application")
   Dim $ObjShellWindows = $ObjShell.Windows (); collection of all ShellWindows (IE and File Explorer)
   Global $ObjIE
   
   For $Window in $ObjShellWindows
      If StringInStr($window.LocationURL, $url) > 0 Then
         $ObjIE = $Window
         ExitLoop; We found it...
      Else
         $ObjIE = 0
      EndIf
   Next
   
   If isObj ($ObjIE) Then
      ConsoleWrite("--> $ObjIE now points to an IE Instance connected" & @CR)
   Else
      $ObjIE = ObjCreate ("InternetExplorer.Application")
      
      With $ObjIE
      .Visible = True
      .Navigate ($url)
      Do
         Sleep(50)
      Until .ReadyState = 4
      EndWith
      ConsoleWrite("--> No IE instance was found connected so made one" & @CR)
   EndIf
   Return $ObjIE
EndFunc ;==>_IE_connect

as far as the

1.) The CN of the cert does not match if I request securityalliance.com instead of www.securityalliance.com

part, well if they use frames this runs into the same issues. You really need to stay on the full URL. Many things are very perticular due to spoofing and such. As such, they have a lot of security measures in place to make sure that it is a secure communication.

if you want to use winhttprequest try looking into:

http://msdn.microsoft.com/library/en-us/wi...certificate.asp

Edited by scriptkitty

AutoIt3, the MACGYVER Pocket Knife for computers.

Share this post


Link to post
Share on other sites

I don't have the cert to know what you see, but this worked for me to get in.

I'll try your script. Setting a client cert will not work, as I don't have one. I just need to

test if the website is online. To do this I would like to grab the HTML source and search for some known keywords (just to be sure I contacted the correct server).

Thanks

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

I think the problem is right here:

$obj.option($WinHttpRequestOption_SslErrorIgnoreFlags) = 0x3300

AutoIt3 does not support this kind of syntax. The value of option() doesn't change at all. ;) Check it with the following code in SciTE:

ConsoleWrite($obj.option($WinHttpRequestOption_SslErrorIgnoreFlags))

You'll see.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0