Sign in to follow this  
Followers 0
MAS

_WinHttpCrackUrl doesn't work with my URL

8 posts in this topic

Hello

I want to crack a URL by using the _WinHttpCrackUrl() function located in

>winhttp UDF 

It goes well for some URL's but for other URL's it gives error and sets the @error to 1

the URL and my example

#include "WinHttp.au3"
#include <Array.au3>


$url = "http://www.domain.com/dm/r.php?r=m%7C%23%23%7Cgh-oiv_%2Cf8t%2Cxg4%7C%23%23%7CWINbf%7C%23%23%7CCz1ytu9w%200%2F19%20%5C%5CMIDOOOcc%7C%7CccFt22%20Cz1ytu9w%200%2F19%20M5%2Czzzcc%7C%7CccUv9w%200%2F19%20M5%2Czcc%7C%7CccWzw3vu%2Fu5z0%20%2F-u5s9%20z0%20N9uBTbT-y5yb%7BfAjljEgBcFFnhcjAgncAkfCcjAhemfmElBAn%7D%20%28nninihCnnnnf%29cc%7C%7CccN9uBTbT-y5yb%7BmfmnhfhjchjmkcjiBfcBAkCcjBjAlmjnAmei%7D%20%28nninihCnnnnm%29cc%7C%7CccN9uBTbT-y5yb%7BfBEkfhikcBnilcjhmAcAngmcCkFfnkhmlBEA%7D%20%28BfghkFnCglek%29cc%7C%7CccSz8ur%2Fw9%20s9wv5z0%20W50%2Czrv%20f%20E0u9wyw5v9cc%7C%7CccWzw3vu%2Fu5z0%20%2Cz1%2F50%20WORKGROUPcc%7C%7CccLz7z0%20%2Cz1%2F50%20M5%2Czzzcc%7C%7CccCOM%20Oy90%20T519ztu%20%28v9-%29%20ncc%7C%7CccCOM%20S90%2C%20Czt0u%20%28_pu9%29%20mhcc%7C%7CccCOM%20S90%2C%20T519ztu%20%281v9-%29%20lincc%7C%7CccT69%20-z11%2F0%2C%20-z1y29u9%2C%20vt--9vv8t22p.cc%7C%7Ccc"


$aUrl = _WinHttpCrackUrl($url)

MsgBox(0, "Error", @error)

_ArrayDisplay($aUrl, "_WinHttpCrackUrl()")

if anyone can help in this thanks

Share this post


Link to post
Share on other sites



This works for me:

#include "WinHttp.au3"
#include <Array.au3>

$url = "http://www.domain.com/dm/r.php?r=m%7C%23%23%7Cgh-oiv_%2Cf8t%2Cxg4%7C%23%23%7CWINbf%7C%23%23%7CCz1ytu9w%200%2F19%20%5C%5CMIDOOOcc%7C%7CccFt22%20Cz1ytu9w%200%2F19%20M5%2Czzzcc%7C%7CccUv9w%200%2F19%20M5%2Czcc%7C%7CccWzw3vu%2Fu5z0%20%2F-u5s9%20z0%20N9uBTbT-y5yb%7BfAjljEgBcFFnhcjAgncAkfCcjAhemfmElBAn%7D%20%28nninihCnnnnf%29cc%7C%7CccN9uBTbT-y5yb%7BmfmnhfhjchjmkcjiBfcBAkCcjBjAlmjnAmei%7D%20%28nninihCnnnnm%29cc%7C%7CccN9uBTbT-y5yb%7BfBEkfhikcBnilcjhmAcAngmcCkFfnkhmlBEA%7D%20%28BfghkFnCglek%29cc%7C%7CccSz8ur%2Fw9%20s9wv5z0%20W50%2Czrv%20f%20E0u9wyw5v9cc%7C%7CccWzw3vu%2Fu5z0%20%2Cz1%2F50%20WORKGROUPcc%7C%7CccLz7z0%20%2Cz1%2F50%20M5%2Czzzcc%7C%7CccCOM%20Oy90%20T519ztu%20%28v9-%29%20ncc%7C%7CccCOM%20S90%2C%20Czt0u%20%28_pu9%29%20mhcc%7C%7CccCOM%20S90%2C%20T519ztu%20%281v9-%29%20lincc%7C%7CccT69%20-z11%2F0%2C%20-z1y29u9%2C%20vt--9vv8t22p.cc%7C%7Ccc"
$aUrl = _WinHttpCrackUrl($url, $ICU_DECODE)
MsgBox(0, "Error", @error)
_ArrayDisplay($aUrl, "_WinHttpCrackUrl()")
1 person likes this

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

Ok thanks jchd

so It must be decoded first

Share this post


Link to post
Share on other sites

Looks like.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

not working after completing the script as the URL contains spaces, hashes and slashes so it must be sent encoded to the server

Share this post


Link to post
Share on other sites

 

Maybe

$aUrl = _WinHttpCrackUrl($url, $ICU_ESCAPE + $ICU_DECODE)

 

yes now working and sending correct data

Thanks JohnOne  :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • jesus40
      By jesus40
      Hello friends, i have a working curl command that show informations about my account on binance.com, but_it dont work with autoit code without curl.exe.
      I want to do it without curl, because the whole process much Slower_ with StdoutRead (I want get the response in variable.)
      My Curl command in Autoit:
      This 2 are works, but_ i would like to do it without curl.exe
      $apikey="XYZ" sCommand = @ScriptDir & '\curl.exe -k -H "X-MBX-APIKEY: ' & $apikey & '" -X GET "https://api.binance.com/api/v3/account?' & $request the same in .bat  file
      curl.exe -k -H "X-MBX-APIKEY: XYZ" -X GET "https://api.binance.com/api/v3/account?timestamp=1514917812000&signature=85bdee77e53cd521e1d5229fbfb459d53799c42b3fa4596d73f1520fad5f965a" (I use curl with -k option which allows curl to make insecure connections, because there is problem with the sites certificate, (cURL error 60))
       
      I tried many variations, this is the latest... I cant get the same response.
      curl $error message (I changed ): {"code":-2015,"msg":"Invalid API-key, IP, or permissions for action."}
      autoit version $error message (Response code:400): Mandatory parameter 'timestamp' was not sent, was empty/null, or malformed.
       
      $request = $query & '&signature=' & $signature $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("GET", "https://api.binance.com/api/v3/account", False) $oHTTP.SetRequestHeader("X-MBX-APIKEY", $apikey) $oHTTP.Send($request) $oReceived = $oHTTP.ResponseText $oStatusCode = $oHTTP.Status If $oStatusCode <> 200 then MsgBox(4096, "Response code", $oStatusCode) EndIf  
      thanks
    • AlwaysLearning
      By AlwaysLearning
      Hello,
      I have been struggling with this for nearly 20 hours, and I just cannot seem to figure out the formatting for the header request.
      To test this, you will need to use this api key I set up for your testing purposes. (note, I sent tracexx a direct message about this as I didn't realize I could limit API restrictions until just now, so I am now hoping on of you may have the answer on hand)
      I need to be able to GET balance and POST orders.
      Right now, I can't get past the 401/403 errors on my own.
      I believe the Content is formatted for JSON, but using the JSON format didn't work for me ( although that may be because I'm an idiot and formatted something wrong).
      I want to get:
      GET balance page POST delete order page Here is a temporary API key + Secret API key with only the "View Balance Page" and "Delete Order" functions enabled:
      Access-key: tq6GeUrEvfxyF-LG
      Secret Access-Key: cZlz75K1wb8-Ed67pRaXvUWTPW6RTH9q

      Here is the site's API guide (I followed this closely and doubt the error is there): https://coincheck.com/documents/exchange/api#libraries
       
      And here is running source code (needs those keys inputted) which will hash the above keys to the required HMAC SHA256:
      #include <Crypt.au3> #include<WinHttp.au3> Global Const $CALG_SHA_256 = 0x0000800c ;; ===== $api = "/api/accounts/balance" $accessNonCE = _TimeGetStamp() $url = "https://coincheck.com/api/accounts/balance" $body = "" WinHTTP($url, $body) Func WinHTTP($sUrl, $sBody) Local $hOpen = _WinHttpOpen() Local $hConnect = _WinHttpConnect($hOpen, "https://coincheck.com/api/accounts/balance") ; Specify the reguest: ;Local $hRequest = _WinHttpOpenRequest($hConnect, Default, $sApi) $accessKey = "" ;; Add the key from above $secretKey = "" ;; Add the secret key from above $message = $accessNonCE & $sUrl $BinarySignature = HMAC($secretKey, $message) $signature = _Base64Encode($BinarySignature) ;Encode signature Local $hRequest = _WinHttpOpenRequest($hConnect, "GET") _WinHttpAddRequestHeaders($hRequest, 'ACCESS-KEY: '&$accessKey) _WinHttpAddRequestHeaders($hRequest, 'ACCESS-NONCE: '&$accessNonCE) _WinHttpAddRequestHeaders($hRequest, 'ACCESS-SIGNATURE: '&$signature) ; Send request _WinHttpSendRequest($hRequest) ; Wait for the response _WinHttpReceiveResponse($hRequest) Local $sHeader = _WinHttpQueryHeaders($hRequest) ; ...get full header Local $sData = _WinHttpReadData($hRequest) ; Clean _WinHttpCloseHandle($hRequest) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) ; Display retrieved data MsgBox(0, "Data", $sData) EndFunc Func sha256($message) Return _Crypt_HashData($message, $CALG_SHA_256) EndFunc Func HMAC($key, $message, $hash="sha256") Local $blocksize = 64 Local $a_opad[$blocksize], $a_ipad[$blocksize] Local Const $oconst = 0x5C, $iconst = 0x36 Local $opad = Binary(''), $ipad = Binary('') $key = Binary($key) If BinaryLen($key) > $blocksize Then $key = Call($hash, $key) For $i = 1 To BinaryLen($key) $a_ipad[$i-1] = Number(BinaryMid($key, $i, 1)) $a_opad[$i-1] = Number(BinaryMid($key, $i, 1)) Next For $i = 0 To $blocksize - 1 $a_opad[$i] = BitXOR($a_opad[$i], $oconst) $a_ipad[$i] = BitXOR($a_ipad[$i], $iconst) Next For $i = 0 To $blocksize - 1 $ipad &= Binary('0x' & Hex($a_ipad[$i],2)) $opad &= Binary('0x' & Hex($a_opad[$i],2)) Next Return Call($hash, $opad & Call($hash, $ipad & Binary($message))) EndFunc Func _TimeGetStamp() Local $av_Time $av_Time = DllCall('CrtDll.dll', 'long:cdecl', 'time', 'ptr', 0) If @error Then SetError(99) Return False EndIf Return $av_Time[0] EndFunc Func _Base64Encode($input) $input = Binary($input) Local $struct = DllStructCreate("byte[" & BinaryLen($input) & "]") DllStructSetData($struct, 1, $input) Local $strc = DllStructCreate("int") Local $a_Call = DllCall("Crypt32.dll", "int", "CryptBinaryToString", _ "ptr", DllStructGetPtr($struct), _ "int", DllStructGetSize($struct), _ "int", 1, _ "ptr", 0, _ "ptr", DllStructGetPtr($strc)) If @error Or Not $a_Call[0] Then Return SetError(1, 0, "") ; error calculating the length of the buffer needed EndIf Local $a = DllStructCreate("char[" & DllStructGetData($strc, 1) & "]") $a_Call = DllCall("Crypt32.dll", "int", "CryptBinaryToString", _ "ptr", DllStructGetPtr($struct), _ "int", DllStructGetSize($struct), _ "int", 1, _ "ptr", DllStructGetPtr($a), _ "ptr", DllStructGetPtr($strc)) If @error Or Not $a_Call[0] Then Return SetError(2, 0, ""); error encoding EndIf Return DllStructGetData($a, 1) EndFunc ;==>_Base64Encode
       
    • wakillon
      By wakillon
      HttpHeaderWatcher v1.0.1.3
       

      Some time ago, some members asked how to see the Http Requests.
      There are quite a few external applications but not in AutoIt!
      HttpHeaderWatcher in association with WinPcap, very modestly solves this lack.
       
      Once done this http watcher, i asked me : why not Re-build a WinHttp Request in AutoIt from a selected Request in one Click ?
      So i have added a "Create au3" button who open the WinHttp Request of your choice in AutoIt format in SciTE Editor.
      Voila voila, hope it can help ! 
      Buttons were made online with chimply.com the easy and free buttons generator !
      See Help for more infos.
      previous downloads : 253
      source and executable are available in the Download Section
      Hope you like it !
    • nhardel
      By nhardel
      I have been working on trying to develop some scripts to interface with the REST/JSON API from the Orion SDK.  This is where I will ask my questions and hopefully get some community responses that could help benefit others. 
      https://github.com/solarwinds/OrionSDK
      I am trying to create examples of how to interface with the API from autoit.  This should be a knowledge dump for this task. 
    • n3wbie
      By n3wbie
      How to send Requests on https Website
      I tried using
      ObjCreate("winhttp.winhttprequest.5.1")
      But m not Receiving Any response
      m able to retrive https://google.com but same is not available on other site( https://gst.gov.in )
      kindly help me