Jump to content
Sign in to follow this  
taylansan

HTTP Success / Failed Login Separation

Recommended Posts

Dear AutoIt Community,

I have checked some HTTP examples in the forums. So, I created a basic script as the following:

$login = ObjCreate("winhttp.winhttprequest.5.1")

$sUsername = "ty"
$sPassword = "AAbb11!!"

Local $url = "http://192.168.182.160:9889/authenticate.action"
$login_packet = "username=" & $sUsername & "&password=" & $sPassword & "&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default"
$login.open("POST", $url)
$login.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
$login.send($login_packet)
$login.WaitForResponse()
$cookies = $login.GetAllResponseHeaders()
ConsoleWrite($cookies & @CRLF)

Actually, the username and password is correct. I got the following response:

Cache-Control: no-store,no-cache
Date: Wed, 27 May 2015 12:33:22 GMT
Content-Length: 95
Content-Type: text/plain;charset=UTF-8
Server: OpenAS
Set-Cookie: session_cookie=34431a76-54d5-498f-aae2-866dd5199304; Path=/; HttpOnly
Set-Cookie: JSESSIONID=3FCE7FEE16230EF25BD2DFA280958212; Path=/; HttpOnly

If I change the username or password, I want to a failed login, I got this:

Cache-Control: no-store,no-cache
Date: Wed, 27 May 2015 12:34:25 GMT
Content-Length: 87
Content-Type: text/plain;charset=UTF-8
Server: OpenAS
Set-Cookie: session_cookie=01a233ed-a008-496a-89b1-0d044d03949a; Path=/; HttpOnly
Set-Cookie: JSESSIONID=4350A7C51D6C0E7F294ED9D6E08DB9A6; Path=/; HttpOnly

Only the session cookie and session ID is changed. But there is no result whether I failed to login.

 

Here is the successful HTTP result:

http://192.168.182.160:9889/authenticate.action

POST /authenticate.action HTTP/1.1
Host: 192.168.182.160:9889
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.182.160:9889/login.action?ssoLogin=true
Content-Length: 148
Cookie: session_cookie=77e59d47-fa86-4ce4-87c2-8486e68c7dbd; JSESSIONID=05788845F16A110B6C7747DFDB9B7F3F; bme_locale_session=en_US; sna_cookie=; locale_cookie=en_US; access_time_cookie=0
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
username=ty&password=AAbb11!!&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default
HTTP/1.1 200 OK
Cache-Control: no-store,no-cache
Set-Cookie: session_cookie=99e86bd3-6308-4ce1-ab29-960aa69147e9; Path=/; HttpOnly
Set-Cookie: sna_cookie=99e86bd3-6308-4ce1-ab29-960aa69147e9; Path=/; HttpOnly
Set-Cookie: locale_cookie=en_US; Expires=Fri, 26-Jun-2015 10:31:48 GMT; Path=/
Set-Cookie: JSESSIONID=56472DD2CEBF17A3218C3765585380A9; Path=/; HttpOnly
Content-Type: text/plain;charset=UTF-8
Content-Length: 49
Date: Wed, 27 May 2015 10:31:47 GMT
Server: OpenAS

Here is the failed HTTP result:

http://192.168.182.160:9889/authenticate.action

POST /authenticate.action HTTP/1.1
Host: 192.168.182.160:9889
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.182.160:9889/login.action?ssoLogin=true
Content-Length: 149
Cookie: session_cookie=acec9a18-b702-4f7b-96c6-667a7b35ac08; JSESSIONID=4211585FF6FE3DFC19FEF39196DCB61A; bme_locale_session=en_US
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
username=ty&password=dsadsadsa&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default
HTTP/1.1 200 OK
Cache-Control: no-store,no-cache
Content-Type: text/plain;charset=UTF-8
Content-Length: 111
Date: Wed, 27 May 2015 11:21:43 GMT
Server: OpenAS

 

As I see, the successful result includes cookies and session ID; but failed result doesn't include these.

I wonder why the result of the script for failed attempt still showing session ID.

Can you please tell me what to modify in my script in order not to get session ID when login failed?

Any comments are welcome, thanks.


TY.

Share this post


Link to post
Share on other sites

Hello, still need some advice on this. Thanks again.

Sorry for duplicate message. Because of the massive Korean spam yesterday, I thought people couldn't see my post.


TY.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By argumentum
      I can TCP/IP in AutoIt, hence, make a HTTP deamon. Now, how can I HTTPS to use SSL !??
      Well, Apache has this "mod_proxy.so" module that can let me have SSL and what not is in Apache.
      All that is needed is to tell Apache what I wanna do by editing httpd.conf .
      # Implements a proxy/gateway for Apache. # 1. Open /Applications/XAMPP/etc/httpd.conf # 2. Enable the following Modules by removing the # at the front of the line. # - LoadModule rewrite_module modules/mod_rewrite.so # - LoadModule proxy_module modules/mod_proxy.so # - LoadModule proxy_http_module modules/mod_proxy_http.so # # 3. Copy and Paste below to the bottom of httpd.conf # <IfModule mod_proxy.c> ProxyRequests On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyVia Off ProxyPreserveHost Off ProxyPass /home/ http://127.0.0.1:84/home/ ProxyPassReverse /home/ http://127.0.0.1:84/home/ SetEnv proxy-nokeepalive 1 # ..since we are not using "keep-alive", we are using "close" </IfModule> ...et voila  
      I'm using XAMPP ( https://www.apachefriends.org/download.html )
      and this is my solution to avoid coding in PHP, as I feel more comfortable coding in AutoIt.
      A "muli-thread or concurrency" can be done by forking the socket ( https://www.autoitscript.com/forum/topic/199177-fork-udf-ish/ )
      but responses are under 20 ms., so I feel fine with a single thread.
      I modified an example ( attached below ), so can try out the concept.
      PS: I am not an Apache guru. I just discovered this and it opens a world of possibilities. In my case, I'm thinking of an API to query SQLite 
      PS2: I'm not gonna make Poll but do click like if you do  
       
      201673-json-http-post-serverlistener.au3
    • By Roy_
      Ciao,
      This example reproduces the problem I encounter when sending a post request to an echo server.
      Instead of being sent as text utf8, the data is transmitted base64 encoded.
      Example:
      - json String: '{"firstName":"Jonathan","lastName":"Freeman","loginCount":4,"active": "yes","text":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vel volutpat nunc. Maecenas id tempus mi. Morbi ipsum enim, ultricies ac augue sit amet, ullamcorper finibus ex. Vestibulum vel posuere nibh, nec faucibus eros. Nam malesuada non lacus a suscipit. Nulla rhoncus tempus mi quis placerat. Curabitur commodo tincidunt justo quis sollicitudin."}'
      - server response: "data:application/octet-stream;base64,AAAAALgE6QNYAIAAAgAAANQCAAAAAAAAWF8AAAAAAAD0VQAAAAAAAD9APQAAAAAAAwAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAABBAAAAAAABRUAAAAmIZwcAbRt8/LMa9UAAAAAAAAAAGFzIGlkIHRlbXB1cyBtaS4gTW9yYmkgaXBzdW0gZW5pbSwgdWx0cmljaWVzIGFjIGF1Z3VlIHNpdCBhbWV0LCB1bGxhbWNvcnBlciBmaW5pYnVzIGV4LiBWZXN0aWJ1bHVtIHZlbCBwb3N1ZXJlIG5pYmgsIG5lYyBmYXVjaWJ1cyBlcm9zLiBOYW0gbWFsZXN1YWRhIG5vbiBsYWN1cyBhIHN1c2NpcGl0LiBOdWxsYSByaG9uY3VzIHRlbXB1cyBtaSBxdWlzIHBsYWNlcmF0LiBDdXJhYml0dXIgY29tbW9kbyB0aW5jaWR1bnQganVzdG8gcXVpcyBzb2xsaWNpdHVkaW4uIn0="
       
      How can I go about transmitting data in text format utf8?
      Thanks in advance for the help.
      In the zip file:
      - CurlJsonPost.au3: this script
      - Curl.au3: UDF by Ward (thank you!)
      - data.json: json srting for command line test
       
      Note: using Curl.exe with json string saved in a file (utf8 encoded) named data.json, works perfectly
      To try with the command line tool:
      - save data.json in curl\bin directory
      - open cmd.exe and cd to curl\bin directory
      - Enter the following command:
      curl -H "Content-Type: application/json" --data @data.json https://httpbin.org/post
       
      #Include "Curl.au3" Global $_cURL_OutputBuffer Local $sJson = '{"firstName":"Jonathan","lastName":"Freeman","loginCount":4,"active": "yes","text":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi vel volutpat nunc. Maecenas id tempus mi. Morbi ipsum enim, ultricies ac augue sit amet, ullamcorper finibus ex. Vestibulum vel posuere nibh, nec faucibus eros. Nam malesuada non lacus a suscipit. Nulla rhoncus tempus mi quis placerat. Curabitur commodo tincidunt justo quis sollicitudin."}' Local $iRetCode, $sServerResponse ConsoleWrite("=== Json post test ===" & @LF) ConsoleWrite(StringFormat("Retcode: %s - %s", $iRetCode, Curl_Easy_strerror($iRetCode)) & @LF) ConsoleWrite("Data returned from server" & @LF & @LF) $sServerResponse = JsonPost_Test($sJson, $iRetCode) ConsoleWrite($sServerResponse & @LF) Func JsonPost_Test($sJson, ByRef $iRetCode) ; Init Easy Curl Interface e set url (echo service) Local $oCurl = Curl_Easy_Init() curl_easy_setopt($oCurl, $CURLOPT_URL, "https://httpbin.org/post") ; Set content type header Local $headers = curl_slist_append(0, "Content-Type: application/json") curl_easy_setopt($oCurl, $CURLOPT_HTTPHEADER, $headers) ; Post fields & size curl_easy_setopt($oCurl, $CURLOPT_POSTFIELDS, $sJson) curl_easy_setopt($oCurl, $CURLOPT_POSTFIELDSIZE, StringLen($sJson)) ; Set callbac function to get server response back (see global var $_cURL_OutputBuffer) $hWriteFunc = DllCallbackRegister("WriteFunc_CallBack", "uint:cdecl", "ptr;uint;uint;ptr") curl_easy_setopt($oCurl, $CURLOPT_WRITEFUNCTION, DllCallbackGetPtr($hWriteFunc)) ; Ignore ssl certificates check curl_easy_setopt($oCurl, $CURLOPT_SSL_VERIFYPEER, 0) curl_easy_setopt($oCurl, $CURLOPT_SSL_VERIFYHOST, 0) ; Execute the post request $iRetCode = curl_easy_perform($oCurl) ; Set return trasfer & clear output buffer global var Local $sReturnTransfer = $_cURL_OutputBuffer $_cURL_OutputBuffer = "" Return SetError(0, 0, $sReturnTransfer) EndFunc Func WriteFunc_CallBack($ptr,$nSize,$nMemb,$pStream) Local $vData = DllStructCreate ("byte[" & $nSize*$nMemb & "]",$ptr) $_cURL_OutputBuffer &= BinaryToString(DllStructGetData($vData,1)) Return $nSize*$nMemb EndFunc  
      curlJsonPost.zip
    • By nacerbaaziz
      hello sirs
      please i want to use the WinHttp to get the google drive file title using the api
      i searched in the forom but i didn't found any Google drive api UDF
      for that i liked to ask you for that
      i had read the google drive api documentation but i couldn't do it
      please help me
      here is the api doc
      note i've got the apikey and i have the file id
      what i want is to get the title of the file (the file name)
      because i want to download the files from the google drive using the autoit
      please help me for that
      am sorry because i didn't gave you any example or what i tried but all what tried was  failed
      thanks in advance
    • By nacerbaaziz
      hello sirs, please i created a tool witch get the focused control in a window and play a audio file linked with this controls
      e.g buttons, checkBoxes, radios, comboboxes, and others
      i know that their is a function that give us the control focus but it return the classNN
      i want to get the class name to use it with a switch and
      because their are more than class e.g button tbutton timagebutton tnewButton...
      please can any one help me to get the class name not the classnn
      thanks in advance
×
×
  • Create New...