Jump to content
Sign in to follow this  
taylansan

HTTP Success / Failed Login Separation

Recommended Posts

taylansan

Dear AutoIt Community,

I have checked some HTTP examples in the forums. So, I created a basic script as the following:

$login = ObjCreate("winhttp.winhttprequest.5.1")

$sUsername = "ty"
$sPassword = "AAbb11!!"

Local $url = "http://192.168.182.160:9889/authenticate.action"
$login_packet = "username=" & $sUsername & "&password=" & $sPassword & "&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default"
$login.open("POST", $url)
$login.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
$login.send($login_packet)
$login.WaitForResponse()
$cookies = $login.GetAllResponseHeaders()
ConsoleWrite($cookies & @CRLF)

Actually, the username and password is correct. I got the following response:

Cache-Control: no-store,no-cache
Date: Wed, 27 May 2015 12:33:22 GMT
Content-Length: 95
Content-Type: text/plain;charset=UTF-8
Server: OpenAS
Set-Cookie: session_cookie=34431a76-54d5-498f-aae2-866dd5199304; Path=/; HttpOnly
Set-Cookie: JSESSIONID=3FCE7FEE16230EF25BD2DFA280958212; Path=/; HttpOnly

If I change the username or password, I want to a failed login, I got this:

Cache-Control: no-store,no-cache
Date: Wed, 27 May 2015 12:34:25 GMT
Content-Length: 87
Content-Type: text/plain;charset=UTF-8
Server: OpenAS
Set-Cookie: session_cookie=01a233ed-a008-496a-89b1-0d044d03949a; Path=/; HttpOnly
Set-Cookie: JSESSIONID=4350A7C51D6C0E7F294ED9D6E08DB9A6; Path=/; HttpOnly

Only the session cookie and session ID is changed. But there is no result whether I failed to login.

 

Here is the successful HTTP result:

http://192.168.182.160:9889/authenticate.action

POST /authenticate.action HTTP/1.1
Host: 192.168.182.160:9889
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.182.160:9889/login.action?ssoLogin=true
Content-Length: 148
Cookie: session_cookie=77e59d47-fa86-4ce4-87c2-8486e68c7dbd; JSESSIONID=05788845F16A110B6C7747DFDB9B7F3F; bme_locale_session=en_US; sna_cookie=; locale_cookie=en_US; access_time_cookie=0
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
username=ty&password=AAbb11!!&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default
HTTP/1.1 200 OK
Cache-Control: no-store,no-cache
Set-Cookie: session_cookie=99e86bd3-6308-4ce1-ab29-960aa69147e9; Path=/; HttpOnly
Set-Cookie: sna_cookie=99e86bd3-6308-4ce1-ab29-960aa69147e9; Path=/; HttpOnly
Set-Cookie: locale_cookie=en_US; Expires=Fri, 26-Jun-2015 10:31:48 GMT; Path=/
Set-Cookie: JSESSIONID=56472DD2CEBF17A3218C3765585380A9; Path=/; HttpOnly
Content-Type: text/plain;charset=UTF-8
Content-Length: 49
Date: Wed, 27 May 2015 10:31:47 GMT
Server: OpenAS

Here is the failed HTTP result:

http://192.168.182.160:9889/authenticate.action

POST /authenticate.action HTTP/1.1
Host: 192.168.182.160:9889
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.182.160:9889/login.action?ssoLogin=true
Content-Length: 149
Cookie: session_cookie=acec9a18-b702-4f7b-96c6-667a7b35ac08; JSESSIONID=4211585FF6FE3DFC19FEF39196DCB61A; bme_locale_session=en_US
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
username=ty&password=dsadsadsa&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default
HTTP/1.1 200 OK
Cache-Control: no-store,no-cache
Content-Type: text/plain;charset=UTF-8
Content-Length: 111
Date: Wed, 27 May 2015 11:21:43 GMT
Server: OpenAS

 

As I see, the successful result includes cookies and session ID; but failed result doesn't include these.

I wonder why the result of the script for failed attempt still showing session ID.

Can you please tell me what to modify in my script in order not to get session ID when login failed?

Any comments are welcome, thanks.


TY.

Share this post


Link to post
Share on other sites
taylansan

Hello, still need some advice on this. Thanks again

Edited by taylansan

TY.

Share this post


Link to post
Share on other sites
taylansan

Hello, still need some advice on this. Thanks again.

Sorry for duplicate message. Because of the massive Korean spam yesterday, I thought people couldn't see my post.


TY.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • Melque_Lima
      By Melque_Lima
      A little help here please !?
      I'm trying to parse a file but the function is not working well! i think there is some thind doing wrong at FileRead()
      Obs: username,password and API link below is fictitious
      ConsoleWrite(">POST METHOD UPLOADING LOCAL IMAGE<" & @CRLF) _PostMethodTest() Func _PostMethodTest() Local Const $sAPIKey = '8f1e0a750088957' Local $sBoundary = "--------Boundary" Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF Local $sData = '' Local $sFileName="image.jpg" Local $sFilePath="C:\Users\DELL\Desktop\" & $sFileName Local $hFile=FileOpen($sFilePath,16);16=$FO_BINARY Local $sFileData=FileRead($hFile) FileClose($hFile) $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="myImage"; filename="' & $sFileName & '"' & @CRLF $sData &= 'Content-Type: application/upload' & @CRLF & @CRLF $sData &= BinaryToString($sFileData,0) & @CRLF $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="username"' & @CRLF & @CRLF $sData &="myuserName" & @CRLF $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="password"' & @CRLF & @CRLF $sData &="MyPassword" & @CRLF $sData &=$sBoundary & "--" ConsoleWrite($sData) Local $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("POST", "http://myapi", False) $oHTTP.SetRequestHeader("Content-Type", "multipart/form-data; " & "boundary=" & $sBoundary) $oHTTP.SetRequestHeader("apikey", $sAPIKey) $oHTTP.Send(StringToBinary($sData,1)) Local $sReceived = $oHTTP.ResponseText ConsoleWrite($sReceived & @CRLF) EndFunc ;==>_PostMethodTest  

    • Seminko
      By Seminko
      I'm trying to get data from http://poe.trade/ - disclaimer, although this site is about a game, my script will not in any way interact directly with the game in any way. The script is just to get data from the site.
      To explain how it works - you submit a POST request and a custom URL is returned, then you do a GET request on that URL and you get the final URL you want.
       
      First issue:
      Now, I've tried doing so by using https://apitester.com/ and the first phase works. Here's how it looks like at APITester:
      Request Headers POST /search HTTP/1.1 Host: poe.trade Accept: */* User-Agent: Rigor API Tester Content-Length: 43 Content-Type: application/x-www-form-urlencoded Request Body online=x&name=kaom%27s%20heart&league=incursion When I submit this, the response I get is this:
      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>Redirecting...</title> <h1>Redirecting...</h1> <p>You should be redirected automatically to target URL: <a href="http://poe.trade/search/ioritewoteteme">http://poe.trade/search/ioritewoteteme</a>. If not click the link. So I then do a GET request for 'http://poe.trade/search/ioritewoteteme', which results in this response:
      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>Redirecting...</title> <h1>Redirecting...</h1> <p>You should be redirected automatically to target URL: <a href="http://poe.trade/search/inamotezuakito">http://poe.trade/search/inamotezuakito</a>. If not click the link. Great, this link (http://poe.trade/search/inamotezuakito) is exactly what we want.
      However, when I try to do the same in autoit, the result is quite different:
      Global Const $HTTP_STATUS_OK = 200 $test = HttpPost("http://poe.trade/search", "/online=x&name=kaom%27s%20heart&league=incursion") ClipPut($test) MsgBox(1, "", $test) Func HttpPost($sURL, $sData = "") Local $oHTTP = ObjCreate("WinHttp.WinHttpRequest.5.1") $oHTTP.Open("POST", $sURL, False) If (@error) Then Return SetError(1, 0, 0) $oHTTP.SetRequestHeader("Host", "poe.trade") $oHTTP.SetRequestHeader("User-Agent", "Rigor API Tester") $oHTTP.SetRequestHeader("Accept", "*/*") $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded") $oHTTP.Send($sData) If (@error) Then Return SetError(2, 0, 0) If ($oHTTP.Status <> $HTTP_STATUS_OK) Then Return SetError(3, 0, 0) Return SetError(0, 0, $oHTTP.ResponseText) EndFunc The code above returns: ' 謟 '
      Any ideas as to what I am doing incorrectly?
       
      Second issue:
      Once I get the final link using APITester and do a GET on that i get a bunch of hieroglyphs. A friend of mine advised that the data is GZiped, which is a pain in the butt to be honest. However, apparently curl can uncompres that.
      How would I go about it?
       
      Thanks
×