Jump to content
Sign in to follow this  
taylansan

HTTP Success / Failed Login Separation

Recommended Posts

taylansan

Dear AutoIt Community,

I have checked some HTTP examples in the forums. So, I created a basic script as the following:

$login = ObjCreate("winhttp.winhttprequest.5.1")

$sUsername = "ty"
$sPassword = "AAbb11!!"

Local $url = "http://192.168.182.160:9889/authenticate.action"
$login_packet = "username=" & $sUsername & "&password=" & $sPassword & "&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default"
$login.open("POST", $url)
$login.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
$login.send($login_packet)
$login.WaitForResponse()
$cookies = $login.GetAllResponseHeaders()
ConsoleWrite($cookies & @CRLF)

Actually, the username and password is correct. I got the following response:

Cache-Control: no-store,no-cache
Date: Wed, 27 May 2015 12:33:22 GMT
Content-Length: 95
Content-Type: text/plain;charset=UTF-8
Server: OpenAS
Set-Cookie: session_cookie=34431a76-54d5-498f-aae2-866dd5199304; Path=/; HttpOnly
Set-Cookie: JSESSIONID=3FCE7FEE16230EF25BD2DFA280958212; Path=/; HttpOnly

If I change the username or password, I want to a failed login, I got this:

Cache-Control: no-store,no-cache
Date: Wed, 27 May 2015 12:34:25 GMT
Content-Length: 87
Content-Type: text/plain;charset=UTF-8
Server: OpenAS
Set-Cookie: session_cookie=01a233ed-a008-496a-89b1-0d044d03949a; Path=/; HttpOnly
Set-Cookie: JSESSIONID=4350A7C51D6C0E7F294ED9D6E08DB9A6; Path=/; HttpOnly

Only the session cookie and session ID is changed. But there is no result whether I failed to login.

 

Here is the successful HTTP result:

http://192.168.182.160:9889/authenticate.action

POST /authenticate.action HTTP/1.1
Host: 192.168.182.160:9889
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.182.160:9889/login.action?ssoLogin=true
Content-Length: 148
Cookie: session_cookie=77e59d47-fa86-4ce4-87c2-8486e68c7dbd; JSESSIONID=05788845F16A110B6C7747DFDB9B7F3F; bme_locale_session=en_US; sna_cookie=; locale_cookie=en_US; access_time_cookie=0
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
username=ty&password=AAbb11!!&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default
HTTP/1.1 200 OK
Cache-Control: no-store,no-cache
Set-Cookie: session_cookie=99e86bd3-6308-4ce1-ab29-960aa69147e9; Path=/; HttpOnly
Set-Cookie: sna_cookie=99e86bd3-6308-4ce1-ab29-960aa69147e9; Path=/; HttpOnly
Set-Cookie: locale_cookie=en_US; Expires=Fri, 26-Jun-2015 10:31:48 GMT; Path=/
Set-Cookie: JSESSIONID=56472DD2CEBF17A3218C3765585380A9; Path=/; HttpOnly
Content-Type: text/plain;charset=UTF-8
Content-Length: 49
Date: Wed, 27 May 2015 10:31:47 GMT
Server: OpenAS

Here is the failed HTTP result:

http://192.168.182.160:9889/authenticate.action

POST /authenticate.action HTTP/1.1
Host: 192.168.182.160:9889
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.182.160:9889/login.action?ssoLogin=true
Content-Length: 149
Cookie: session_cookie=acec9a18-b702-4f7b-96c6-667a7b35ac08; JSESSIONID=4211585FF6FE3DFC19FEF39196DCB61A; bme_locale_session=en_US
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
username=ty&password=dsadsadsa&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default
HTTP/1.1 200 OK
Cache-Control: no-store,no-cache
Content-Type: text/plain;charset=UTF-8
Content-Length: 111
Date: Wed, 27 May 2015 11:21:43 GMT
Server: OpenAS

 

As I see, the successful result includes cookies and session ID; but failed result doesn't include these.

I wonder why the result of the script for failed attempt still showing session ID.

Can you please tell me what to modify in my script in order not to get session ID when login failed?

Any comments are welcome, thanks.


TY.

Share this post


Link to post
Share on other sites
taylansan

Hello, still need some advice on this. Thanks again

Edited by taylansan

TY.

Share this post


Link to post
Share on other sites
taylansan

Hello, still need some advice on this. Thanks again.

Sorry for duplicate message. Because of the massive Korean spam yesterday, I thought people couldn't see my post.


TY.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • islandspapand
      By islandspapand
      Hi All
      i am currently trying to add a function to my project that can send SMS, i have gone with Twilio for the sms service that use a REST API.
      I have never worked with an API before, and could use some help.
      I can get my function working with using cURL.exe and copy past command from the website with the following code. And thats great unfortunately i am have issue with character like æøå when sending a SMS appears like a box or ?. this does not happen if i do it from the website so it looks like a Unicode issue in curl.exe.
      I have done some searching on the forum and understand that i should be able to implement this curl command with the WinHTTP UDF from @trancexx so i don't need a third part exe and it might fix my charater issue.
      Unfortunately i really don't understand how i am to change curl commands to the WinHTTP and i was hoping some good maybe give me an example i could learn from.
      Thanks in advanced
      i have removed the AuthToken number from the script.
      _SendSMS("00000000","SomeOne","SMS body info") Func _SendSMS($SendTo,$SendFrom,$Msgtxt) $AccountSID = "ACbb765b3180d5938229eff8b8f63ed1bc" $AuthToken = "Auth Token number" $Data = '"https://api.twilio.com/2010-04-01/Accounts/'&$AccountSID&'/Messages.json"'& _ '-X POST \ --data-urlencode "To=+45'&$SendTo&'" \ --data-urlencode "From='&$SendFrom&'" \ --data-urlencode "Body='&$Msgtxt&'" \ -u '&$AccountSID&':'&$AuthToken&'' ShellExecute(@ScriptDir&"\curl.exe","-k "&$Data) ;~ curl 'https://api.twilio.com/2010-04-01/Accounts/ACbb765b3180d5938229eff8b8f63ed1bc/Messages.json' -X POST \ ;~ --data-urlencode 'To=+4500000000' \ ;~ --data-urlencode 'From=Reception' \ ;~ --data-urlencode 'Body=Test Body' \ ;~ -u ACbb765b3180d5938229eff8b8f63ed1bc:[AuthToken] EndFunc  
       
    • jesus40
      By jesus40
      Hello friends, i have a working curl command that show informations about my account on binance.com, but_it dont work with autoit code without curl.exe.
      I want to do it without curl, because the whole process much Slower_ with StdoutRead (I want get the response in variable.)
      My Curl command in Autoit:
      This 2 are works, but_ i would like to do it without curl.exe
      $apikey="XYZ" sCommand = @ScriptDir & '\curl.exe -k -H "X-MBX-APIKEY: ' & $apikey & '" -X GET "https://api.binance.com/api/v3/account?' & $request the same in .bat  file
      curl.exe -k -H "X-MBX-APIKEY: XYZ" -X GET "https://api.binance.com/api/v3/account?timestamp=1514917812000&signature=85bdee77e53cd521e1d5229fbfb459d53799c42b3fa4596d73f1520fad5f965a" (I use curl with -k option which allows curl to make insecure connections, because there is problem with the sites certificate, (cURL error 60))
       
      I tried many variations, this is the latest... I cant get the same response.
      curl $error message (I changed ): {"code":-2015,"msg":"Invalid API-key, IP, or permissions for action."}
      autoit version $error message (Response code:400): Mandatory parameter 'timestamp' was not sent, was empty/null, or malformed.
       
      $request = $query & '&signature=' & $signature $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("GET", "https://api.binance.com/api/v3/account", False) $oHTTP.SetRequestHeader("X-MBX-APIKEY", $apikey) $oHTTP.Send($request) $oReceived = $oHTTP.ResponseText $oStatusCode = $oHTTP.Status If $oStatusCode <> 200 then MsgBox(4096, "Response code", $oStatusCode) EndIf  
      thanks
    • wakillon
      By wakillon
      HttpHeaderWatcher v1.0.1.3
       

      Some time ago, some members asked how to see the Http Requests.
      There are quite a few external applications but not in AutoIt!
      HttpHeaderWatcher in association with WinPcap, very modestly solves this lack.
       
      Once done this http watcher, i asked me : why not Re-build a WinHttp Request in AutoIt from a selected Request in one Click ?
      So i have added a "Create au3" button who open the WinHttp Request of your choice in AutoIt format in SciTE Editor.
      Voila voila, hope it can help ! 
      Buttons were made online with chimply.com the easy and free buttons generator !
      See Help for more infos.
      previous downloads : 253
      source and executable are available in the Download Section
      Hope you like it !
    • nikink
      By nikink
      Hi all,
      I have a bit of code that works on my old Win10 PC, that fails on my new Win10 PC, and I think the only significant difference is the version of Autoit - old PC has 3.3.12, new has 3.3.14.
      I couldn't find anything mentioned in the change logs though, so perhaps I'm wrong.
      Anyway, the code to replicate my issue is:
      Test('username', 'DOMAIN') ; THIS ERRORS: ;Test('localun', 'DOMAIN') ; THIS ERRORS: ;Test(' ', ' ') ; THIS ERRORS: ;Test('', '') ; THIS ERRORS: ;Test('localun', '') ; THIS ERRORS: ;Test('', 'DOMAIN') Func Test($un, $dom) $compName = 'PCNAME' $FullName = '.' $Description = '.' ; get the WIM object $objWMIService = ObjGet("winmgmts:\\" & $compName & "\root\cimv2") ; get default user full name and description $objAccount = $objWMIService.Get("Win32_UserAccount.Name='" & $un & "',Domain='" & $dom & "'") If IsObj($objAccount) Then $FullName = $objAccount.FullName $Description = $objAccount.Description EndIf ConsoleWrite($FullName & @CRLF) ConsoleWrite($Description & @CRLF) Return EndFunc  
      On my old PC this code will output just . and . for each of those line currently commented out. Which is fine.
      On my new PC any of those commented out lines of code cause an error, and the script won't even compile.
      $objAccount = $objWMIService.Get("Win32_UserAccount.Name='" & $un & "',Domain='" & $dom & "'") $objAccount = $objWMIService^ ERROR I'm very much a newb with the WMI stuff and objects, but it looks like the .Get property is failing when either $un or $dom aren't valid in v3.3.14, whereas in 3.3.12 the .Get would fail to return an object, which is then caught by the If statement.
      Am I on track with this? Is there some new/better way to code the example so that 3.3.14 will compile it?
    • nacerbaaziz
      By nacerbaaziz
      Hi all
      I want a way to get the last key pressed.
      I have a program that works with keyboard shortcuts and I want to  give the permission for the user to edit shortcut keys depending on what suits him
      i  want to make read-only edit box and the program writes the latest shortcut key pressed
      Please help me,
      greetings to all
      And thanks in advance
×