Jump to content
Sign in to follow this  
Followers 0
taylansan

HTTP Success / Failed Login Separation

By taylansan, in AutoIt General Help and Support

Recommended Posts

taylansan    3

taylansan
Posted

Dear AutoIt Community,

I have checked some HTTP examples in the forums. So, I created a basic script as the following:

$login = ObjCreate("winhttp.winhttprequest.5.1")

$sUsername = "ty"
$sPassword = "AAbb11!!"

Local $url = "http://192.168.182.160:9889/authenticate.action"
$login_packet = "username=" & $sUsername & "&password=" & $sPassword & "&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default"
$login.open("POST", $url)
$login.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
$login.send($login_packet)
$login.WaitForResponse()
$cookies = $login.GetAllResponseHeaders()
ConsoleWrite($cookies & @CRLF)

Actually, the username and password is correct. I got the following response:

Cache-Control: no-store,no-cache
Date: Wed, 27 May 2015 12:33:22 GMT
Content-Length: 95
Content-Type: text/plain;charset=UTF-8
Server: OpenAS
Set-Cookie: session_cookie=34431a76-54d5-498f-aae2-866dd5199304; Path=/; HttpOnly
Set-Cookie: JSESSIONID=3FCE7FEE16230EF25BD2DFA280958212; Path=/; HttpOnly

If I change the username or password, I want to a failed login, I got this:

Cache-Control: no-store,no-cache
Date: Wed, 27 May 2015 12:34:25 GMT
Content-Length: 87
Content-Type: text/plain;charset=UTF-8
Server: OpenAS
Set-Cookie: session_cookie=01a233ed-a008-496a-89b1-0d044d03949a; Path=/; HttpOnly
Set-Cookie: JSESSIONID=4350A7C51D6C0E7F294ED9D6E08DB9A6; Path=/; HttpOnly

Only the session cookie and session ID is changed. But there is no result whether I failed to login.

 

Here is the successful HTTP result:

http://192.168.182.160:9889/authenticate.action

POST /authenticate.action HTTP/1.1
Host: 192.168.182.160:9889
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.182.160:9889/login.action?ssoLogin=true
Content-Length: 148
Cookie: session_cookie=77e59d47-fa86-4ce4-87c2-8486e68c7dbd; JSESSIONID=05788845F16A110B6C7747DFDB9B7F3F; bme_locale_session=en_US; sna_cookie=; locale_cookie=en_US; access_time_cookie=0
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
username=ty&password=AAbb11!!&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default
HTTP/1.1 200 OK
Cache-Control: no-store,no-cache
Set-Cookie: session_cookie=99e86bd3-6308-4ce1-ab29-960aa69147e9; Path=/; HttpOnly
Set-Cookie: sna_cookie=99e86bd3-6308-4ce1-ab29-960aa69147e9; Path=/; HttpOnly
Set-Cookie: locale_cookie=en_US; Expires=Fri, 26-Jun-2015 10:31:48 GMT; Path=/
Set-Cookie: JSESSIONID=56472DD2CEBF17A3218C3765585380A9; Path=/; HttpOnly
Content-Type: text/plain;charset=UTF-8
Content-Length: 49
Date: Wed, 27 May 2015 10:31:47 GMT
Server: OpenAS

Here is the failed HTTP result:

http://192.168.182.160:9889/authenticate.action

POST /authenticate.action HTTP/1.1
Host: 192.168.182.160:9889
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.182.160:9889/login.action?ssoLogin=true
Content-Length: 149
Cookie: session_cookie=acec9a18-b702-4f7b-96c6-667a7b35ac08; JSESSIONID=4211585FF6FE3DFC19FEF39196DCB61A; bme_locale_session=en_US
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
username=ty&password=dsadsadsa&vcode=0000&dstInfo=300%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0%3A0&language=en_US&name=default
HTTP/1.1 200 OK
Cache-Control: no-store,no-cache
Content-Type: text/plain;charset=UTF-8
Content-Length: 111
Date: Wed, 27 May 2015 11:21:43 GMT
Server: OpenAS

 

As I see, the successful result includes cookies and session ID; but failed result doesn't include these.

I wonder why the result of the script for failed attempt still showing session ID.

Can you please tell me what to modify in my script in order not to get session ID when login failed?

Any comments are welcome, thanks.

TY.

Share this post

Link to post
Share on other sites

taylansan    3

taylansan
Posted

Hello, still need some advice on this. Thanks again.

Sorry for duplicate message. Because of the massive Korean spam yesterday, I thought people couldn't see my post.

TY.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • genius257
      AutoIt HTTP Server
      By genius257
      This is yet another HTTP server written in AutoIt3.
      Originally based on jvanegmond's POST HTTP Server.
      It is designed to be used either as is, or by scripts for a HTTP communication between any browser and AutoIt3.
      It can run PHP and AutoIt3 CGI, if setup in the settings ini file.
      Github repository
      AutoIt-HTTP-Server-master.zip
    • Danyfirex
      ATCmd.au3 UDF
      By Danyfirex
      AT Command UDF - for control AT Modems, send SMS, get SMS
       
      Changelog:
      #cs 1.0.0 2020/10/03 . First version - Danyfirex + mLipok 1.0.1 2020/10/04 . Added - Function - _ATCmd_IsPINReady - Danyfirex . Added - Function - _ATCmd_IsPINRequired - Danyfirex . Added - Function - _ATCmd_IsSIMInserted - Danyfirex . Added - Function - _ATCmd_IsSenderSupported - Danyfirex . Added - Function - _ATCmd_OnPINReques - Danyfirex . Added - Function - _ATCmd_SMS_ListTextMessages - Danyfirex . Added - Function - _ATCmd_SetPIN - Danyfirex . Added - Function - __ATCmd_GetPINCounter - Danyfirex - Added - ENUM - $ATCmd_ERR_PIN - Danyfirex - Added - ENUM - $ATCmd_ERR_SIM - Danyfirex . Changed - __ATCmd_ComposePDU() - using _ATCmd_UseUCS2() internally instead parameter - Danyfirex . Suplemented - #CURRENT# - Danyfirex . . 1.0.2 2020/10/05 . Added - ENUM - $ATCmd_MSGLIST_* - mLipok . Added - ENUM - $ATCmd_STATUS__* - mLipok - Added - ENUM - $ATCmd_ERR_PARAMETER - mLipok . Added - _ATCmd_UsePDU() - parameter validation - mLipok . Added - _ATCmd_UseUCS2() - parameter validation - mLipok . Added - more error logs . Changed - MagicNumber replaced with Standard UDF constants - mLipok . Small refactoring - mLipok . . 1.0.3 2020/10/05 . CleanUp - Danyfirex . . 1.0.4 2020/10/05 . Small refactoring - Danyfirex . CleanUp - Danyfirex . . 1.0.5 2020/10/23 . _ATCmd_FullLoging - mLipok . _ATCmd_CMEESetup() ... @WIP - mLipok . $ATCMD_STATUS_11_SUBSCRIBERNUMBER - mLipok . . 1.0.6 2020/10/25 . __ATCmd_CMSErrorParser() - mLipok . . @LAST https://www.nowsms.com/gsm-modem-cms-error-code-list https://m2msupport.net/m2msupport/at-command-to-enable-error-codes/ https://www.micromedia-int.com/en/gsm-2/73-gsm/669-cme-error-gsm-equipment-related-errors https://assets.nagios.com/downloads/nagiosxi/docs/ATCommandReference.pdf https://www.maritex.com.pl/product/attachment/40451/15b4db6d1a10eada42700f7293353776 https://www.multitech.net/developer/wp-content/uploads/2010/10/S000463C.pdf https://www.telit.com/wp-content/uploads/2017/09/Telit_AT_Commands_Reference_Guide_r24_B.pdf https://docs.rs-online.com/5931/0900766b80bec52c.pdf PDU Format / Testers / Encoders / decoders https://m2msupport.net/m2msupport/sms-at-commands/#pduformat http://smstools3.kekekasvi.com/topic.php?id=288 #ce  
       
      Saludos
    • nacerbaaziz
      need help to decode the string got from get_video_info
      By nacerbaaziz
      hello autoit team
      please i need your help
      i found that the youtube provide a way to get any video informations with this link
      https://youtube.com/get_video_info?video_id=id
      but it incoded i can not read it
      can any one tell me how to decode that please?
    • tarretarretarre
      AutoIt-API-WS - An expressive HTTP server you can use to build your own API with (Screenshots)
      By tarretarretarre
      About AutoIt-API-WS
      AutoIt-API-WS is a light weight web server with expressive syntax, with the sole purpose of wrapping your existing AutoIt app with little to no effort.
      With AutoIt-API-WS you can send and receive data between any application or framework, as long they can handle HTTP requests, which is an industry standard today.
      Like my other communcations UDF AutoIt-Socket-IO AutoIt-API-WS is heavily inspired from the big boys, but this time its Laravel and Ruby on Rails.
      Features Highlights
      No external or internal dependencies required RESTful mindset when designed Expressive syntax Small codebase Heavy use of Michelsofts Dictionary object Limitations
      Not complient with any RFC, so something important could be missing. Time will tell! One persons slow loris attack will kill the process forever. Example of implemetnation (With screenshots)
      This is a basic cRud operation with the RESTful mindset in use.
      #include "API.au3" #include <Array.au3> _API_MGR_SetName("My APP DB adapter") _API_MGR_SetVer("1.0 BETA") _API_MGR_SetDescription("This adapter allows you to get this n that") _API_MGR_Init(3000) _API_MGR_ROUTER_GET('/users', CB_GetUsers, 'string sortBy', 'Get all users, sortBy can be either asc or desc. asc is default') _API_MGR_ROUTER_GET('/users/{id}', CB_GetUsersById, 'int id*', 'Get user by id') While _API_MGR_ROUTER_HANDLE() WEnd Func DB_GetUsers() Local $userA = ObjCreate("Scripting.Dictionary") Local $userB = ObjCreate("Scripting.Dictionary") $userA.add('id', 1) $userA.add('name', 'TarreTarreTarre') $userA.add('age', 27) $userB.add('id', 2) $userB.add('name', @UserName) $userB.add('age', 22) Local $aRet = [$userA, $userB] Return $aRet EndFunc Func CB_GetUsers(Const $oRequest) Local $aUsers = DB_GetUsers() If $oRequest.exists('sortBy') Then Switch $oRequest.item('sortBy') Case Default Case 'asc' Case 'desc' _ArrayReverse($aUsers) EndSwitch EndIf Return $aUsers EndFunc Func CB_GetUsersById(Const $oRequest) Local Const $aUsers = DB_GetUsers() Local $foundUser = Null For $i = 0 To UBound($aUsers) -1 Local $curUser = $aUsers[$i] If $curUser.item('id') == $oRequest.item('#id') Then $foundUser = $curUser ExitLoop EndIf Next If Not IsObj($foundUser) Then Return _API_RES_NotFound(StringFormat("Could not find user with ID %d", $oRequest.item('#id'))) EndIf return $foundUser EndFunc When you visit http://localhost:3000 you are greeted with this pleasent view that will show you all your registred routes and some extra info you have provided.

      When you visit http://localhost:3000/users the UDF will return the array of objects as Json
       
      And here is an example of http://localhost:3000/users/1

       
      More examples can be found here
       
       (NEWEST 2020-09-21)
      Autoit-API-WS-1.0.3-beta.zip
      OLD VERSIONS
      Autoit-API-WS-1.0.0-beta.zip Autoit-API-WS-1.0.1-beta.zip
       
    • Jahar
      I wanted to send a message with HTTP/GET to the URL https://ghsff.it/
      By Jahar
      Hi,
      I am new to Autoit, Kindly guide me. I wanted to send a message with HTTP/GET to the URL https://ghsff.it/. How to do so?
×
×
  • Create New...