bf2forlife Posted June 25, 2008 Posted June 25, 2008 $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oUsername = "username" $oPassword = "password" $oHTML = HTTPRequest("POST", "http://www.habbo.com/", "&login-username" & $oUsername & "&login-password" & $oPassword) sleep(5000) ConsoleWrite($oHTML & @CRLF) Func HTTPRequest($oMethod, $oURL, $oData = "") $oHTTP.Open($oMethod, $oURL, False) If $oMethod = "POST" Then $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded") $oHTTP.Send($oData) Return $oHTTP.ResponseText EndFunc Whats wrong with that script?
weaponx Posted June 25, 2008 Posted June 25, 2008 Just looking at the source code of that page, the POST is being sent to:https://www.habbo.com/account/submit
bf2forlife Posted June 25, 2008 Author Posted June 25, 2008 Thanks but have u any idea how i could detect if the page tries to change from "https://www.habbo.com/account/submit " to "http://www.habbo.com/me" ?
weaponx Posted June 25, 2008 Posted June 25, 2008 bump Are you saying you want to know if the login was successful?
bf2forlife Posted June 26, 2008 Author Posted June 26, 2008 Are you saying you want to know if the login was successful? Yes.
bf2forlife Posted June 26, 2008 Author Posted June 26, 2008 I was thinking something like this If $loginsuccessful = 1 then msgbox(0,"success","logged in")
weaponx Posted June 26, 2008 Posted June 26, 2008 This is a lot more complex than you think. If you use the LiveHTTPHeaders extension in Firefox you will see.First there is a POST to https://www.habbo.com/account/submit:POST /account/submit HTTP/1.1 Host: www.habbo.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.habbo.com/ Cookie: REMOVED Content-Type: application/x-www-form-urlencoded Content-Length: 61 credentials.username=USERNAME&credentials.password=PASSWORDThen there is a GET from https://www.habbo.com/security_check. I think the key here is that a cookie is set in the response from POST which needs to be validated here. GET /security_check HTTP/1.1 Host: www.habbo.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.habbo.com/ Cookie: REMOVEDAnd finally a GET from https://www.habbo.com/me:GET /me HTTP/1.1 Host: www.habbo.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: https://www.habbo.com/security_check Cookie: REMOVEDHere is the code I was experimenting with:expandcollapse popup$oMyError = ObjEvent("AutoIt.Error","MyErrFunc") $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") ;POST ConsoleWrite("+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF) $oHTTP.Open("POST", "http://www.habbo.com/account/submit") $oHTTP.SetRequestHeader("Host", "www.habbo.com") $oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0") $oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8") $oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5") $oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate") $oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7") $oHTTP.SetRequestHeader("Keep-Alive", "300") $oHTTP.SetRequestHeader("Connection", "keep-alive") $oHTTP.SetRequestHeader("Referer", "http://www.habbo.com/") $oHTTP.SetRequestHeader("Cookie", "REMOVED") $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded") $oHTTP.SetRequestHeader("Content-Length", "61") $oHTTP.Send("credentials.username=USERNAME&credentials.password=PASSWORD") ConsoleWrite("STATUS:" & @CRLF) ConsoleWrite($oHTTP.status & @CRLF) ConsoleWrite($oHTTP.statustext & @CRLF) ConsoleWrite("HEADERS:" & @CRLF) ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF) ConsoleWrite("RESPONSE:" & @CRLF) ConsoleWrite($oHTTP.ResponseText & @CRLF) ConsoleWrite(@CRLF) ConsoleWrite("+GET <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF) ;GET $oHTTP.Open("GET", "http://www.habbo.com/me") $oHTTP.SetRequestHeader("Host", "www.habbo.com") $oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0") $oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8") $oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5") $oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate") $oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7") $oHTTP.SetRequestHeader("Keep-Alive", "300") $oHTTP.SetRequestHeader("Connection", "keep-alive") $oHTTP.SetRequestHeader("Referer", "http://www.habbo.com/") ;$oHTTP.SetRequestHeader("Cookie", "REMOVED") $oHTTP.Send() ConsoleWrite("STATUS:" & @CRLF) ConsoleWrite($oHTTP.status & @CRLF) ConsoleWrite($oHTTP.statustext & @CRLF) ConsoleWrite("HEADERS:" & @CRLF) ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF) ConsoleWrite("RESPONSE:" & @CRLF) ConsoleWrite($oHTTP.ResponseText & @CRLF) Func MyErrFunc() $HexNumber=hex($oMyError.number,8) Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _ "Number is: " & $HexNumber & @CRLF & _ "Windescription is: " & $oMyError.windescription ) SetError(1) Endfunc
bf2forlife Posted June 26, 2008 Author Posted June 26, 2008 (edited) Thanks for that code, will be needing it, but lets take something easier.(no security checks)http://www.sampleaddress.com/cookieprotection/index.phpthe login name is "user" and login password is "demo". What code for this one?code i got:$oHTTP.Open("GET", "http://www.sampleaddress.com/cookieprotection/index.php") $oHTTP.SetRequestHeader("Host", "www.sampleaddress.com") $oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14") $oHTTP.SetRequestHeader("Accept", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5") $oHTTP.SetRequestHeader("Accept-Language", "fi") $oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate") $oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7") $oHTTP.SetRequestHeader("Keep-Alive", "300") $oHTTP.SetRequestHeader("Connection", "keep-alive") ;$oHTTP.SetRequestHeader("Cookie", "REMOVED") $oHTTP.Send() Edited June 26, 2008 by bf2forlife
weaponx Posted June 26, 2008 Posted June 26, 2008 (edited) You really only need one header for this one: expandcollapse popup$oMyError = ObjEvent("AutoIt.Error","MyErrFunc") $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") ;POST ConsoleWrite("+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF) $oHTTP.Open("POST", "http://www.sampleaddress.com/cookieprotection/index.php?action=login") ;$oHTTP.SetRequestHeader("Host", "www.sampleaddress.com") ;$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0") ;$oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8") ;$oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5") ;$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate") ;$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7") ;$oHTTP.SetRequestHeader("Keep-Alive", "300") ;$oHTTP.SetRequestHeader("Referer", "http://www.sampleaddress.com/cookieprotection/index.php") $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded") ;$oHTTP.SetRequestHeader("Content-Length", "28") $oHTTP.Send("loginname=user&password=demo") ConsoleWrite("STATUS:" & @CRLF) ConsoleWrite($oHTTP.status & @CRLF) ConsoleWrite($oHTTP.statustext & @CRLF) ConsoleWrite("HEADERS:" & @CRLF) ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF) ConsoleWrite("RESPONSE:" & @CRLF) ConsoleWrite($oHTTP.ResponseText & @CRLF) ConsoleWrite(@CRLF) Func MyErrFunc() $HexNumber=hex($oMyError.number,8) Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _ "Number is: " & $HexNumber & @CRLF & _ "Windescription is: " & $oMyError.windescription ) SetError(1) Endfunc Output: +POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< STATUS: 200 OK HEADERS: Date: Thu, 26 Jun 2008 17:34:58 GMT Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.4 X-Powered-By: PHP/5.2.4 Set-Cookie: loginpwd=demo; expires=Fri, 27-Jun-2008 17:34:58 GMT; path=/; domain=.sampleaddress.com Set-Cookie: loginuser=user; expires=Fri, 27-Jun-2008 17:34:58 GMT; path=/; domain=.sampleaddress.com Content-Type: text/html Content-Length: 376 Age: 31 RESPONSE: <HTML> <TITLE>Protected Page</TITLE> <BODY> <FONT FACE="arial, helvetica" SIZE=2>This is the protected page!<BR> <A HREF="page2.php">Click here to visit protected page #2!</A><P> <A HREF="admin.html">A non-working demo of the admin area can be found <B>here</B></A><BR><BR> <A HREF="/cookieprotection/index.php?action=logout">Log out</A> </FONT> </BODY> </HTML> Edited June 26, 2008 by weaponx
bf2forlife Posted June 26, 2008 Author Posted June 26, 2008 (edited) thanks, but what u use for reading Consolewrites? Edited June 26, 2008 by bf2forlife
weaponx Posted June 26, 2008 Posted June 26, 2008 (edited) thanks, but what u use for reading Consolewrites?What do you mean? ConsoleWrite() is dumping directly to the SciTE output window. Edited June 26, 2008 by weaponx
bf2forlife Posted June 26, 2008 Author Posted June 26, 2008 Didnt notice that But could you somehow check if the login was successfull with autoit script?
weaponx Posted June 26, 2008 Posted June 26, 2008 Didnt notice that But could you somehow check if the login was successfull with autoit script?You can just use StringInStr on the response text to match a keyword.
bf2forlife Posted June 26, 2008 Author Posted June 26, 2008 But what would u use if u didnt know whats behind that login page?
weaponx Posted June 26, 2008 Posted June 26, 2008 But what would u use if u didnt know whats behind that login page?There is no standard for notifying the user that they logged in successfully. You have to look at the resulting page yourself and find an identifying characteristic by which to determine success.There is no error code, the HTTP status code will show OK as long as the page loads correctly...regardless of the username and password being correct.
bf2forlife Posted June 26, 2008 Author Posted June 26, 2008 I was thinking that could u detect if the URL changes. If u cant detect it, lets go in the StringInStr. I searched help file but i still dont know how it works. Could u post some example?
weaponx Posted June 26, 2008 Posted June 26, 2008 I was thinking that could u detect if the URL changes. If u cant detect it, lets go in the StringInStr. I searched help file but i still dont know how it works. Could u post some example?You need to figure these minor things out on your own, if you can't then you will never get anywhere.If StringInStr($oHTTP.ResponseText, "success") Then;Do stuffElse;Do stuffEndIf
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now