Sign in to follow this  
Followers 0
bf2forlife

HTTPRequest help

19 posts in this topic

$oHTTP = ObjCreate("winhttp.winhttprequest.5.1")

$oUsername = "username"
$oPassword = "password"

$oHTML = HTTPRequest("POST", "http://www.habbo.com/", "&login-username" & $oUsername & "&login-password" & $oPassword)
sleep(5000)
ConsoleWrite($oHTML & @CRLF)




Func HTTPRequest($oMethod, $oURL, $oData = "")
    $oHTTP.Open($oMethod, $oURL, False)
    If $oMethod = "POST" Then $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
    $oHTTP.Send($oData)
    Return $oHTTP.ResponseText
EndFunc

Whats wrong with that script?

Share this post


Link to post
Share on other sites



Thanks but have u any idea how i could detect if the page tries to change from "https://www.habbo.com/account/submit " to "http://www.habbo.com/me" ?

Share this post


Link to post
Share on other sites

bump :)

Share this post


Link to post
Share on other sites

bump :)

Are you saying you want to know if the login was successful?

Share this post


Link to post
Share on other sites

Are you saying you want to know if the login was successful?

Yes.

Share this post


Link to post
Share on other sites

I was thinking something like this

If $loginsuccessful = 1 then
msgbox(0,"success","logged in")

Share this post


Link to post
Share on other sites

This is a lot more complex than you think. If you use the LiveHTTPHeaders extension in Firefox you will see.

First there is a POST to https://www.habbo.com/account/submit:

POST /account/submit HTTP/1.1
Host: www.habbo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.habbo.com/
Cookie: REMOVED
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
credentials.username=USERNAME&credentials.password=PASSWORD

Then there is a GET from https://www.habbo.com/security_check. I think the key here is that a cookie is set in the response from POST which needs to be validated here.

GET /security_check HTTP/1.1
Host: www.habbo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.habbo.com/
Cookie: REMOVED

And finally a GET from https://www.habbo.com/me:

GET /me HTTP/1.1
Host: www.habbo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.habbo.com/security_check
Cookie: REMOVED

Here is the code I was experimenting with:

$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

$oHTTP = ObjCreate("winhttp.winhttprequest.5.1")

;POST
ConsoleWrite("+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF)
$oHTTP.Open("POST", "http://www.habbo.com/account/submit")
$oHTTP.SetRequestHeader("Host", "www.habbo.com")
$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0")
$oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
$oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5")
$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate")
$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
$oHTTP.SetRequestHeader("Keep-Alive", "300")
$oHTTP.SetRequestHeader("Connection", "keep-alive")
$oHTTP.SetRequestHeader("Referer", "http://www.habbo.com/")
$oHTTP.SetRequestHeader("Cookie", "REMOVED")
$oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
$oHTTP.SetRequestHeader("Content-Length", "61")
$oHTTP.Send("credentials.username=USERNAME&credentials.password=PASSWORD")

ConsoleWrite("STATUS:" & @CRLF)
ConsoleWrite($oHTTP.status & @CRLF)
ConsoleWrite($oHTTP.statustext & @CRLF)

ConsoleWrite("HEADERS:" & @CRLF)
ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF)

ConsoleWrite("RESPONSE:" & @CRLF)
ConsoleWrite($oHTTP.ResponseText & @CRLF)
ConsoleWrite(@CRLF)

ConsoleWrite("+GET <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF)
;GET
$oHTTP.Open("GET", "http://www.habbo.com/me")
$oHTTP.SetRequestHeader("Host", "www.habbo.com")
$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0")
$oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
$oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5")
$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate")
$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
$oHTTP.SetRequestHeader("Keep-Alive", "300")
$oHTTP.SetRequestHeader("Connection", "keep-alive")
$oHTTP.SetRequestHeader("Referer", "http://www.habbo.com/")
;$oHTTP.SetRequestHeader("Cookie", "REMOVED")
$oHTTP.Send()

ConsoleWrite("STATUS:" & @CRLF)
ConsoleWrite($oHTTP.status & @CRLF)
ConsoleWrite($oHTTP.statustext & @CRLF)

ConsoleWrite("HEADERS:" & @CRLF)
ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF)

ConsoleWrite("RESPONSE:" & @CRLF)
ConsoleWrite($oHTTP.ResponseText & @CRLF)

Func MyErrFunc()
   $HexNumber=hex($oMyError.number,8)
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
                "Number is: " & $HexNumber & @CRLF & _
                "Windescription is: " & $oMyError.windescription )

   SetError(1)
Endfunc

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Thanks for that code, will be needing it, but lets take something easier.(no security checks)

http://www.sampleaddress.com/cookieprotection/index.php

the login name is "user" and login password is "demo". What code for this one?

code i got:

$oHTTP.Open("GET", "http://www.sampleaddress.com/cookieprotection/index.php")
$oHTTP.SetRequestHeader("Host", "www.sampleaddress.com")
$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14")
$oHTTP.SetRequestHeader("Accept", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5")
$oHTTP.SetRequestHeader("Accept-Language", "fi")
$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate")
$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
$oHTTP.SetRequestHeader("Keep-Alive", "300")
$oHTTP.SetRequestHeader("Connection", "keep-alive")
;$oHTTP.SetRequestHeader("Cookie", "REMOVED")
$oHTTP.Send()
Edited by bf2forlife

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

You really only need one header for this one:

$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

$oHTTP = ObjCreate("winhttp.winhttprequest.5.1")

;POST
ConsoleWrite("+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF)
$oHTTP.Open("POST", "http://www.sampleaddress.com/cookieprotection/index.php?action=login")
;$oHTTP.SetRequestHeader("Host", "www.sampleaddress.com")
;$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0")
;$oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
;$oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5")
;$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate")
;$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
;$oHTTP.SetRequestHeader("Keep-Alive", "300")
;$oHTTP.SetRequestHeader("Referer", "http://www.sampleaddress.com/cookieprotection/index.php")
$oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
;$oHTTP.SetRequestHeader("Content-Length", "28")
$oHTTP.Send("loginname=user&password=demo")

ConsoleWrite("STATUS:" & @CRLF)
ConsoleWrite($oHTTP.status & @CRLF)
ConsoleWrite($oHTTP.statustext & @CRLF)

ConsoleWrite("HEADERS:" & @CRLF)
ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF)

ConsoleWrite("RESPONSE:" & @CRLF)
ConsoleWrite($oHTTP.ResponseText & @CRLF)
ConsoleWrite(@CRLF)

Func MyErrFunc()
   $HexNumber=hex($oMyError.number,8)
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
                "Number is: " & $HexNumber & @CRLF & _
                "Windescription is: " & $oMyError.windescription )

   SetError(1)
Endfunc

Output:

+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
STATUS:
200
OK
HEADERS:
Date: Thu, 26 Jun 2008 17:34:58 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.4
X-Powered-By: PHP/5.2.4
Set-Cookie: loginpwd=demo; expires=Fri, 27-Jun-2008 17:34:58 GMT; path=/; domain=.sampleaddress.com
Set-Cookie: loginuser=user; expires=Fri, 27-Jun-2008 17:34:58 GMT; path=/; domain=.sampleaddress.com
Content-Type: text/html
Content-Length: 376
Age: 31


RESPONSE:

<HTML>
<TITLE>Protected Page</TITLE>
<BODY>
<FONT FACE="arial, helvetica" SIZE=2>This is the protected page!<BR>
<A HREF="page2.php">Click here to visit protected page #2!</A><P>

<A HREF="admin.html">A non-working demo of the admin area can be found <B>here</B></A><BR><BR>
<A HREF="/cookieprotection/index.php?action=logout">Log out</A>

</FONT>
</BODY>
</HTML>
Edited by weaponx

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

thanks, but what u use for reading Consolewrites?

Edited by bf2forlife

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

thanks, but what u use for reading Consolewrites?

What do you mean? ConsoleWrite() is dumping directly to the SciTE output window.

Edited by weaponx

Share this post


Link to post
Share on other sites

Didnt notice that :) But could you somehow check if the login was successfull with autoit script?

Share this post


Link to post
Share on other sites

Didnt notice that :) But could you somehow check if the login was successfull with autoit script?

You can just use StringInStr on the response text to match a keyword.

Share this post


Link to post
Share on other sites

But what would u use if u didnt know whats behind that login page?

Share this post


Link to post
Share on other sites

But what would u use if u didnt know whats behind that login page?

There is no standard for notifying the user that they logged in successfully. You have to look at the resulting page yourself and find an identifying characteristic by which to determine success.

There is no error code, the HTTP status code will show OK as long as the page loads correctly...regardless of the username and password being correct.

Share this post


Link to post
Share on other sites

I was thinking that could u detect if the URL changes. If u cant detect it, lets go in the StringInStr. I searched help file but i still dont know how it works. Could u post some example?

Share this post


Link to post
Share on other sites

I was thinking that could u detect if the URL changes. If u cant detect it, lets go in the StringInStr. I searched help file but i still dont know how it works. Could u post some example?

You need to figure these minor things out on your own, if you can't then you will never get anywhere.

If StringInStr($oHTTP.ResponseText, "success") Then

;Do stuff

Else

;Do stuff

EndIf

Share this post


Link to post
Share on other sites

Ok Thanks :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0