Jump to content

HTTPRequest help


Recommended Posts

$oHTTP = ObjCreate("winhttp.winhttprequest.5.1")

$oUsername = "username"
$oPassword = "password"

$oHTML = HTTPRequest("POST", "http://www.habbo.com/", "&login-username" & $oUsername & "&login-password" & $oPassword)
sleep(5000)
ConsoleWrite($oHTML & @CRLF)




Func HTTPRequest($oMethod, $oURL, $oData = "")
    $oHTTP.Open($oMethod, $oURL, False)
    If $oMethod = "POST" Then $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
    $oHTTP.Send($oData)
    Return $oHTTP.ResponseText
EndFunc

Whats wrong with that script?

Link to comment
Share on other sites

This is a lot more complex than you think. If you use the LiveHTTPHeaders extension in Firefox you will see.

First there is a POST to https://www.habbo.com/account/submit:

POST /account/submit HTTP/1.1
Host: www.habbo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.habbo.com/
Cookie: REMOVED
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
credentials.username=USERNAME&credentials.password=PASSWORD

Then there is a GET from https://www.habbo.com/security_check. I think the key here is that a cookie is set in the response from POST which needs to be validated here.

GET /security_check HTTP/1.1
Host: www.habbo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.habbo.com/
Cookie: REMOVED

And finally a GET from https://www.habbo.com/me:

GET /me HTTP/1.1
Host: www.habbo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.habbo.com/security_check
Cookie: REMOVED

Here is the code I was experimenting with:

$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

$oHTTP = ObjCreate("winhttp.winhttprequest.5.1")

;POST
ConsoleWrite("+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF)
$oHTTP.Open("POST", "http://www.habbo.com/account/submit")
$oHTTP.SetRequestHeader("Host", "www.habbo.com")
$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0")
$oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
$oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5")
$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate")
$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
$oHTTP.SetRequestHeader("Keep-Alive", "300")
$oHTTP.SetRequestHeader("Connection", "keep-alive")
$oHTTP.SetRequestHeader("Referer", "http://www.habbo.com/")
$oHTTP.SetRequestHeader("Cookie", "REMOVED")
$oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
$oHTTP.SetRequestHeader("Content-Length", "61")
$oHTTP.Send("credentials.username=USERNAME&credentials.password=PASSWORD")

ConsoleWrite("STATUS:" & @CRLF)
ConsoleWrite($oHTTP.status & @CRLF)
ConsoleWrite($oHTTP.statustext & @CRLF)

ConsoleWrite("HEADERS:" & @CRLF)
ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF)

ConsoleWrite("RESPONSE:" & @CRLF)
ConsoleWrite($oHTTP.ResponseText & @CRLF)
ConsoleWrite(@CRLF)

ConsoleWrite("+GET <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF)
;GET
$oHTTP.Open("GET", "http://www.habbo.com/me")
$oHTTP.SetRequestHeader("Host", "www.habbo.com")
$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0")
$oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
$oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5")
$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate")
$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
$oHTTP.SetRequestHeader("Keep-Alive", "300")
$oHTTP.SetRequestHeader("Connection", "keep-alive")
$oHTTP.SetRequestHeader("Referer", "http://www.habbo.com/")
;$oHTTP.SetRequestHeader("Cookie", "REMOVED")
$oHTTP.Send()

ConsoleWrite("STATUS:" & @CRLF)
ConsoleWrite($oHTTP.status & @CRLF)
ConsoleWrite($oHTTP.statustext & @CRLF)

ConsoleWrite("HEADERS:" & @CRLF)
ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF)

ConsoleWrite("RESPONSE:" & @CRLF)
ConsoleWrite($oHTTP.ResponseText & @CRLF)

Func MyErrFunc()
   $HexNumber=hex($oMyError.number,8)
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
                "Number is: " & $HexNumber & @CRLF & _
                "Windescription is: " & $oMyError.windescription )

   SetError(1)
Endfunc
Link to comment
Share on other sites

Thanks for that code, will be needing it, but lets take something easier.(no security checks)

http://www.sampleaddress.com/cookieprotection/index.php

the login name is "user" and login password is "demo". What code for this one?

code i got:

$oHTTP.Open("GET", "http://www.sampleaddress.com/cookieprotection/index.php")
$oHTTP.SetRequestHeader("Host", "www.sampleaddress.com")
$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14")
$oHTTP.SetRequestHeader("Accept", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5")
$oHTTP.SetRequestHeader("Accept-Language", "fi")
$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate")
$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
$oHTTP.SetRequestHeader("Keep-Alive", "300")
$oHTTP.SetRequestHeader("Connection", "keep-alive")
;$oHTTP.SetRequestHeader("Cookie", "REMOVED")
$oHTTP.Send()
Edited by bf2forlife
Link to comment
Share on other sites

You really only need one header for this one:

$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

$oHTTP = ObjCreate("winhttp.winhttprequest.5.1")

;POST
ConsoleWrite("+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF)
$oHTTP.Open("POST", "http://www.sampleaddress.com/cookieprotection/index.php?action=login")
;$oHTTP.SetRequestHeader("Host", "www.sampleaddress.com")
;$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0")
;$oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
;$oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5")
;$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate")
;$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7")
;$oHTTP.SetRequestHeader("Keep-Alive", "300")
;$oHTTP.SetRequestHeader("Referer", "http://www.sampleaddress.com/cookieprotection/index.php")
$oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
;$oHTTP.SetRequestHeader("Content-Length", "28")
$oHTTP.Send("loginname=user&password=demo")

ConsoleWrite("STATUS:" & @CRLF)
ConsoleWrite($oHTTP.status & @CRLF)
ConsoleWrite($oHTTP.statustext & @CRLF)

ConsoleWrite("HEADERS:" & @CRLF)
ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF)

ConsoleWrite("RESPONSE:" & @CRLF)
ConsoleWrite($oHTTP.ResponseText & @CRLF)
ConsoleWrite(@CRLF)

Func MyErrFunc()
   $HexNumber=hex($oMyError.number,8)
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
                "Number is: " & $HexNumber & @CRLF & _
                "Windescription is: " & $oMyError.windescription )

   SetError(1)
Endfunc

Output:

+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
STATUS:
200
OK
HEADERS:
Date: Thu, 26 Jun 2008 17:34:58 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.4
X-Powered-By: PHP/5.2.4
Set-Cookie: loginpwd=demo; expires=Fri, 27-Jun-2008 17:34:58 GMT; path=/; domain=.sampleaddress.com
Set-Cookie: loginuser=user; expires=Fri, 27-Jun-2008 17:34:58 GMT; path=/; domain=.sampleaddress.com
Content-Type: text/html
Content-Length: 376
Age: 31


RESPONSE:

<HTML>
<TITLE>Protected Page</TITLE>
<BODY>
<FONT FACE="arial, helvetica" SIZE=2>This is the protected page!<BR>
<A HREF="page2.php">Click here to visit protected page #2!</A><P>

<A HREF="admin.html">A non-working demo of the admin area can be found <B>here</B></A><BR><BR>
<A HREF="/cookieprotection/index.php?action=logout">Log out</A>

</FONT>
</BODY>
</HTML>
Edited by weaponx
Link to comment
Share on other sites

But what would u use if u didnt know whats behind that login page?

There is no standard for notifying the user that they logged in successfully. You have to look at the resulting page yourself and find an identifying characteristic by which to determine success.

There is no error code, the HTTP status code will show OK as long as the page loads correctly...regardless of the username and password being correct.

Link to comment
Share on other sites

I was thinking that could u detect if the URL changes. If u cant detect it, lets go in the StringInStr. I searched help file but i still dont know how it works. Could u post some example?

You need to figure these minor things out on your own, if you can't then you will never get anywhere.

If StringInStr($oHTTP.ResponseText, "success") Then

;Do stuff

Else

;Do stuff

EndIf

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...