bf2forlife Posted June 25, 2008 Share Posted June 25, 2008 $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oUsername = "username" $oPassword = "password" $oHTML = HTTPRequest("POST", "http://www.habbo.com/", "&login-username" & $oUsername & "&login-password" & $oPassword) sleep(5000) ConsoleWrite($oHTML & @CRLF) Func HTTPRequest($oMethod, $oURL, $oData = "") $oHTTP.Open($oMethod, $oURL, False) If $oMethod = "POST" Then $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded") $oHTTP.Send($oData) Return $oHTTP.ResponseText EndFunc Whats wrong with that script? Link to comment Share on other sites More sharing options...
weaponx Posted June 25, 2008 Share Posted June 25, 2008 Just looking at the source code of that page, the POST is being sent to:https://www.habbo.com/account/submit Link to comment Share on other sites More sharing options...
bf2forlife Posted June 25, 2008 Author Share Posted June 25, 2008 Thanks but have u any idea how i could detect if the page tries to change from "https://www.habbo.com/account/submit " to "http://www.habbo.com/me" ? Link to comment Share on other sites More sharing options...
bf2forlife Posted June 25, 2008 Author Share Posted June 25, 2008 bump Link to comment Share on other sites More sharing options...
weaponx Posted June 25, 2008 Share Posted June 25, 2008 bump Are you saying you want to know if the login was successful? Link to comment Share on other sites More sharing options...
bf2forlife Posted June 26, 2008 Author Share Posted June 26, 2008 Are you saying you want to know if the login was successful? Yes. Link to comment Share on other sites More sharing options...
bf2forlife Posted June 26, 2008 Author Share Posted June 26, 2008 I was thinking something like this If $loginsuccessful = 1 then msgbox(0,"success","logged in") Link to comment Share on other sites More sharing options...
weaponx Posted June 26, 2008 Share Posted June 26, 2008 This is a lot more complex than you think. If you use the LiveHTTPHeaders extension in Firefox you will see.First there is a POST to https://www.habbo.com/account/submit:POST /account/submit HTTP/1.1 Host: www.habbo.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.habbo.com/ Cookie: REMOVED Content-Type: application/x-www-form-urlencoded Content-Length: 61 credentials.username=USERNAME&credentials.password=PASSWORDThen there is a GET from https://www.habbo.com/security_check. I think the key here is that a cookie is set in the response from POST which needs to be validated here. GET /security_check HTTP/1.1 Host: www.habbo.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.habbo.com/ Cookie: REMOVEDAnd finally a GET from https://www.habbo.com/me:GET /me HTTP/1.1 Host: www.habbo.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: https://www.habbo.com/security_check Cookie: REMOVEDHere is the code I was experimenting with:expandcollapse popup$oMyError = ObjEvent("AutoIt.Error","MyErrFunc") $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") ;POST ConsoleWrite("+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF) $oHTTP.Open("POST", "http://www.habbo.com/account/submit") $oHTTP.SetRequestHeader("Host", "www.habbo.com") $oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0") $oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8") $oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5") $oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate") $oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7") $oHTTP.SetRequestHeader("Keep-Alive", "300") $oHTTP.SetRequestHeader("Connection", "keep-alive") $oHTTP.SetRequestHeader("Referer", "http://www.habbo.com/") $oHTTP.SetRequestHeader("Cookie", "REMOVED") $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded") $oHTTP.SetRequestHeader("Content-Length", "61") $oHTTP.Send("credentials.username=USERNAME&credentials.password=PASSWORD") ConsoleWrite("STATUS:" & @CRLF) ConsoleWrite($oHTTP.status & @CRLF) ConsoleWrite($oHTTP.statustext & @CRLF) ConsoleWrite("HEADERS:" & @CRLF) ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF) ConsoleWrite("RESPONSE:" & @CRLF) ConsoleWrite($oHTTP.ResponseText & @CRLF) ConsoleWrite(@CRLF) ConsoleWrite("+GET <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF) ;GET $oHTTP.Open("GET", "http://www.habbo.com/me") $oHTTP.SetRequestHeader("Host", "www.habbo.com") $oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0") $oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8") $oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5") $oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate") $oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7") $oHTTP.SetRequestHeader("Keep-Alive", "300") $oHTTP.SetRequestHeader("Connection", "keep-alive") $oHTTP.SetRequestHeader("Referer", "http://www.habbo.com/") ;$oHTTP.SetRequestHeader("Cookie", "REMOVED") $oHTTP.Send() ConsoleWrite("STATUS:" & @CRLF) ConsoleWrite($oHTTP.status & @CRLF) ConsoleWrite($oHTTP.statustext & @CRLF) ConsoleWrite("HEADERS:" & @CRLF) ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF) ConsoleWrite("RESPONSE:" & @CRLF) ConsoleWrite($oHTTP.ResponseText & @CRLF) Func MyErrFunc() $HexNumber=hex($oMyError.number,8) Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _ "Number is: " & $HexNumber & @CRLF & _ "Windescription is: " & $oMyError.windescription ) SetError(1) Endfunc Link to comment Share on other sites More sharing options...
bf2forlife Posted June 26, 2008 Author Share Posted June 26, 2008 (edited) Thanks for that code, will be needing it, but lets take something easier.(no security checks)http://www.sampleaddress.com/cookieprotection/index.phpthe login name is "user" and login password is "demo". What code for this one?code i got:$oHTTP.Open("GET", "http://www.sampleaddress.com/cookieprotection/index.php") $oHTTP.SetRequestHeader("Host", "www.sampleaddress.com") $oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14") $oHTTP.SetRequestHeader("Accept", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5") $oHTTP.SetRequestHeader("Accept-Language", "fi") $oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate") $oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7") $oHTTP.SetRequestHeader("Keep-Alive", "300") $oHTTP.SetRequestHeader("Connection", "keep-alive") ;$oHTTP.SetRequestHeader("Cookie", "REMOVED") $oHTTP.Send() Edited June 26, 2008 by bf2forlife Link to comment Share on other sites More sharing options...
weaponx Posted June 26, 2008 Share Posted June 26, 2008 (edited) You really only need one header for this one: expandcollapse popup$oMyError = ObjEvent("AutoIt.Error","MyErrFunc") $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") ;POST ConsoleWrite("+POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" & @CRLF) $oHTTP.Open("POST", "http://www.sampleaddress.com/cookieprotection/index.php?action=login") ;$oHTTP.SetRequestHeader("Host", "www.sampleaddress.com") ;$oHTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0") ;$oHTTP.SetRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8") ;$oHTTP.SetRequestHeader("Accept-Language", "en-us,en;q=0.5") ;$oHTTP.SetRequestHeader("Accept-Encoding", "gzip,deflate") ;$oHTTP.SetRequestHeader("Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7") ;$oHTTP.SetRequestHeader("Keep-Alive", "300") ;$oHTTP.SetRequestHeader("Referer", "http://www.sampleaddress.com/cookieprotection/index.php") $oHTTP.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded") ;$oHTTP.SetRequestHeader("Content-Length", "28") $oHTTP.Send("loginname=user&password=demo") ConsoleWrite("STATUS:" & @CRLF) ConsoleWrite($oHTTP.status & @CRLF) ConsoleWrite($oHTTP.statustext & @CRLF) ConsoleWrite("HEADERS:" & @CRLF) ConsoleWrite($oHTTP.GetAllResponseHeaders() & @CRLF) ConsoleWrite("RESPONSE:" & @CRLF) ConsoleWrite($oHTTP.ResponseText & @CRLF) ConsoleWrite(@CRLF) Func MyErrFunc() $HexNumber=hex($oMyError.number,8) Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _ "Number is: " & $HexNumber & @CRLF & _ "Windescription is: " & $oMyError.windescription ) SetError(1) Endfunc Output: +POST <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< STATUS: 200 OK HEADERS: Date: Thu, 26 Jun 2008 17:34:58 GMT Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.4 X-Powered-By: PHP/5.2.4 Set-Cookie: loginpwd=demo; expires=Fri, 27-Jun-2008 17:34:58 GMT; path=/; domain=.sampleaddress.com Set-Cookie: loginuser=user; expires=Fri, 27-Jun-2008 17:34:58 GMT; path=/; domain=.sampleaddress.com Content-Type: text/html Content-Length: 376 Age: 31 RESPONSE: <HTML> <TITLE>Protected Page</TITLE> <BODY> <FONT FACE="arial, helvetica" SIZE=2>This is the protected page!<BR> <A HREF="page2.php">Click here to visit protected page #2!</A><P> <A HREF="admin.html">A non-working demo of the admin area can be found <B>here</B></A><BR><BR> <A HREF="/cookieprotection/index.php?action=logout">Log out</A> </FONT> </BODY> </HTML> Edited June 26, 2008 by weaponx Link to comment Share on other sites More sharing options...
bf2forlife Posted June 26, 2008 Author Share Posted June 26, 2008 (edited) thanks, but what u use for reading Consolewrites? Edited June 26, 2008 by bf2forlife Link to comment Share on other sites More sharing options...
weaponx Posted June 26, 2008 Share Posted June 26, 2008 (edited) thanks, but what u use for reading Consolewrites?What do you mean? ConsoleWrite() is dumping directly to the SciTE output window. Edited June 26, 2008 by weaponx Link to comment Share on other sites More sharing options...
bf2forlife Posted June 26, 2008 Author Share Posted June 26, 2008 Didnt notice that But could you somehow check if the login was successfull with autoit script? Link to comment Share on other sites More sharing options...
weaponx Posted June 26, 2008 Share Posted June 26, 2008 Didnt notice that But could you somehow check if the login was successfull with autoit script?You can just use StringInStr on the response text to match a keyword. Link to comment Share on other sites More sharing options...
bf2forlife Posted June 26, 2008 Author Share Posted June 26, 2008 But what would u use if u didnt know whats behind that login page? Link to comment Share on other sites More sharing options...
weaponx Posted June 26, 2008 Share Posted June 26, 2008 But what would u use if u didnt know whats behind that login page?There is no standard for notifying the user that they logged in successfully. You have to look at the resulting page yourself and find an identifying characteristic by which to determine success.There is no error code, the HTTP status code will show OK as long as the page loads correctly...regardless of the username and password being correct. Link to comment Share on other sites More sharing options...
bf2forlife Posted June 26, 2008 Author Share Posted June 26, 2008 I was thinking that could u detect if the URL changes. If u cant detect it, lets go in the StringInStr. I searched help file but i still dont know how it works. Could u post some example? Link to comment Share on other sites More sharing options...
weaponx Posted June 26, 2008 Share Posted June 26, 2008 I was thinking that could u detect if the URL changes. If u cant detect it, lets go in the StringInStr. I searched help file but i still dont know how it works. Could u post some example?You need to figure these minor things out on your own, if you can't then you will never get anywhere.If StringInStr($oHTTP.ResponseText, "success") Then;Do stuffElse;Do stuffEndIf Link to comment Share on other sites More sharing options...
bf2forlife Posted June 26, 2008 Author Share Posted June 26, 2008 Ok Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now