WinHTTP functions

[wakillon]

What's the best tool that you use to sniff the sequence of HTTP requests in order to replicate them with WinHTTP commands?

I tried some Chrome and Firefox live header sniffers but they all lack of essential informations (for example I didn't see the additional headers to append to the request in a POST action) and are full of useless informations (for example of plenty of requests for intra-page unnecessary elements like images)...

 

you can try HttpAnalyzer

Edited August 26, 2013 by wakillon

[Imbuter2000]

you can try HttpAnalyzer

 

Exciting!  although it's full of extra unneded data like Fiddler.

Did you tried Fiddler too?

Edited August 27, 2013 by Imbuter2000

[karlkar]

Hello!

In my internet explorer I have checked "use automatic configuration script".

I cannot send my request via WinHttp, because I have no idea how to use proxy indicated by this script in my code. Is there a way to obtain proxy address from this script file?

===========EDIT==========

I've read a bit. Take a look at site http://msdn.microsoft.com/en-us/library/windows/desktop/aa384122(v=vs.85).aspx

There everything looks like it is explained. I've even wrote some code to implement function WinHttpGetProxyForUrl, but it always returns false. Can you take a look at my code and tell what is wrong?

Func _WinHttpGetProxyForUrl($handle, $url, $pacAddress)
   Local $WINHTTP_AUTOPROXY_OPTIONS = DllStructCreate("dword dwFlags;" & _
           "dword dwAutoDetectFlags;" & _
           "ptr lpszAutoConfigUrl;" & _
           "ptr lpvReserved;" & _
           "dword dwReserved;" & _
           "dword fAutoLogonIfChallenged;")
   ConsoleWrite("Error = " & @error & @CRLF)
   Local $WINHTTP_PROXY_INFO = DllStructCreate("dword AccessType;" & _
            "ptr Proxy;" & _
            "ptr ProxyBypass")
   ConsoleWrite("Error = " & @error & @CRLF)
   
   DllStructSetData($WINHTTP_AUTOPROXY_OPTIONS, "dwFlags", $WINHTTP_AUTOPROXY_CONFIG_URL)
   DllStructSetData($WINHTTP_AUTOPROXY_OPTIONS, "dwAutoDetectFlags", BitOR($WINHTTP_AUTO_DETECT_TYPE_DHCP, $WINHTTP_AUTO_DETECT_TYPE_DNS_A))
   Local $tPacAddress = DllStructCreate("wchar[" & StringLen($pacAddress) + 1 & "]")
   DllStructSetData($tPacAddress, 1, $pacAddress)
   ConsoleWrite("Error = " & @error & @CRLF)
   DllStructSetData($WINHTTP_AUTOPROXY_OPTIONS, "lpszAutoConfigUrl", DllStructGetPtr($tPacAddress))
   
   Local $tUrl = DllStructCreate("wchar[" & StringLen($url) + 1 & "]")
   DllStructSetData($tUrl, 1, $url)
   
   Local $aCall = DllCall($hWINHTTPDLL__WINHTTP, "bool", "WinHttpGetProxyForUrl", "handle", $handle, _
                           "wstr", DllStructGetPtr($tUrl), _
                           "struct*", DllStructGetPtr($WINHTTP_AUTOPROXY_OPTIONS), _
                           "struct*", DllStructGetPtr($WINHTTP_PROXY_INFO))
   _ArrayDisplay($aCall)
   ConsoleWrite(@error & " " & $aCall[0] & " " & DllStructGetData($WINHTTP_PROXY_INFO, "Proxy"))
EndFunc

Output in console is 

Error = 0
Error = 0
Error = 0
0 0 0x00000000

and _ArrayDisplay shows me 

 

[0]|0
[1]|0x00663D80
[2]|0x04405458
[3]|0x043F1500
[4]|0x044001A8

Edited September 4, 2013 by karlkar

[trancexx]

Hello!

In my internet explorer I have checked "use automatic configuration script".

I cannot send my request via WinHttp, because I have no idea how to use proxy indicated by this script in my code. Is there a way to obtain proxy address from this script file?

PAC file is form of JavaScript file. You can use _WinHttpGetIEProxyConfigForCurrentUser() to get its location and read the content. When you do that post the content here. Relevant info should be obvious.

After that all you need to do is use those proxy settings for WinHttp.

[karlkar]

I know it. It is simple to get the proxy address from PAC file. For now I'm using hardcoded proxy from there. But if PAC changes once a week(someone claims that it is more secure) I do not want to update my script each time. Especially that this script is rather big I even thought about downloading it and parsing, then trying every address from it, but it is very ugly solution. Isn't it? There is no other, better way?

[trancexx]

I know it. It is simple to get the proxy address from PAC file. For now I'm using hardcoded proxy from there. But if PAC changes once a week(someone claims that it is more secure) I do not want to update my script each time. Especially that this script is rather big I even thought about downloading it and parsing, then trying every address from it, but it is very ugly solution. Isn't it? There is no other, better way?

In the code you posted earlier when you call WinHttpGetProxyForUrl, you are using second argument wrong. If it's "wstr" then you should pass $url directly, not pass pointer to struct. After that call if you still get error you should call _WinAPI_GetLastError() to see what the actual error number is and then check WinHttpConstants.au3 to get description for that error number.

 

If everything would be ok (it is for me) then you do:

;...
Local $pProxy = DllStructGetData($WINHTTP_PROXY_INFO, "Proxy")
Return DllStructGetData(DllStructCreate("wchar[" & _WinAPI_StringLenW($pProxy) & "]", $pProxy), 1)

... to get proxy from your _WinHttpGetProxyForUrl() function.

 

Then you simply:

$sProxy = _WinHttpGetProxyForUrl(...
$hOpen = _WinHttpOpen(Default, $WINHTTP_ACCESS_TYPE_NAMED_PROXY, $sProxy)

Edited September 9, 2013 by trancexx

[karlkar]

Ok, I get error 

$ERROR_WINHTTP_UNRECOGNIZED_SCHEME

it means that

The URL of the PAC file specified a scheme other than "http:" or "https:".

any ideas how to fix it?

My code is at http://pastebin.com/5eKenAKA

Edited September 10, 2013 by karlkar

[trancexx]

You actually have to make the use of the proxy that you get. And the error is because you need full address of the site you want proxy for.

Local $aConfig = _WinHttpGetIEProxyConfigForCurrentUser()
Local $sPacFile = $aConfig[1] ; this is PAC file used by IE
$sPacFile = "http://rosinstrument.com/cgi-bin/proxy.pac" ; override for this example

Local $hOpen = _WinHttpOpen()
Local $sProxy = _WinHttpGetProxyForUrl($hOpen, "http://www.ip-adress.com", $sPacFile) ; full URL of the place where you'd want to connect later
_WinHttpCloseHandle($hOpen) ; you won't be needing this one any more (so better would be that it's opened and closed in your _WinHttpGetProxyForUrl and not passed as its argument)

; Print the result
ConsoleWrite($sProxy & @CRLF)

; Now use that proxy
$hOpen = _WinHttpOpen(Default, $WINHTTP_ACCESS_TYPE_NAMED_PROXY, $sProxy)

Local $hConnect = _WinHttpConnect($hOpen, "www.ip-adress.com")

Local $sResult = _WinHttpSimpleRequest($hConnect)

; Close handles
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)

; Print the HTML of the page
ConsoleWrite($sResult & @CRLF)
ClipPut($sResult) ; you use clipboard for whatever reason

[karlkar]

Hello. It's me again

I want to send a series of POST queries to JIRA server.

I'd love to do it by logging in only once. Logging process takes about 20 seconds, so avoiding it as often as possible is very important.

Can I use the same $hRequest? It appears that no, because the second response is always null...

The first response for WinHTTPSendRequest()

HTTP/1.1 200 OK
Date: Thu, 03 Oct 2013 10:42:43 GMT
Transfer-Encoding: chunked
Content-Type: application/json;charset=UTF-8
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3289F0858C894BA53331F8614C076095; Path=/; HttpOnly
Set-Cookie: crowd.token_key=""; Domain=.sprc.samsung.pl; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
Set-Cookie: crowd.token_key=zaNtV6CVc4JXwje7lrTy4g00; Domain=.sprc.samsung.pl; Path=/; HttpOnly
Set-Cookie: atlassian.xsrf.token=B5KX-L6MY-6ZEU-2ZJQ|b644824edaff12fd8bc017720ca46a2fce4c7adb|lin; Path=/
X-AREQUESTID: 762x5923799x142
X-Seraph-LoginReason: OUT
X-Seraph-LoginReason: OK
X-ASESSIONID: 1izakq
X-AUSERNAME: l.login

and the second one:

HTTP/1.1 200 OK
Date: Thu, 03 Oct 2013 10:42:43 GMT
Transfer-Encoding: chunked
Content-Type: application/json;charset=UTF-8
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=3289F0858C894BA53331F8614C076095; Path=/; HttpOnly
Set-Cookie: crowd.token_key=""; Domain=.sprc.samsung.pl; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
Set-Cookie: crowd.token_key=zaNtV6CVc4JXwje7lrTy4g00; Domain=.sprc.samsung.pl; Path=/; HttpOnly
Set-Cookie: atlassian.xsrf.token=B5KX-L6MY-6ZEU-2ZJQ|b644824edaff12fd8bc017720ca46a2fce4c7adb|lin; Path=/
X-AREQUESTID: 762x5923799x142
X-Seraph-LoginReason: OUT
X-Seraph-LoginReason: OK
X-ASESSIONID: 1izakq
X-AUSERNAME: l.login

Data length of the second one is 0.

My code is something like:

Func send($hRequest, $login, $passwd, $method, $service, $header, $data = Default)
    If $hRequest = 0 Then
      Local $hOpen = _WinHTTPOpen()
      Local $hConnect = _WinHttpConnect($hOpen, "cam.address.pl")
      $hRequest = _WinHttpOpenRequest($hConnect, $method, $service)
      _WinHttpSetCredentials($hRequest, $WINHTTP_AUTH_TARGET_SERVER, $WINHTTP_AUTH_SCHEME_BASIC, $login, $passwd)
   EndIf
   Local $dataSize = 0
   If $data <> Default Then
      $dataSize = StringLen($data)
   EndIf
   _WinHttpSendRequest($hRequest, $header, $data, $dataSize)
   _WinHttpReceiveResponse($hRequest)
   MsgBox(0, "", _WinHttpQueryHeaders($hRequest))
   
   Local $response = _WinHttpReadData($hRequest)
   While @extended == 8192
      $response &= _WinHttpReadData($hRequest)
   WEnd
   writeLog("Response read. Total size = " & StringLen($response))
   
   If $response == "" Then
      Return SetError(2, 0, 0)
   ElseIf StringInStr($response, "Unauthorized") Then
      Return SetError(3, 0, 0)
   EndIf
   Return $response
endfunc

and example function call:

send($login, $pass, "POST", "rest/api/2/search", "Content-Type: application/json", '{"jql":"' & $filterStr & '","startAt":0,"maxResults":100,"fields":["project","customfield_11700"]}')

Can you tell me what should I do to make it work?

Edited October 3, 2013 by karlkar

[Imbuter2000]

If I open a WinHttp connection with PROXY and go to http://www.whatsmyip.org/more-info-about-you/   it's able to see my screen resolution (1920x1080 pixels).
Is it possible to set WinHttp to avoid communicating my screen resolution?

[trancexx]

If I open a WinHttp connection with PROXY and go to http://www.whatsmyip.org/more-info-about-you/   it's able to see my screen resolution (1920x1080 pixels).

Is it possible to set WinHttp to avoid communicating my screen resolution?

WinHttp doesn't give away your screen resolution, don't worry. You are just misinterpretting readings.

That site uses javascript to detect resolution and javascript is client side. "Client-side" means that it's executed on side of the user and that means only you can see screen resolution data.

Beside that, WinHttp.au3 doesn't even run returned javascript. My guess is that you open returned HTML in your browser and it executes the javascripts. If yes then read this post again.

@karlkar, you are calling your own function wrong. First argument should be $hRequest.

...Plus few more bad programming issues.

Edited October 6, 2013 by trancexx

[Imbuter2000]

WinHttp doesn't give away your screen resolution, don't worry. You are just misinterpretting readings.

That site uses javascript to detect resolution and javascript is client side. "Client-side" means that it's executed on side of the user and that means only you can see screen resolution data.

Beside that, WinHttp.au3 doesn't even run returned javascript. My guess is that you open returned HTML in your browser and it executes the javascripts. If yes then read this post again.

 

Ah trancexx thanks! you were totally right!  my resolution appeared only in the browser rendered version and because a Javascript in that point of the text.  

Edited October 8, 2013 by Imbuter2000

[lionfaggot]

after several hours of using this udf i came to a conclusion. why cant the functions have simple names like _Get() _Post() and _SetExtraHeaders() ? in fact im working on that now. this reminds me of using curl in php as i often do. i did the same there because man i cant stand retarded functions with names that have absolutely nothing with what im trying to achieve. long story short im shortening this udf into like 3 functions as thats all most people would use it for

[lionfaggot]

also, does this udf automatically handle cookies? it doesnt appear to, and honestly, as previously stated. the function listings make my brain hurt. so, if this is an already asked question (which it probably is) my apologies

[guinness]

There is nothing wrong with the function names as they follow the API calls they use. Please learn how to use the accompanying help file and deciphering UDFs.

[lionfaggot]

alright having a real issue here, this is killing me. anyone wanna give me a heads up on what im doing wrong in the following code:

#include <WinHttp.au3>
Func _Get($host, $page, $ssl = 0)
    Local $hOpen = _WinHttpOpen()
    If $ssl = 0 Then
        Local $hConnect = _WinHttpConnect($hOpen, $host)
    Else
        Local $hConnect = _WinHttpConnect($hOpen, $host, $INTERNET_DEFAULT_HTTPS_PORT)
    EndIf
    Local $req = _WinHttpOpenRequest($hConnect, "GET", $page)
    _WinHttpAddRequestHeaders($hConnect, "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:25.0) Gecko/20100101 Firefox/25.0")
    _WinHttpAddRequestHeaders($hConnect, "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
    _WinHttpAddRequestHeaders($hConnect, "Accept-Language: en-US,en;q=0.5")
    _WinHttpAddRequestHeaders($hConnect, "Accept-Encoding: gzip, deflate")
    _WinHttpAddRequestHeaders($hConnect, "Referer: http://www.google.com/")
    _WinHttpAddRequestHeaders($hConnect, "Connection: keep-alive" & @CRLF & @CRLF)
    _WinHttpSendRequest($hConnect)
    Return _WinHttpReceiveResponse($hConnect)
EndFunc   ;==>_Get

MsgBox(0, "Why is this returning 0", _Get("fetlife.com", "/session", 1))

im gonna have all of this deal with cookies etc for me, then make a _Post function as well. just so i dont kill myself using it. i just dont know why _WinHttpReceiveResponse keeps throwing me 0, any help here?

Edited November 10, 2013 by lionfaggot

[lionfaggot]

ah i see, it was a simple mindrape, i used $hConnect where i should have put $req, now that this is handled im onto more important matters

[lionfaggot]

how do you return the body and the headers with _WinHttpReadData()? im assuming its some option i set in another function? any ideas?

Edit: i keep answering my own questions, it would appear that _WinHttpQueryHeaders() does the trick nicely

Edited November 11, 2013 by lionfaggot

[lionfaggot]

i made two functions: _Get() and _Post() which both have an ssl option parameter, both return the body of the response. and all of that works, however i added in automatic cookie handling which is failing on some sites. anyone want to help me out? these functions will make things quite a bit simpler with much less typing if we can make it work. heres my code:

expandcollapse popup

#include <WinHttp.au3>
Func _Get($host, $page, $ssl = 0)
    Local $hOpen = _WinHttpOpen()
    If $ssl = 0 Then
        Local $hConnect = _WinHttpConnect($hOpen, $host)
        Local $req = _WinHttpOpenRequest($hConnect, "GET", $page)
    Else
        Local $hConnect = _WinHttpConnect($hOpen, $host, $INTERNET_DEFAULT_HTTPS_PORT)
        Local $req = _WinHttpOpenRequest($hConnect, "GET", $page, Default, Default, Default, $WINHTTP_FLAG_SECURE)
    EndIf
    _WinHttpAddRequestHeaders($hConnect, "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:25.0) Gecko/20100101 Firefox/25.0")
    _WinHttpAddRequestHeaders($hConnect, "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
    _WinHttpAddRequestHeaders($hConnect, "Accept-Language: en-US,en;q=0.5")
    _WinHttpAddRequestHeaders($hConnect, "Accept-Encoding: gzip, deflate")
    _WinHttpAddRequestHeaders($hConnect, "Referer: http://www.google.com/")
    $gcookie = _getcookie($host)
    If $gcookie <> -1 Then
        _WinHttpAddRequestHeaders($hConnect, $gcookie)
    EndIf
    _WinHttpAddRequestHeaders($hConnect, "Connection: keep-alive" & @CRLF)
    _WinHttpSendRequest($req)
    Local $resp = _WinHttpReceiveResponse($req)
    If $resp = 1 Then
        $headers = _WinHttpQueryHeaders($req)
        If StringInStr($headers, "Set-Cookie:") Then
            _cookie($host, $headers)
        EndIf
        Local $sresp = _WinHttpReadData($req)
        Return $sresp
    EndIf
EndFunc   ;==>_Get

Func _Post($host, $page, $pdata, $ssl = 0)
    Local $hOpen = _WinHttpOpen()
    If $ssl = 0 Then
        Local $hConnect = _WinHttpConnect($hOpen, $host)
        Local $req = _WinHttpOpenRequest($hConnect, "POST", $page)
    Else
        Local $hConnect = _WinHttpConnect($hOpen, $host, $INTERNET_DEFAULT_HTTPS_PORT)
        Local $req = _WinHttpOpenRequest($hConnect, "POST", $page, Default, Default, Default, $WINHTTP_FLAG_SECURE)
    EndIf
    _WinHttpAddRequestHeaders($hConnect, "User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:25.0) Gecko/20100101 Firefox/25.0")
    _WinHttpAddRequestHeaders($hConnect, "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
    _WinHttpAddRequestHeaders($hConnect, "Accept-Language: en-US,en;q=0.5")
    _WinHttpAddRequestHeaders($hConnect, "Accept-Encoding: gzip, deflate")
    _WinHttpAddRequestHeaders($hConnect, "Referer: http://www.google.com/")
    $gcookie = _getcookie($host)
    If $gcookie <> -1 Then
        _WinHttpAddRequestHeaders($hConnect, $gcookie)
    EndIf
    _WinHttpAddRequestHeaders($hConnect, "Connection: keep-alive")
    _WinHttpAddRequestHeaders($hConnect, "Content-Type: application/x-www-form-urlencoded")
    _WinHttpAddRequestHeaders($hConnect, "Content-Length: "&StringLen($pdata))
    _WinHttpAddRequestHeaders($hConnect, @CRLF & $pdata)
    _WinHttpSendRequest($req)
    Local $resp = _WinHttpReceiveResponse($req)
    If $resp = 1 Then
        $headers = _WinHttpQueryHeaders($req)
        If StringInStr($headers, "Set-Cookie:") Then
            _cookie($host, $headers)
        EndIf
        Local $sresp = _WinHttpReadData($req)
        Return $sresp
    EndIf
EndFunc   ;==>_Post

Func _cookie($host, $retcook)
    DirCreate("Cookies" & $host & "\")
    $array = StringRegExp($retcook, "Set-Cookie: (.+)\r\n", 3)
    $cookies = ""
    For $i = 0 To UBound($array) - 1
        $cookies = $array[$i] & ";"
        $csplit = StringSplit($cookies, "=")
        $cookname = $csplit[1]
        $cookies = StringRegExpReplace($cookies, "( path| domain| expires)=[^;]+", "")
        $cookies = StringRegExpReplace($cookies, " HttpOnly", "")
        $cookies = StringRegExpReplace($cookies, "[;]{2,}", ";")
        FileDelete("Cookies" & $host & "\" & $cookname & ".txt")
        FileWrite("Cookies" & $host & "\" & $cookname & ".txt", $cookies)
    Next
EndFunc   ;==>_cookie

Func _getcookie($host)
    Local $noret = 0
    $cookrr = "Cookie:"
    $search = FileFindFirstFile("Cookies" & $host & "\*.txt")
    If @error Then
        Return -1
        $noret = 1
    EndIf
    If $noret <> 1 Then
        While 1
            $file = FileFindNextFile($search)
            If @error Then
                Return $cookrr
                ExitLoop
            Else
                $cookrr &= " " & FileRead("Cookies" & $host & "\" & $file)
            EndIf
        WEnd
    EndIf
    $noret = 0
EndFunc   ;==>_getcookie

Get example: MsgBox(0, "", _Get("www.somesite.com", "/page"))

Get example (ssl): MsgBox(0, "", _Get("www.somesite.com", "/page", 1))

Post example: MsgBox(0, "", _Post("www.somesite.com", "/login", "user=fork&pass=lolfork"))

Post example (ssl): MsgBox(0, "", _Post("www.somesite.com", "/login", "user=fork&pass=lolfork", 1))

[karlkar]

Hello. Could you help me in converting this request:

curl 'https://cqweb.server.address.com/cqweb/login' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: pl,en-us;q=0.7,en;q=0.3' -H 'Connection: keep-alive' -H 'Cookie: schemarepo=TN_MP3; userDb=D01; cqecytusid=Zjnh1Smbfl/MiWNLFGixNg==; JSESSIONID=0000F3DyGHdvfvfTMFHI_WA6q2I:-1' -H 'Host: cqweb.server.address.com' -H 'Referer: https://cqweb.server.address.com/cqweb/login' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0' -H 'Content-Type: application/x-www-form-urlencoded' --data 'targetUrl=%2Fcqweb%2Fmain%3Fcommand%3DGenerateMainFrame&ratl_userdb=A01%2CC01%2CD01%2CD02%2CF01%2CF02%2CG01%2CG02%2CGA01%2CGA02%2CH01%2CH02%2CI01%2CK01%2CK02%2CM01%2CN01%2CO01%2CU01%2CWEBUI%2CX01%2CZ02%2CZ03%2CZ04%2C&test=&clientServerAddress=https%3A%2F%2Fcaqeb.server.address.com%2Fcqweb%2Flogin&username=user&password=password%21&schema=TN_MP3&userDb=D01'

to autoit code?

I've been trying something like:

expandcollapse popup

#include "../udf/WinHttp.au3"

Global $LOGIN = 'USER'
Global $PASSWORD = 'PASSWORD'

$LocalIP = "cqweb.server.address.com"

$hw_open = _WinHttpOpen()

$hw_connect = _WinHttpConnect($hw_open, $LocalIP)

$h_openRequest = _WinHttpOpenRequest($hw_connect, "POST", "cqweb/login")

;_WinHttpSetCredentials($h_openRequest, $WINHTTP_AUTH_TARGET_SERVER, $WINHTTP_AUTH_SCHEME_BASIC, $LOGIN, $PASSWORD)

_WinHttpAddRequestHeaders($h_openRequest, 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8') 
_WinHttpAddRequestHeaders($h_openRequest, 'Accept-Encoding: gzip, deflate') 
_WinHttpAddRequestHeaders($h_openRequest, 'Accept-Language: pl,en-us;q=0.7,en;q=0.3') 
_WinHttpAddRequestHeaders($h_openRequest, 'Connection: keep-alive') 
_WinHttpAddRequestHeaders($h_openRequest, 'Cookie: schemarepo=TN_MP3; userDb=D01; cqecytusid=Zjnh1Smbfl/MiWNLFGixNg==; JSESSIONID=0000F3DyGHdvfvfTMFHI_WA6q2I:-1') 
_WinHttpAddRequestHeaders($h_openRequest, 'Host: cqweb.server.address.com') 
_WinHttpAddRequestHeaders($h_openRequest, 'Referer: https://cqweb.server.address.com/cqweb/login') 
_WinHttpAddRequestHeaders($h_openRequest, 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0') 
_WinHttpAddRequestHeaders($h_openRequest, 'Content-Type: application/x-www-form-urlencoded')

_WinHttpSendRequest($h_openRequest)

_WinHttpWriteData($h_openRequest, "targetUrl=%2Fcqweb%2Fmain%3Fcommand%3DGenerateMainFrame&ratl_userdb=A01%2CC01%2CD01%2CD02%2CF01%2CF02%2CG01%2CG02%2CGA01%2CGA02%2CH01%2CH02%2CI01%2CK01%2CK02%2CM01%2CN01%2CO01%2CU01%2CWEBUI%2CX01%2CZ02%2CZ03%2CZ04%2C&test=&clientServerAddress=https%3A%2F%2Fcqweb.server.address.com%2Fcqweb%2Flogin&username=user&password=password%21&schema=TN_MP3&userDb=D01")

_WinHttpReceiveResponse($h_openRequest)
MsgBox(8192, "Headers", _WinHttpQueryHeaders($h_openRequest))

Local $response = _WinHttpReadData($h_openRequest)
While @extended = 8192
    $response &= _WinHttpReadData($h_openRequest)
WEnd

MsgBox(8192, "resp", $response)

_WinHttpCloseHandle($h_openRequest)

_WinHttpCloseHandle($hw_connect)

_WinHttpCloseHandle($hw_open)

However it doesn't work.

Header of response obtained by curl:

 

HTTP/1.1 200 OK
 
Date: Mon, 20 Jan 2014 16:10:16 GMT
Server: IBM_HTTP_Server/6.0.2.27 Apache/2.0.47 (Win32)
Content-Length: 15559
Set-Cookie: JSESSIONID=0000kfCcijdI7qNHUKjF6qF2Ceq:-1; Path=/
Set-Cookie: cqecytusid=Zjnh1Smbfl/MiWNLFGixNg==; Expires=Tue, 20 Jan 2015 16:10:15 GMT; Path=/cqweb/; Secure
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: ko-KR

 

And here's the one obtained by my autoit code:

 

HTTP/1.1 200 OK

Connection: Keep-Alive

Date: Mon, 20 Jan 2014 16:29:00 GMT

Keep-Alive: timeout=15, max=100

Content-Length: 15574

Content-Type: text/html; charset=UTF-8

Content-Language: ko-KR

Server: IBM_HTTP_Server/6.0.2.27 Apache/2.0.47 (Win32)

Set-Cookie: JSESSIONID=0000n0j_5DXEN41gLtiCBz7uVXS:-1; Path=/

Set-Cookie: cqweb_session=""; Expires=Thu, 01 Dec 1994 16:00:00 GMT;

Path=/cqweb/

 

As you can see I'm not getting 'cqecytusid' required to further operations...

Edited January 20, 2014 by karlkar