PunkoHead Posted October 25, 2018 Posted October 25, 2018 Hi guys, I have a problem with Winhttp.winhttprequest.5.1 When I try to POST to a URL (https://example.com) it works just fine, but when I try to POST to the IP (https://1.1.1.1) there is an error message. My COM error handler says the following: Description: The host name in the certificate is invalid or does not match Number: 80020009 Source: WinHttp.WinHttpRequest It is most certainly a problem on our server, however I am asking if there is a way that we can disable the SSL verification while posting to the IPs instead of the DNS. The code that I use is: expandcollapse popupFunc SendXmlPostRequest($url, $auth, $xml) ; Make a POST request to Genesis and get the response. Global $oHTTP = ObjCreate('Winhttp.winhttprequest.5.1') $oHTTP.Open('POST', $url, False) $oHTTP.SetRequestHeader('Authorization', 'Basic' & ' ' & $auth) $oHTTP.setRequestHeader('Content-type', 'application/xml') $oHTTP.Send($xml) $responseText = $oHTTP.ResponseText $responseStatus = $oHTTP.Status If $responseStatus <> 200 Then ; Check the response code from the server. MsgBox(0, 'Message', 'Request failed on subimtion with Response Status:' & ' ' & $responseStatus) Exit EndIf $getCodeArr = _StringBetween($responseText, '<code>', '</code>') $getCode = $getCodeArr If $getCode <> 0 And $getCode <> 200 Then ; Check the response code from the gateway. $getTechicalMessageArr = _StringBetween($responseText, '<technical_message>', '</technical_message>') $getTechicalMessage = $getTechicalMessageArr MsgBox(0, 'Message', 'Request failed with:' & @CRLF & 'Response Code:' & ' ' & $getCodeArr[0] & @CRLF & 'Technical Message:' & ' ' & $getTechicalMessageArr[0]) Exit EndIf If $responseStatus = 200 Then $getTransType = _StringBetween($responseText, '<transaction_type>', '</transaction_type>') If $getTransType[0] = "capture" Then $getCaptureUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>') ElseIf $getTransType[0] = "void" Then $getVoidUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>') ElseIf $getTransType[0] = "refund" Then $getRefundUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>') ElseIf $getTransType[0] = "credit" Then $getCreditUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>') ElseIf $getTransType[0] = "recurring_sale" Then $getRecurringSaleUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>') Else $getUniqueID = _StringBetween($responseText, '<unique_id>', '</unique_id>') $uniqueID = $getUniqueID[0] EndIf EndIf EndFunc ;==>SendXmlPostRequest Thank you in advance for the suggestions!
TheXman Posted October 25, 2018 Posted October 25, 2018 (edited) @PunkoHead Here are the constants for the Option property of the WinHttpRequest object: Global Enum $WinHttpRequestOption_UserAgentString, _ $WinHttpRequestOption_URL, _ $WinHttpRequestOption_URLCodePage, _ $WinHttpRequestOption_EscapePercentInURL, _ $WinHttpRequestOption_SslErrorIgnoreFlags, _ $WinHttpRequestOption_SelectCertificate, _ $WinHttpRequestOption_EnableRedirects, _ $WinHttpRequestOption_UrlEscapeDisable, _ $WinHttpRequestOption_UrlEscapeDisableQuery, _ $WinHttpRequestOption_SecureProtocols, _ $WinHttpRequestOption_EnableTracing, _ $WinHttpRequestOption_RevertImpersonationOverSsl, _ $WinHttpRequestOption_EnableHttpsToHttpRedirects, _ $WinHttpRequestOption_EnablePassportAuthentication, _ $WinHttpRequestOption_MaxAutomaticRedirects, _ $WinHttpRequestOption_MaxResponseHeaderSize, _ $WinHttpRequestOption_MaxResponseDrainSize, _ $WinHttpRequestOption_EnableHttp1_1, _ $WinHttpRequestOption_EnableCertificateRevocationCheck Here are the valid values for ignoring SSL errors Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_UnknownCA = 0x0100 Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_CertWrongUsage = 0x0200 Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_CertCNInvalid = 0x1000 Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_CertDateInvalid = 0x2000 Global CONST $WinHttpRequestOption_SslErrorIgnoreFlags_IgnoreAll = 0x3300 ;IGNORE ALL OF THE ABOVE So to ignore all SSL errors, you could add the following line before your send: $oHTTP.Option($WinHttpRequestOption_SslErrorIgnoreFlags) = $WinHttpRequestOption_SslErrorIgnoreFlags_IgnoreAll or $oHTTP.Option(4) = 0x3300 Edited October 25, 2018 by TheXman Added @PunkoHead since he or she isn't following the topic PunkoHead and cetipabo 2 CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
PunkoHead Posted October 30, 2018 Author Posted October 30, 2018 I did not have the chance to thank you. This solved the issue! TheXman 1
TheXman Posted October 30, 2018 Posted October 30, 2018 You're welcome. Glad to have helped. CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
PunkoHead Posted October 31, 2018 Author Posted October 31, 2018 Just a slight update here, once I ignore the certificate alerts, my request is not being sent as application/xml and the server refuses the post request. I read somewhere that this is because some character conversion and the XML not being sent as UTF-8, but am not sure. Basically, using Winhttp.winhttprequest.5.1, I am not able to send my requests to the server. Does anyone have a solution for this? Not sure if I have to open a new thread about this. Thanks in advance!
PunkoHead Posted October 31, 2018 Author Posted October 31, 2018 @Juvigy Can you point me out a bit? What do you mean? I do not want to use the IE.au3 library for this one.
caramen Posted October 31, 2018 Posted October 31, 2018 If it's still cetificat issue: If the webSite is Safe "?" Just approve the invalid certificate. And import it to the computer. This is able to be done only if you're automating one PC. Is it Symantec certif ? My video tutorials : ( In construction ) || My Discord : https://discord.gg/S9AnwHw How to Ask Help || UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote Spoiler Water's UDFs:Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsPowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & SupportExcel - Example Scripts - WikiWord - Wiki Tutorials:ADO - Wiki
PunkoHead Posted October 31, 2018 Author Posted October 31, 2018 Unfortunately I am not able to import the certificate because I am trying to reach the certificate via IP not a domain. Also, many people will use it
TheXman Posted October 31, 2018 Posted October 31, 2018 6 hours ago, PunkoHead said: my request is not being sent as application/xml Is this an assumption or are you getting back an error that explicitly states that is the reason your POST is getting rejected? Can you show the response or any errors that you got back in the response? To trouble shoot the issue, more information is needed. Are you sure that the XML is valid? Can you provide the request requirements? Does the request require any other information to be sent in the header? Does the site have a test environment that test requests can be sent? If so, that would help. Without more information, any attempt to trouble shoot the issue would be pure speculation. CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
Juvigy Posted October 31, 2018 Posted October 31, 2018 5 hours ago, PunkoHead said: @Juvigy Can you point me out a bit? What do you mean? I do not want to use the IE.au3 library for this one. Yes, IE UDF. Why dont you want to use it?
TheXman Posted October 31, 2018 Posted October 31, 2018 24 minutes ago, Juvigy said: Yes, IE UDF. Why dont you want to use it? @Juvigy You've piqued my interest. To the best of my knowledge, you cannot do an HTTP POST of application/xml data using any IE UDF functions. Just how would you propose to do an HTTP POST of application/xml data using the IE UDF? CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
PunkoHead Posted October 31, 2018 Author Posted October 31, 2018 Quote Is this an assumption or are you getting back an error that explicitly states that is the reason your POST is getting rejected? Can you show the response or any errors that you got back in the response? This is what I got - it is a response from our server: <payment_response> <status>error</status> <code>360</code> <message>Missing or invalid content type: should be text/xml!</message> <technical_message>Parsing not possible.</technical_message> </payment_response> Quote Are you sure that the XML is valid? Yes, using Msxml2.XMLHTTP is sending the correct thing. We have a test environment but it is really strict and I am not able to provide you access to it As for the information in the headers - only content type and authorization - nothing else. And just clarification, if I set the header to text/xml - it is the same error.
TheXman Posted October 31, 2018 Posted October 31, 2018 (edited) The error message says that it is expecting a content-type of text/xml. Looking at your original post, you specified a content-type of application/xml. Have you tried changing it to text/xml? Sorry. just read the last sentence? I see that you did try text/html. Edited October 31, 2018 by TheXman CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
TheXman Posted October 31, 2018 Posted October 31, 2018 (edited) When I am testing web services, I use an extension like Rester, in Firefox, to make sure that I have all of the information I need to get a successful response. I then translate it into code. Have you tried using some sort of web service tool, other than msxml2.xmlhttp, to validate the request? Edited October 31, 2018 by TheXman CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
TheXman Posted October 31, 2018 Posted October 31, 2018 (edited) You could also try explicitly setting the charset like: $oHTTP.setRequestHeader('Content-Type', 'text/xml; charset=utf-8') Edited October 31, 2018 by TheXman CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
PunkoHead Posted October 31, 2018 Author Posted October 31, 2018 This is super strange... Trying these: $oHTTP.SetRequestHeader('Content-Type', 'application/xml; charset=utf-8') $oHTTP.SetRequestHeader('Content-Type', 'text/xml; charset=utf-8') Did not help. As for the testing - I am testing with Postman - I get great responses with it. I also tried restlet - it works great as well. Not sure if I switch to another version of winhttprequest. Can you give me the exact name that I have to put in ObjCreate in order to do so?
TheXman Posted October 31, 2018 Posted October 31, 2018 All of my scripts use exactly the same command as your original post: $oHttp = ObjCreate("winhttp.winhttprequest.5.1") CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
TheXman Posted October 31, 2018 Posted October 31, 2018 (edited) Postman should be able to show you the raw request and response. If it doesn't, you could use a protocol sniffer like WireShark to capture the request in order to see exactly how the successful requests look. Then, you can build the request to look the same. Something is missing in the AutoIt-generated requests using the winhttprequest object. Edited October 31, 2018 by TheXman CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
TheXman Posted October 31, 2018 Posted October 31, 2018 Are you going through a proxy? If so, are host headers required? CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now