Jump to content

WinHTTP functions


trancexx
 Share

Recommended Posts

A simple script but i can't find my mistake.

When i try this script with http it works fine but with https the $sheader and $sdata is empty.

Please heeeeeeelp meeee.

winhttp_test.au3

That server redirects from https to http. This is considered to be security risk and therefore unsafe. To allow it you can add this line:

_WinHttpSetOption($HttpOpen, $WINHTTP_OPTION_REDIRECT_POLICY, $WINHTTP_OPTION_REDIRECT_POLICY_ALWAYS)

 

Edited by trancexx

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

That server redirects from https to http. This is considered to be security risk and therefore unsafe. To allow it you can add this line:

_WinHttpSetOption($HttpOpen, $WINHTTP_OPTION_REDIRECT_POLICY, $WINHTTP_OPTION_REDIRECT_POLICY_ALWAYS)

 

Thanks for the answer.

You are right the gmx.de server was not a good example for this script.

I think it depends on the server(certificate?). Some server works fine and from some i got an empty $sheader and $sdata.

With tcpdump i see the tcp pakets and it looks like the certificate verification failed.

But there is also a encrypted server response to my client. It is possible to save this response(error message) on the winhttp site? Debug mode?? 

Two files attached. The first works and the second don't. Same script only the server was changed.

 

 

winhttp_test_ok.au3

winhttp_test_failed.au3

Link to comment
Share on other sites

Both work for me out of the box.

Try ignoring cert errors:

_WinHttpSetOption($HttpOpenRequest, $WINHTTP_OPTION_SECURITY_FLAGS, BitOR($SECURITY_FLAG_IGNORE_UNKNOWN_CA, $SECURITY_FLAG_IGNORE_CERT_DATE_INVALID, $SECURITY_FLAG_IGNORE_CERT_CN_INVALID, $SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE))

I assume your system is some older flavour (XP?). It could be that because of that your code has issues with newer signatures algorithms. 

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

Both work for me out of the box.

Try ignoring cert errors:

_WinHttpSetOption($HttpOpenRequest, $WINHTTP_OPTION_SECURITY_FLAGS, BitOR($SECURITY_FLAG_IGNORE_UNKNOWN_CA, $SECURITY_FLAG_IGNORE_CERT_DATE_INVALID, $SECURITY_FLAG_IGNORE_CERT_CN_INVALID, $SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE))

I assume your system is some older flavour (XP?). It could be that because of that your code has issues with newer signatures algorithms. 

You are a genius. After update from XP SP2 to SP3 it works now. Thanks.

Link to comment
Share on other sites

trancexxI would like to ask you a message on how to obtain ssl encryption.

Like browser https connection Info display.(TLS 1.0 、cipher suites : AES128....) (Autoit forum show TLS 1.2)

Which way should I use it?
_WinHttpQueryAuthSchemes or _WinHttpQueryOption ? or other?

Information can be obtained at present are the html ...

Whether well-known encryption website is it?

 

Edited by ericli03
Link to comment
Share on other sites

  • 1 month later...

Thank you very much for such a great UDF.

I am trying to login in dailymotion site

#include "WinHttp.au3"

Opt("MustDeclareVars", 1)
Global $sRead, $hFileHTM, $sFileHTM = @ScriptDir & "\Form.htm"
Global $sSite = "http://www.dailymotion.com/pageitem/authenticationContainer?request=/login?"
Global $hOpen = _WinHttpOpen("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6")

; Get connection handle
Global $hConnect = _WinHttpConnect($hOpen, "http://www.dailymotion.com")
$sRead=_WinHttpSimpleRequest($hConnect)
Global $hConnect = _WinHttpConnect($hOpen, $sSite)
$sRead=_WinHttpSimpleRequest($hConnect)



 $hFileHTM = FileOpen($sFileHTM, 2)
 FileWrite($hFileHTM, $sRead)
 FileClose($hFileHTM)
 ShellExecuteWait($sFileHTM)

It returns just a main page but doesnt lead to signin form. What am I dong wrong

Great thanx in advance!

Link to comment
Share on other sites

Thank you very much for such a great UDF.

I am trying to login in dailymotion site

#include "WinHttp.au3"

Opt("MustDeclareVars", 1)
Global $sRead, $hFileHTM, $sFileHTM = @ScriptDir & "\Form.htm"
Global $sSite = "http://www.dailymotion.com/pageitem/authenticationContainer?request=/login?"
Global $hOpen = _WinHttpOpen("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6")

; Get connection handle
Global $hConnect = _WinHttpConnect($hOpen, "http://www.dailymotion.com")
$sRead=_WinHttpSimpleRequest($hConnect)
Global $hConnect = _WinHttpConnect($hOpen, $sSite)
$sRead=_WinHttpSimpleRequest($hConnect)



 $hFileHTM = FileOpen($sFileHTM, 2)
 FileWrite($hFileHTM, $sRead)
 FileClose($hFileHTM)
 ShellExecuteWait($sFileHTM)

It returns just a main page but doesnt lead to signin form. What am I dong wrong

Great thanx in advance!

Try this:

#include "WinHttp.au3"

$sEmail = "your.mail@something.com" ; your mail
$sPassword = "password" ; your password

$hOpen = _WinHttpOpen()
$hConnect = _WinHttpConnect($hOpen, "http://www.dailymotion.com")

; Login
_WinHttpSimpleFormFill($hConnect, _
        "/pageitem/authenticationContainer?request=/login", _ ; login page
        "authentication_form", _ ; id of the form
        "authentication_form_username", $sEmail, _
        "authentication_form_password", $sPassword, _
        "authentication_form_authChoice_login", "login")

; After you've been logged-in, you can proceed further. All the cookies are automatically handled from now on ($hOpen and all the child handles carries auth info)
; See the index page. You should see your name somewhere there:
$sRead = _WinHttpSimpleRequest($hConnect)

; Go anywhere, do anything:
;...
;...


; After you're done close used handles
_WinHttpCloseHandle($hConnect)

; And finally close session handle
_WinHttpCloseHandle($hOpen)

;~ ConsoleWrite($sRead)

$sFileHTM = @ScriptDir & "\Form.htm"
$hFileHTM = FileOpen($sFileHTM, 2)
FileWrite($hFileHTM, $sRead)
FileClose($hFileHTM)
ShellExecuteWait($sFileHTM)

 

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

1) I wonder, is there a method to check if the request would work or not? For example, in your previous example there is a parameter.

"authentication_form_authChoice_login", "login"

How did you get that parameter?

2) Would it be the same for ssl, I mean is it enough to fire this

$sRead = _WinHttpSimpleSendSSLRequest($hConnect)

3)  _WinHttpSimpleFormFill - what should I do if the form doesn't have a name or id, but only classname?

Great thanx in advance

 

Edited by topten
added question 3
Link to comment
Share on other sites

1) I wonder, is there a method to check if the request would work or not? For example, in your previous example there is a parameter.

"authentication_form_authChoice_login", "login"

How did you get that parameter?

2) Would it be the same for ssl, I mean is it enough to fire this

$sRead = _WinHttpSimpleSendSSLRequest($hConnect)

3)  _WinHttpSimpleFormFill - what should I do if the form doesn't have a name or id, but only classname?

Great thanx in advance

 

I'd checked the source of the "/pageitem/authenticationContainer?request=/login" page. There are two radio buttons, only one should be set obviously, the one with id "authentication_form_authChoice_login" for login action.
To check if the request would work you could check the return of _WinHttpSimpleFormFill(), however that depends on server implementation. For example in this case server will return error, even if there's no error. My guess is that they do this deliberately (I would) because the api is written to use javascript's XMLHttpRequest in which case additional HTTP header is set "X-Requested-With: XMLHttpRequest". When server detects that header field it returns slightly different reply in order to notify the user that login was success:

;...
$sLoginRet = _WinHttpSimpleFormFill($hConnect, _
        "/pageitem/authenticationContainer?request=/login", _ ; login page
        "authentication_form", _ ; id of the form
        "authentication_form_username", $sEmail, _
        "authentication_form_password", $sPassword, _
        "authentication_form_authChoice_login", "login", _
        "X-Requested-With: XMLHttpRequest"); just to be able to confirm successful login)

ConsoleWrite($sLoginRet & @CRLF)
;...

...In this case you can check @error or @extended after calling _WinHttpSimpleFormFill. Former would be 0 and latter 200 (HTTP_STATUS_OK).

For SSL you have to specify the address as "https://...", and later use _WinHttpSimpleSSLRequest (notice that you wrote WinHttpSimpleSendSSLRequest).

If the form doesn't have "id" or "name" then you can use its index. First form on the page has index 0, second one has index 1, etc... It's e.g. "index:1". It's explained in detail in WinHttp's help file.
Classname is part of presentational layer of the web page, you shouldn't be using it to identify the form.

 

 

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

  • 5 weeks later...

Hi,

i am using you great UDF to communicate with my router (FritzBox, mainly used in Europe).

I made some scripts for that which you can find here _FB_Tools

The FritzBox webinterface allows downloads of some data, like a backup of the config or a phonebook.

I would like to make this work in my scripts as well, but i was not able to get it working.

In order to download a file backup of the current config i need to provide a password and submit a form. as a rasult i get a backup file.

Here is an example of how a download of the current config file looks like in an tcp sniffer:

POST /cgi-bin/firmwarecfg HTTP/1.1
Host: 192.168.118.4
User-Agent: some agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.118.4/
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------2803148312666
Content-Length: 369

-----------------------------2803148312666
Content-Disposition: form-data; name="sid"

e26f5a3e45073676
-----------------------------2803148312666
Content-Disposition: form-data; name="ImportExportPassword"

some password
-----------------------------2803148312666
Content-Disposition: form-data; name="ConfigExport"


-----------------------------2803148312666--

HTTP/1.1 200 OK
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-type: application/octet-stream;
Date: Thu, 08 Oct 2015 08:40:03 GMT
Keep-Alive: timeout=60, max=300
Content-Disposition: attachment; filename="FRITZ.Box 7490 113.06.36-31504LABOR_BETA_08.10.15_1040.export"


**** FRITZ!Box 7490 CONFIGURATION EXPORT
.more data

.more data

.more data

 

Is _WinHttpSimpleFormFill the right way to go (can i get the file and save it?) or do i need  a different approach?

Would be very nice if you could show me the way to go, thanks in advance !

Markus

 

Edited by Allow2010
Link to comment
Share on other sites

_WinHttpSimpleFormFill can do that in one step rather simply. I can write an example but unfortunately you aren't providing enough data. For example, how do you enter password (by filling the web form or like with http://trancexx.tk/basic/ ).

I sent you infos by PM.

The authentication is a bit more complicated, it is done by sending a SID (like an token or key) with the request.

Edited by Allow2010
Link to comment
Share on other sites

I use Winhttp to upload a file like this:

$sFileToUpload = @ScriptDir & "\test.mp3"

    Const $sForm = _
            '<form name="uploadform" method="POST" action="/cgi-bin/upload" enctype="multipart/form-data">' & _
            '<input type="file" name="File" value="">' & _
            '</form>'

    $hConnect = $sForm
    ; Fill form
    $sReturned = _WinHttpSimpleFormFill($hConnect, $hOpen, Default, "name:File", $sFileToUpload)

This works fine...

But i would like to set all formfields inside the form like this:

$sFileToUpload = @ScriptDir & "\test.mp3"

    Const $sForm = _
            '<form name="uploadform" method="POST" action="/cgi-bin/upload" enctype="multipart/form-data">' & _
            '<input type="file" name="File" value="' & $sFileToUpload & '">' & _
            '</form>'

    $hConnect = $sForm
    ; Fill form
    $sReturned = _WinHttpSimpleFormFill($hConnect, $hOpen, Default)

This does not work...

Can anyone explain to me why this does not work? Where is my mistake?

Link to comment
Share on other sites

One Problem solved, new one here :-)

I download a file using _WinHttpSimpleFormFill

It works fine, but i could not find a way to get the filename from the Headers without hacking WinHttpSimpleFormFill with a ugly global varibale

I did this almost at the end of WinHttpSimpleFormFill :
        Global $sDisp = _WinHttpQueryHeaders($hRequest, $WINHTTP_QUERY_CONTENT_DISPOSITION)
        Local $sReturned = _WinHttpSimpleReadData($hRequest)

now i can get the filename from the global $sDisp but this seems suboptimal to me..is there another way to do this?

An option to get the result as array like it is done with $fGetHeaders for _WinHttpSimpleRequest would be great...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...