发表新帖
发表新帖

How to do logins using the WinHttpRequest COM?

前端 未结
关注
1 1853
我寻月下人不归
我寻月下人不归 2020-12-18 09:08

You can see lots of people automating things on websites using mouseclick and keystroke simulation on browser windows or using the IE COM, but for some applications you don\

相关标签:
1条回答
  • 北荒
    2020-12-18 09:25

    I already posted this on the AHK forums, but I think the information is useful enough to get archived on Stackoverflow as well. :)

    Tools & getting started

    First of all, if you want to do things like logins, you should probably learn some HTML and the basics about the HTTP protocol. Fiddler and SetProxy(2,"localhost:8888") will help you A LOT with the debugging and reverse engineering. I also recommend using an add on for your browser to quickly clean your cookies.

    Example 1 (IP Board forums)

    Okay, now let's take a look at some examples. What would a login to the autohotkey.com forum look like?
    To reverse engineer the login of taht site I simply analyzed the browsers HTTP requests to autohotkey.com (use Fiddler or F12 in your browser for that) and by some trial and error I was able to minimize it to the basics. We need exactly two requests and the login needs one request header, as well as 3 POST data parameters.

    Here is what we are basically gonna do:

    1. Do a simple GET request on http://www.autohotkey.com/board/index.php?app=core&module=global&section=login
    2. Extract the auth_key parameter form the login form from the response body (ResponseText)
    3. Create the POST data string containing the auth_key parameter as well as the username, password and rememberMe parameter for the login
    4. Set the Content-Type header for the next request
    5. Send the POST data string to http://www.autohotkey.com/board/index.php?app=core&module=global&section=login&do=process
    6. Analyze the response body checking if the HTML documents title starts with the words "Sign In". If so, then you're obviously not signed in (the login failed/wrong login data). If the title is different, then the login was successfull.

    Example 1 code 

    ;Prepare our WinHttpRequest object
HttpObj := ComObjCreate("WinHttp.WinHttpRequest.5.1")
;HttpObj.SetProxy(2,"localhost:8888") ;Send data through Fiddler
HttpObj.SetTimeouts(6000,6000,6000,6000) ;Set timeouts to 6 seconds
;HttpObj.Option(6) := False ;disable location-header rediects

;Set our URLs
loginSiteURL := "http://www.autohotkey.com/board/index.php?app=core&module=global&section=login"
loginURL := "http://www.autohotkey.com/board/index.php?app=core&module=global&section=login&do=process"

;Set our login data
username := "Brutosozialprodukt"
password := "xxxxxxxxxxxxxx"
rememberMe := "1"

;Step 1
HttpObj.Open("GET",loginSiteURL)
HttpObj.Send()

;Step 2
RegExMatch(HttpObj.ResponseText,"<input\stype='hidden'\sname='auth_key'\svalue='(\w+)'\s/>",match)
auth_key := match1

;Step 3
loginBody := "auth_key=" auth_key "&ips_username=" username "&ips_password=" password "&rememberMe=" rememberMe

;Step 4/5
HttpObj.Open("POST",loginURL)
HttpObj.SetRequestHeader("Content-Type","application/x-www-form-urlencoded")
HttpObj.Send(loginBody)

;Step 6
If (InStr(HttpObj.ResponseText,"<title>Sign In"))
    MsgBox, The login failed!
Else
    MsgBox, Login was successfull!

    This will probably work for most IPB forums if change the URLs properly.

    Example 2 (phpbb forums)

    Let's do another login to the new/other AHK forum (this will be much easier).

    1. Create the POST data containing username, password and the autologin parameter
    2. Set the Content-Type header
    3. Send the POST data to http://ahkscript.org/boards/ucp.php?mode=login
    4. Analyze the response body checking if the HTML documents title starts with the word "Login". If so, then you're obviously not logged in yet (the login failed/wrong login data). If the title is different, then the login was successfull.

    Example 2 code 

    ;Prepare our WinHttpRequest object
HttpObj := ComObjCreate("WinHttp.WinHttpRequest.5.1")
;HttpObj.SetProxy(2,"localhost:8888") ;Send data through Fiddler
HttpObj.SetTimeouts(6000,6000,6000,6000) ;Set timeouts to 6 seconds
;HttpObj.Option(6) := False ;disable location-header rediects

;Set our URLs
loginURL := "http://ahkscript.org/boards/ucp.php?mode=login"

;Set our login data
username := "Brutosozialprodukt"
password := "xxxxxxxxxxxxxx"
autologin := "on"

;Step 1
loginBody := "username=" username "&password=" password "&autologin=" autologin "&login=Login"

;Step 2/3
HttpObj.Open("POST",loginURL)
HttpObj.SetRequestHeader("Content-Type","application/x-www-form-urlencoded")
HttpObj.Send(loginBody)

;Step 4
If (InStr(HttpObj.ResponseText,"<title>Login"))
    MsgBox, The login failed!
Else
    MsgBox, Login was successfull!

    This will probably work for most phpbb forums if change the URLs properly.

    0 讨论(0)
 看不清?
提交回复
热议问题