[How To] Do logins using the WinHttpRequest COM
Posted: 22 Jul 2014, 08:09
I just realized that the WinHttpRequest object has built in cookie handling. And since so many people had trouble doing logins using the WinHttpRequest COM and we always thought that this would be because of the cookies, I'm now giving you two working, very well explained login examples, as well as some tips on how to get started reverseengineering HTML / HTTP-Requests.
If you want to do complicated things like logins, then you should really learn some HTML and the basics about the HTTP protocol. Fiddler and SetProxy(2,"localhost:8888") will help you A LOT with the debugging. I also recommend using an add on for your browser to quickly clean your cookies.
To reverse engineer the AHK forum login I simply analyzed the browsers HTTP requests to autohotkey.com and by some trial and error I was able to minimize it to the basics. We need exactly two requests and the login needs one request headers and 3 POST data parameters.
So let's do this login to the AHK forums. (Note: the first example is about the forum on autohotkey.com)
Step 1. Do a simple GET request on http://www.autohotkey.com/board/index.p ... tion=login
Step 2. Extract the auth_key parameter form the login form from the response body (ResponseText)
Step 3. Create the POST data string containing the auth_key parameter as well as the username, password and rememberMe parameter for the login
Step 4. Set the Content-Type header for the next request
Step 5. Send the POST data string to http://www.autohotkey.com/board/index.p ... do=process
Step 6. Analyze the response body checking if the HTML documents title starts with the words "Sign In". If so, then you're obviously not signed in (the login failed/wrong login data). If the title is different, then the login was successfull.
This will probably work for most IPB forums if change the URLs properly. For other sites this will be probably look very different.
But okay, let's do another login to the new/other AHK forum (this will be much easier).
Step 1. Create the POST data containing username, password and the autologin parameter
Step 2. Set the Content-Type header
Step 3. Send the POST data to http://ahkscript.org/boards/ucp.php?mode=login
Step 4. Analyze the response body checking if the HTML documents title starts with the word "Login". If so, then you're obviously not logged in yet (the login failed/wrong login data). If the title is different, then the login was successfull.
Any questions? I will try to answer them the next time I'm here.
You may also read the existing answers in this thread or the one on the other forum.
If you want to do complicated things like logins, then you should really learn some HTML and the basics about the HTTP protocol. Fiddler and SetProxy(2,"localhost:8888") will help you A LOT with the debugging. I also recommend using an add on for your browser to quickly clean your cookies.
To reverse engineer the AHK forum login I simply analyzed the browsers HTTP requests to autohotkey.com and by some trial and error I was able to minimize it to the basics. We need exactly two requests and the login needs one request headers and 3 POST data parameters.
So let's do this login to the AHK forums. (Note: the first example is about the forum on autohotkey.com)
Step 1. Do a simple GET request on http://www.autohotkey.com/board/index.p ... tion=login
Step 2. Extract the auth_key parameter form the login form from the response body (ResponseText)
Step 3. Create the POST data string containing the auth_key parameter as well as the username, password and rememberMe parameter for the login
Step 4. Set the Content-Type header for the next request
Step 5. Send the POST data string to http://www.autohotkey.com/board/index.p ... do=process
Step 6. Analyze the response body checking if the HTML documents title starts with the words "Sign In". If so, then you're obviously not signed in (the login failed/wrong login data). If the title is different, then the login was successfull.
Code: Select all
;Prepare our WinHttpRequest object
HttpObj := ComObjCreate("WinHttp.WinHttpRequest.5.1")
;HttpObj.SetProxy(2,"localhost:8888") ;Send data through Fiddler
HttpObj.SetTimeouts(6000,6000,6000,6000) ;Set timeouts to 6 seconds
;HttpObj.Option(6) := False ;disable location-header rediects
;Set our URLs
loginSiteURL := "http://www.autohotkey.com/board/index.php?app=core&module=global§ion=login"
loginURL := "http://www.autohotkey.com/board/index.php?app=core&module=global§ion=login&do=process"
;Set our login data
username := "Brutosozialprodukt"
password := "xxxxxxxxxxxxxx"
rememberMe := "1"
;Step 1
HttpObj.Open("GET",loginSiteURL)
HttpObj.Send()
;Step 2
RegExMatch(HttpObj.ResponseText,"<input\stype='hidden'\sname='auth_key'\svalue='(\w+)'\s/>",match)
auth_key := match1
;Step 3
loginBody := "auth_key=" auth_key "&ips_username=" username "&ips_password=" password "&rememberMe=" rememberMe
;Step 4/5
HttpObj.Open("POST",loginURL)
HttpObj.SetRequestHeader("Content-Type","application/x-www-form-urlencoded")
HttpObj.Send(loginBody)
;Step 6
If (InStr(HttpObj.ResponseText,"<title>Sign In"))
MsgBox, The login failed!
Else
MsgBox, Login was successfull!
But okay, let's do another login to the new/other AHK forum (this will be much easier).
Step 1. Create the POST data containing username, password and the autologin parameter
Step 2. Set the Content-Type header
Step 3. Send the POST data to http://ahkscript.org/boards/ucp.php?mode=login
Step 4. Analyze the response body checking if the HTML documents title starts with the word "Login". If so, then you're obviously not logged in yet (the login failed/wrong login data). If the title is different, then the login was successfull.
Code: Select all
;Prepare our WinHttpRequest object
HttpObj := ComObjCreate("WinHttp.WinHttpRequest.5.1")
;HttpObj.SetProxy(2,"localhost:8888") ;Send data through Fiddler
HttpObj.SetTimeouts(6000,6000,6000,6000) ;Set timeouts to 6 seconds
;HttpObj.Option(6) := False ;disable location-header rediects
;Set our URLs
loginURL := "http://ahkscript.org/boards/ucp.php?mode=login"
;Set our login data
username := "Brutosozialprodukt"
password := "xxxxxxxxxxxxxx"
autologin := "on"
;Step 1
loginBody := "username=" username "&password=" password "&autologin=" autologin "&login=Login"
;Step 2/3
HttpObj.Open("POST",loginURL)
HttpObj.SetRequestHeader("Content-Type","application/x-www-form-urlencoded")
HttpObj.Send(loginBody)
;Step 4
If (InStr(HttpObj.ResponseText,"<title>Login"))
MsgBox, The login failed!
Else
MsgBox, Login was successfull!
You may also read the existing answers in this thread or the one on the other forum.