July 12th, 2009 10:08 PM
Finding Login URL of a Web Page
I've recently been developing a C# application for myself and a friend of mine and I've basically managed to code everything except one feature that basically gets the amount of credits that you have on your account from a site called getref.com.
To do this I need to either login the account via a Login URL by means of the WebClient Object in the .Net Framework which would look something like:
I can then simply parse the string strRes to find the amount of credits.
WebClient myClient = new WebClient();
string strRes = myClient.DownloadString("http://ww.getref.com/processlogin.asp?&txtUsername=<username>&txtPassword=<password>&login=Logon");
I can also try to login via an HttpWebRequest:
Just like the other example I can then simply parse the string strRes to find the amount of credits as well.
string User = "******";
string Pass = "******";
string url = "http://ww.getref.com/processlogin.asp";
string pdata = "&txtusername=" + User + "&txtpassword=" + Pass + "&login=Logon";
string strRes = SendWebRequest(url, pdata, 8, "");
private static string SendWebRequest(string Url, string PData, int Interval, string Referer)
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Url);
if (PData != "")
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
byte arrbytes = Encoding.ASCII.GetBytes(PData);
req.ContentLength = arrbytes.Length;
Stream reqStream = req.GetRequestStream();
reqStream.Write(arrbytes, 0, arrbytes.Length);
if (Referer != "")
req.Referer = Referer;
req.Timeout = Interval * 0x3e8;
HttpWebResponse httpresponse = (HttpWebResponse)req.GetResponse();
StreamReader _streamreader = new StreamReader(httpresponse.GetResponseStream());
My problem is that of finding the correct login Url to login or that of creating the right HttpWebRequest for logging in. :/
Does anyone know what I'm doing wrong?
Are my HTTP Headers incorrect?
Am I crafting my query properly?
Sorry if I'm doing a lot of stupid mistakes. I'm very inexperienced when it comes to web dev thats why I decided to ask the pros xD.
Thanks a lot.
July 14th, 2009 07:16 PM
I can't speak much for the C#. It's been awhile.
Firstly, you're passing the password in plain text. That's a no-no, at least for me. Generally passing a username and password in the URL via a GET request is a bad thing, and it's frowned upon (at least, it is by me).
Does anyone know what I'm doing wrong?
It looks to me like the SendwebRequest is sending the username and password via POST, but the processLogin.asp wants it via GET.
But, first things first. Encrypt the password before you send it. I'll help you out some more when I'm not at work... :/
July 14th, 2009 10:21 PM
- The plain password is fine if you are making a request to the https page not the http one.
- Use a cookie container that is attached to every request you make
- Request the login page before you post to it (in order to get the cookies it sets on visit) using GET
- Use the same cookie container you used in the GET and post the user/pass but encode it in ascii first.
- Take the & off of the first argument aka &txtusername= should be just txtusername=
- You may need to spoof the browser because they do not want automated requests.
July 14th, 2009 10:49 PM
Thank a lot guys your post have been a tremendous amount of help.
Am kind of understanding how these things work.
Gonna do some more research/thinking to hopefully create this feature...
Till then any advise will be greatly appreciated.
By k_tech in forum Newbie Security Questions
Last Post: March 27th, 2008, 12:16 PM
By Nokia in forum Tips and Tricks
Last Post: June 12th, 2004, 05:36 PM
By LarrySmith in forum Site Feedback/Questions/Suggestions
Last Post: October 17th, 2003, 06:51 PM
By R0n1n in forum *nix Security Discussions
Last Post: November 20th, 2002, 01:20 PM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 08:38 AM