Results 1 to 4 of 4

Thread: Finding Login URL of a Web Page

  1. #1
    Junior Member
    Join Date
    Jul 2009
    Posts
    2

    Finding Login URL of a Web Page

    Hey guys,
    I've recently been developing a C# application for myself and a friend of mine and I've basically managed to code everything except one feature that basically gets the amount of credits that you have on your account from a site called getref.com.

    To do this I need to either login the account via a Login URL by means of the WebClient Object in the .Net Framework which would look something like:

    Code:
    WebClient myClient = new WebClient();
    
    string strRes = myClient.DownloadString("http://ww.getref.com/processlogin.asp?&txtUsername=<username>&txtPassword=<password>&login=Logon");
    I can then simply parse the string strRes to find the amount of credits.

    I can also try to login via an HttpWebRequest:

    Code:
    string User = "******";
    string Pass = "******";
    
    string url = "http://ww.getref.com/processlogin.asp";
    string pdata = "&txtusername=" + User + "&txtpassword=" + Pass + "&login=Logon";
    
    string strRes = SendWebRequest(url, pdata, 8, "");
    
    
    private static string SendWebRequest(string Url, string PData, int Interval, string Referer)
    {
        HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Url);
        if (PData != "")
        {
            req.Method = "POST";
            req.ContentType = "application/x-www-form-urlencoded";
            byte[] arrbytes = Encoding.ASCII.GetBytes(PData);
            req.ContentLength = arrbytes.Length;
            Stream reqStream = req.GetRequestStream();
            reqStream.Write(arrbytes, 0, arrbytes.Length);
            reqStream.Close();
        }
        if (Referer != "")
        {
            req.Referer = Referer;
        }
        req.Timeout = Interval * 0x3e8;
        HttpWebResponse httpresponse = (HttpWebResponse)req.GetResponse();
        StreamReader _streamreader = new StreamReader(httpresponse.GetResponseStream());
    
        return _streamreader.ReadToEnd().ToString();
    }
    Just like the other example I can then simply parse the string strRes to find the amount of credits as well.

    My problem is that of finding the correct login Url to login or that of creating the right HttpWebRequest for logging in. :/

    Does anyone know what I'm doing wrong?
    Are my HTTP Headers incorrect?
    Am I crafting my query properly?

    Sorry if I'm doing a lot of stupid mistakes. I'm very inexperienced when it comes to web dev thats why I decided to ask the pros xD.

    Thanks a lot.

    Regards,
    CSharpGuy.

  2. #2
    Developer Extraordinar
    Join Date
    Jul 2002
    Location
    On the IRC
    Posts
    572
    I can't speak much for the C#. It's been awhile.

    Does anyone know what I'm doing wrong?
    Firstly, you're passing the password in plain text. That's a no-no, at least for me. Generally passing a username and password in the URL via a GET request is a bad thing, and it's frowned upon (at least, it is by me).

    It looks to me like the SendwebRequest is sending the username and password via POST, but the processLogin.asp wants it via GET.

    But, first things first. Encrypt the password before you send it. I'll help you out some more when I'm not at work... :/

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    - The plain password is fine if you are making a request to the https page not the http one.

    - Use a cookie container that is attached to every request you make

    - Request the login page before you post to it (in order to get the cookies it sets on visit) using GET

    - Use the same cookie container you used in the GET and post the user/pass but encode it in ascii first.

    - Take the & off of the first argument aka &txtusername= should be just txtusername=

    - You may need to spoof the browser because they do not want automated requests.

  4. #4
    Junior Member
    Join Date
    Jul 2009
    Posts
    2
    Thank a lot guys your post have been a tremendous amount of help.

    Am kind of understanding how these things work.
    Gonna do some more research/thinking to hopefully create this feature...
    Till then any advise will be greatly appreciated.

Similar Threads

  1. http login page and tcpdump..
    By k_tech in forum Newbie Security Questions
    Replies: 2
    Last Post: March 27th, 2008, 12:16 PM
  2. Genral Windows Tips
    By Nokia in forum Tips and Tricks
    Replies: 0
    Last Post: June 12th, 2004, 05:36 PM
  3. Tutorial Index page
    By LarrySmith in forum Site Feedback/Questions/Suggestions
    Replies: 1
    Last Post: October 17th, 2003, 06:51 PM
  4. Solaris Hardening
    By R0n1n in forum *nix Security Discussions
    Replies: 3
    Last Post: November 20th, 2002, 02:20 PM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •