Finding Login URL of a Web Page

[CSharpGuy]

Hey guys,
I've recently been developing a C# application for myself and a friend of mine and I've basically managed to code everything except one feature that basically gets the amount of credits that you have on your account from a site called getref.com.

To do this I need to either login the account via a Login URL by means of the WebClient Object in the .Net Framework which would look something like:

Code:

WebClient myClient = new WebClient();

string strRes = myClient.DownloadString("http://ww.getref.com/processlogin.asp?&txtUsername=<username>&txtPassword=<password>&login=Logon");

I can then simply parse the string strRes to find the amount of credits.

I can also try to login via an HttpWebRequest:

Code:

string User = "******";
string Pass = "******";

string url = "http://ww.getref.com/processlogin.asp";
string pdata = "&txtusername=" + User + "&txtpassword=" + Pass + "&login=Logon";

string strRes = SendWebRequest(url, pdata, 8, "");


private static string SendWebRequest(string Url, string PData, int Interval, string Referer)
{
    HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Url);
    if (PData != "")
    {
        req.Method = "POST";
        req.ContentType = "application/x-www-form-urlencoded";
        byte[] arrbytes = Encoding.ASCII.GetBytes(PData);
        req.ContentLength = arrbytes.Length;
        Stream reqStream = req.GetRequestStream();
        reqStream.Write(arrbytes, 0, arrbytes.Length);
        reqStream.Close();
    }
    if (Referer != "")
    {
        req.Referer = Referer;
    }
    req.Timeout = Interval * 0x3e8;
    HttpWebResponse httpresponse = (HttpWebResponse)req.GetResponse();
    StreamReader _streamreader = new StreamReader(httpresponse.GetResponseStream());

    return _streamreader.ReadToEnd().ToString();
}

Just like the other example I can then simply parse the string strRes to find the amount of credits as well.

My problem is that of finding the correct login Url to login or that of creating the right HttpWebRequest for logging in. :/

Does anyone know what I'm doing wrong?
Are my HTTP Headers incorrect?
Am I crafting my query properly?

Sorry if I'm doing a lot of stupid mistakes. I'm very inexperienced when it comes to web dev thats why I decided to ask the pros xD.

Thanks a lot.

Regards,
CSharpGuy.

[MicroBurn]

I can't speak much for the C#. It's been awhile.

Quote:

Does anyone know what I'm doing wrong?

Firstly, you're passing the password in plain text. That's a no-no, at least for me. Generally passing a username and password in the URL via a GET request is a bad thing, and it's frowned upon (at least, it is by me).

It looks to me like the SendwebRequest is sending the username and password via POST, but the processLogin.asp wants it via GET.

But, first things first. Encrypt the password before you send it. I'll help you out some more when I'm not at work... :/

[oofki]

- The plain password is fine if you are making a request to the https page not the http one.

- Use a cookie container that is attached to every request you make

- Request the login page before you post to it (in order to get the cookies it sets on visit) using GET

- Use the same cookie container you used in the GET and post the user/pass but encode it in ascii first.

- Take the & off of the first argument aka &txtusername= should be just txtusername=

- You may need to spoof the browser because they do not want automated requests.

[CSharpGuy]

Thank a lot guys your post have been a tremendous amount of help.

Am kind of understanding how these things work.
Gonna do some more research/thinking to hopefully create this feature...
Till then any advise will be greatly appreciated.