I have VBA code which allows me to successfully submit my login credentials via POST method. Unfortunately the website uses security questions whenever a different login pattern is detected and the question appears in POST request response text, also I receive email notification about new sign in. I had the security questions before, while using manual logins, after logging through different browser or clearing cache.
I guessed that cookies could be the solution, but when I used:
.sendRequestHeader "Cookie", myCookieString
with the same cookie string which is sent via manual login POST request, I also received 200 status response. What can I do to login directly, so that no security questions are asked?
Also, are "Cache-Control", "Pragma" and "User-Agent" RequestHeaders any use in my code?
Option Explicit
Sub GuruLogin()
Dim viewStateGen As String, viewState As String
Dim htmlDoc As New HTMLDocument
Dim allParams As Variant 'string generates invalid parameter error
Dim serverXMLHTTP As Object 'XMLHTTP causes access denied error on .send
Set serverXMLHTTP = CreateObject("MSXML2.serverXMLHTTP")
With serverXMLHTTP
.Open "GET", "https://www.guru.com/login.aspx", False
.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
.setRequestHeader "Cache-Control", "no-cache"
.setRequestHeader "Pragma", "no-cache"
.setRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
.send
htmlDoc.body.innerHTML = .responseText
With htmlDoc
viewStateGen = .getElementById("__VIEWSTATEGENERATOR").Value
viewState = EncodeURL(.getElementById("__VIEWSTATE").Value)
End With
End With
With serverXMLHTTP
.Open "POST", "https://www.guru.com/login.aspx", False
.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
.setRequestHeader "Cache-Control", "no-cache"
.setRequestHeader "Pragma", "no-cache"
.setRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0"
allParams = "ctl00_scriptMgr_HiddenField=&__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&" & _
"__VIEWSTATE=" & viewState & "&__VIEWSTATEGENERATOR=" & viewStateGen & "&ctl00%24scriptMgr=&" & _
"ctl00%24ContentPlaceHolder1%24ucLogin%24txtUserName%24txtUserName_TextBox=mygmailname%40gmail.com&" & _
"ctl00%24ContentPlaceHolder1%24ucLogin%24txtPassword%24txtPassword_TextBox=mygurupassword&" & _
"ctl00%24ContentPlaceHolder1%24btnLoginAccount%24btnLoginAccount_Button=Sign+In&" & _
"ctl00%24ContentPlaceHolder1%24hdnLinkedInClntID=77aj4w1f86tc9b&" & _
"ctl00%24ContentPlaceHolder1%24hdnGooglePlusClntID=130090623010-1785qcncrqfi1uv1ge0btt8nspiv2spj.apps.googleusercontent.com&" & _
"ctl00%24ContentPlaceHolder1%24hdnFacebookClntID=797387497025842&" & _
"ctl00%24hdnGuid=GUID"
.send allParams
If .Status <> 302 Then Debug.Print "login error, status " & .Status '302 = redirect (success), 200 = login error
End With
End Sub
Function used to properly encode viewState string:
Public Function EncodeURL(inputURL As String) As String 'in Excel 2013+ there is WorksheetFunction.EncodeUrl(InputString)
Static EncoderScriptEngine As Object
If EncoderScriptEngine Is Nothing Then Set EncoderScriptEngine = CreateObject("ScriptControl")
With EncoderScriptEngine
.Language = "JScript"
EncodeURL = .Run("encodeURIComponent", inputURL)
End With
End Function
I have solved this issue, it was quite trivial.
I followed the advice in similar threads and installed a free tool called Telerik Fiddler to troubleshoot requests. To make my requests from macros be visible for this program, I had to use this line:
WinHttp.setProxy 2, "127.0.0.1:8888" 'make the request be detected by Fiddler
If you want to see requests from Firefox or avoid https site security alerts when Fiddler is on, follow great tutorials on developer's website.
By comparing manual login requests and automated ones, my obvious mistake has shown:
Security answer page was the result of POST redirecting me to the main page automatically, what means without response cookie. Lack of this cookie caused the next redirect - to security question page. I'll need to disable auto redirects, get the response cookie from POST and send GET request to the main page.
Related
Simple pull of search tweets needed an I'm getting stuck trying to obtain a bearer token via a classic ASP post.
The server is responding with 403 Unable to verify your credentials
I'm obviously fluid on ASP server side form post so any suggestions would be appreciated. Thanks.
Dim consumerKey,consumerSecret,myCstr
consumerKey = "abc..."
consumerSecret = "123..."
myCstr = base64_encode(consumerKey & ":" & consumerSecret)
myAuth = "Basic "&myCstr
Dim xmlhttp
Set xmlhttp = server.Createobject("MSXML2.ServerXMLHTTP")
xmlhttp.Open "POST","https://api.twitter.com/oauth2/token",false
xmlhttp.setRequestHeader "User-Agent","HTTP/1.1"
xmlhttp.setRequestHeader "Authorization", myAuth
xmlhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded;charset=UTF-8"
xmlhttp.send "grant_type=client_credentials"
I resolved it... I needed two equal signs at the end of the end of the base64 string.
That wasn't really very clear in the twitter API docs.
I grabbed this example from w3school, however when I add an if statement to check if the email has been sent, it displays the false code even though I receive the email.
Im not sure how asp works, but I'm assuming myMail returns a boolean? Or does it not? How do I check if the email has been sent.
<%
Set myMail=CreateObject("CDO.Message")
myMail.Subject="Sending email with CDO"
myMail.From="mymail#mydomain.com"
myMail.To="examplek#exm.com"
myMail.HTMLBody = "<h1>This is a message.</h1>"
If myMail.Send Then
Response.AddHeader "Content-type", "application/json"
Response.Write "{ request: 'success'}"
Else
Response.AddHeader "Content-type", "application/json"
Response.Write "{ request: 'failed'}"
End If
set myMail=nothing
%>
The .Send method just simply sends the message without returning a response.
You can handle an error raised by a failure to send the message something like the code below:
On Error Resume Next
myMail.Send
If Err.Number = 0 then
Response.ContentType="application/json"
Response.Write "{ request: 'success'}"
Else
Response.ContentType="application/json"
Response.Write "{ request: 'failed'}"
End If
I would like to use the Pingdom REST API from Classic ASP, but the following code:-
' setup the URL
baseUrl = "https://api.pingdom.com/api/2.0/checks"
' setup the request and authorization
Set http = Server.CreateObject("MSXML2.ServerXMLHTTP")
http.open "GET", baseUrl, False
http.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
http.setRequestHeader "userpwd", "aaaaaaaaaaaaaaaaaaaaaaa:bbbbbbbbbbb"
http.setRequestHeader "App-Key", "ccccccccccccccccccccccccccccccc"
' send the HTTP data
http.send
gives me the error:-
{"error":{"statuscode":401,"statusdesc":"Unauthorized","errormessage":"User credentials missing"}}
so my authentication isnt being passed correctly, and it looks like it should NOT be passed in the requestheader, but I'm not sure how it should be done.
Thanks
Thanks for Alex K. and for the benefit of others, the correct syntax is:-
' setup the URL
baseUrl = "https://api.pingdom.com/api/2.0/checks"
Response.Write fullUrl
' setup the request and authorization
Set http = Server.CreateObject("MSXML2.ServerXMLHTTP")
http.open "GET", baseUrl, False, "emailaddress", "password"
http.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
http.setRequestHeader "App-Key", "keykeykeykeykeykeykeykeykeykey"
' send the HTTP data
http.send
:-)
https://api.pingdom.com/api/2.0/checks is using Basic Authentication so you need to pass your credentials in the .open call.
I am trying to build an application where i can upload files to youtube.
I have gotten OAuth working, and Youtube is returning a session!
The problem i am having is, youtube requires i make an XMLHTTP POST to get a url where i can upload through my web page.
I have no idea how to make an XMLHTTP Post with the extra parameters youtube requires.
They have code samples in PHP and .net both of which i dont understand yet :(
This is where i am stuck:
http://code.google.com/apis/youtube/2.0/developers_guide_protocol_browser_based_uploading.html#Sending_a_Browser_Upload_API_Request
I dont know how to Format an xml http command to have all those variables youtube wants.
Please help...
here is what they want..
POST /action/GetUploadToken HTTP/1.1
Host: gdata.youtube.com
Authorization: AuthSub token="DXAA...sdb8"
GData-Version: 2
X-GData-Key: key=adf15ee97731bca89da876c...a8dc
Content-Length: 1941255
Content-Type: application/atom+xml; charset=UTF-8
<?xml version="1.0"?>
<entry xmlns="http://www.w3.org/2005/Atom"
xmlns:media="http://search.yahoo.com/mrss/"
xmlns:yt="http://gdata.youtube.com/schemas/2007">
<media:group>
<media:title type="plain">Bad Wedding Toast</media:title>
<media:description type="plain">
I gave a bad toast at my friend's wedding.
</media:description>
<media:category
scheme="http://gdata.youtube.com/schemas/2007/categories.cat">People
</media:category>
<media:keywords>toast, wedding</media:keywords>
</media:group>
</entry>
Here is the code i have now:
I think i need the Headers?
When i post it i get a response of not authorized.
I also tried to create an old html and try that but it does not work...
Have no idea how those paramenters are sent:
Here is what i got
Set xmlHttp = CreateObject("MSXML2.ServerXMLHTTP")
URLString = "http://gdata.youtube.com/action/GetUploadToken"
SendString = ""
SendString = SendString & "Authorization: AuthSub token=" & token
xmlHttp.open "POST", URLString & "?" & SendString
xmlHttp.setRequestHeader "Host:", "gdata.youtube.com"
xmlHttp.setRequestHeader "Authorization: AuthSub token=", token
xmlHttp.setRequestHeader "GData-Version:", "2"
xmlHttp.setRequestHeader "Content-Length:", "<content_length>"
xmlHttp.setRequestHeader "Content-Type", "application/atom+xml; charset=UTF-"
xmlHttp.send SendString
If xmlHttp.Status >= 400 And xmlHttp.Status <= 599 Then
Response.Write "<BR><BR><BR>Error Occured: " & xmlHttp.statusText
Else
' ReturnData = Replace(xmlHttp.responseText, "&", ",")
Response.Write "<BR><BR><BR>WENT GOOD?<BR>" & xmlHttp.responseText
End If
First, setRequestHeader doesn't take a colon. It should just be
xmlHttp.setRequestHeader "Host", "gdata.youtube.com"
xmlHttp.setRequestHeader "Authorization", "AuthSub token=" & token
xmlHttp.setRequestHeader "GData-Version", "2"
xmlHttp.setRequestHeader "Content-Length", "<content_length>" <-- THIS IS IMPORTANT!
xmlHttp.setRequestHeader "Content-Type", "application/atom+xml; charset=UTF-8"
Next, are you sending the correct content-length? This NEEDS to be accurate.
I assume the missing "8" from your Content-Type header at the end was a typo.
Finally, you NEED to install Fiddler right away and make your life simpler.
I am sending an XML content via HTTP Post from Access VBA to Web Methods, using XMLHTTP object in MSXML. Here is the Code.
Dim objXmlHttp As Object
Set objXmlHttp = CreateObject("MSXML2.ServerXMLHTTP")
objXmlHttp.Open "POST", webServicePath, False
objXmlHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
Dim Response As String
objXmlHttp.send wrt.output
'OK status
If objXmlHttp.Status = 200 Then
Response = objXmlHttp.responseText
End If
Set objXmlHttp = Nothing
I am getting the XML with "<" and ">" instead of < and >.
If I try to do URL encoding, everything is received as ASCII text in the Recipient side.
Can you please guide what I need to do to get the valid XML format.
You need to set the content-type correctly, try this instead:
objXmlHttp.setRequestHeader "Content-Type", "text/xml; charset=""utf-8"""