Forum > Networking and Web Programming

Problem with log-in to a site using idhttp

(1/1)

Ahmadi3D_Ali:
Hello
To write an automatic login using IdHTTP, i usually analyze a site using Fiddler or HTTPAnalyzer tools and then i check the POSTS it sends and what kinda information it sends and i try to imitate that, recently i ran into problem with one of the sites i wanted to login to, this particular site didn't have any POST data but in the textview section i did see an unstandard json being sent (in HTTP Analyzer this was in the raw stream tab), something like this: 
{user: "some user in base64 format", pass: "some password in base64 format"} and a few other parameters. 
Because the json is unstandard i made it manually saved it in a file and then i assigned it to an TStringstream like this:

--- Code: Pascal  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---loader := TStringList.Create;loader.LoadFromFile('jsonWithCustomFormat.txt');jsonRequest := TStringStream.Create(loader[0], TEncoding.UTF8); 
After that i set the refer to the login page and content type to 'application/json' like this : 

--- Code: Pascal  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---idHttp.Request.Referer := 'myLoginPageURL';  idHttp.Request.ContentType := 'application/json'Finally i sent the post

--- Code: Pascal  [+][-]window.onload = function(){var x1 = document.getElementById("main_content_section"); if (x1) { var x = document.getElementsByClassName("geshi");for (var i = 0; i < x.length; i++) { x[i].style.maxHeight='none'; x[i].style.height = Math.min(x[i].clientHeight+15,306)+'px'; x[i].style.resize = "vertical";}};} ---idhttp.Post(URL, jsonRequest, ms);But i was unable to successfully login to the site ..., using what i just describe results in error:
https://i.stack.imgur.com/PGFml.jpg

I also tried a few other combination of sending the POST but i was unsuccessful, i also made a question in Stackoverflow about this which didn't result in an answer after weeks, here is the link to the question https://stackoverflow.com/questions/53906038/problem-with-login-using-idhttp-the-website-doesnt-send-any-username-and-passw
In the end due to the request from my client i am unable to share the site URL, but sharing it privately shouldn't be an issue, so if you really can't help me with the information i provided so far, please tell me so i can send you the URL to the site through a private message
I have been stuck solving this issue for a while so any tip help is much much appreciated !
Thanks.

engkin:
Your base64 encoded strings are not padded properly. Or the server does not want padded strings.

Remy Lebeau:
You already posted the same question on StackOverflow, and got ZERO replies after 4 days.  Even considering the holiday season, SO has pretty high traffic, and your question has been viewed 50 times without a single comment.  So, don't you think maybe there is a problem in how you are presenting the issue to people, which makes it hard for them to help you?  But, an error message that says "padding is invalid" is a pretty clear indication that the base64 data you are posting is malformed.  Your earlier question on StackOverflow already came to that same conclusion, when the server reported a "input is not a valid Base-64 string" error to you.  So you are clearly not handling base64 correctly in your code.  You need to go back to basics, and just focus on working with base64 by itself, make sure you can encode AND decode a piece of arbitrary data without data loss, before you start transmitting base64 encoded data to other systems.

Ahmadi3D_Ali:

--- Quote from: Remy Lebeau on December 28, 2018, 01:04:06 am ---You already posted the same question on StackOverflow, and got ZERO replies after 4 days.  Even considering the holiday season, SO has pretty high traffic, and your question has been viewed 50 times without a single comment.  So, don't you think maybe there is a problem in how you are presenting the issue to people, which makes it hard for them to help you?  But, an error message that says "padding is invalid" is a pretty clear indication that the base64 data you are posting is malformed.  Your earlier question on StackOverflow already came to that same conclusion, when the server reported a "input is not a valid Base-64 string" error to you.  So you are clearly not handling base64 correctly in your code.  You need to go back to basics, and just focus on working with base64 by itself, make sure you can encode AND decode a piece of arbitrary data without data loss, before you start transmitting base64 encoded data to other systems.

--- End quote ---

I double checked and triple checked every thing i POST, i even used "Beyond Compare" which is used for comparing data and text and ..., but i couldn't find any difference except some cookies, of course the user and password do change each time which probably means they encode a sum of user + time and password + time and then encode those and then send it.
In the end i don't understand why my base64 padding is malformed, what i send should be exactly like what the browser sends.
By the way, i did send you the site's real URL through private message, is it possible for you to try a login ? maybe you can see what i don't, thanks.

Navigation

[0] Message Index

Go to full version