1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help New Myspace Login Using Httpwebrequest

Discussion in 'Visual Basic .NET' started by kill4, Nov 21, 2013.

  1. kill4

    kill4 Regular Member

    Joined:
    May 11, 2009
    Messages:
    243
    Likes Received:
    42
    Location:
    Texas
    Has anyone accomplished this yet? Im trying to do this programmatically in vb.net using httpwebrequest. There is this variable that i can just figure out how its generated. If you go to https://myspace.com/signin you will see in the source code this.

    Code:
    pggd":"37fd02c4-dda4-4a55-9f02-348789968d24","pageId":"37fd02c4-dda4-4a55-9f02-348789968d24"
    
    of course when you request the page the values of pggd, and pageid will be different. any why after requesting the myspace sign up page, there are two more request that are fired off. The first one is this

    Code:
    POST https://myspace.com/beacon/v3 HTTP/1.1
    Host: myspace.com
    User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Hash: YzZlOTNkNGMzMTRlZTE2M8Kqw4sgwrTCrsOiPcO0OsO7w4cqGcKpw5sQwqTCqEcqwqBiwrsWwqdybsOjZsK3woB/A8Opw57CoFo+wqF0wrZfwpXDu07CqcKxwqMxw7nCnmrDnsKqEUxUcMOKYV0gOMKOYkNbw7MLSTfDrMO6w4/DjEEAwqzCj0TDmMOnZRYgJsKCOcKDQsOhw6PDqMKsSiluIGnDmzjDosO9XCVSM8OkNcK1asK1
    Client: persistentId=94190d77-3f39-4f9f-a29a-abd72d7391bd&screenWidth=1280&screenHeight=800&timeZoneOffsetHours=6&visitId=ebb7924a-2ee9-4341-b920-be980eff119a&windowWidth=1280&windowHeight=685
    X-Requested-With: XMLHttpRequest
    Referer: https://myspace.com/
    Content-Length: 442
    Cookie: persistent_id=pid%3D94190d77-3f39-4f9f-a29a-abd72d7391bd%26llid%3D%26lprid%3D%26lltime%3D; visit_id=ebb7924a-2ee9-4341-b920-be980eff119a; ads=adInitVisit%3D; player=sequenceId%3D-1%26paused%3Dfalse%26currentTime%3D0%26volume%3D0.5%26mute%3Dfalse%26shuffled%3Dfalse%26repeat%3Doff%26mode%3Dqueue%26radioEntity%3D%26radioMediaType%3D%26radioMediaId%3D%26radioCurrentTime%3D0%26pinned%3Dfalse%26streamStartDateTime%3D%26radioStreamStartDateTime%3D%26at%3D300%26incognito%3Dfalse%26allowSkips%3Dtrue%26ccOn%3Dfalse; __utma=102911388.1364506208.1384907839.1384907839.1384907839.1; __utmb=102911388.1.10.1384907839; __utmc=102911388; __utmz=102911388.1384907839.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
    Connection: keep-alive
    Pragma: no-cache
    Cache-Control: no-cache
    
    actionText=view&assignedExperiments=&beaconVersionValue=3&directObjectEntityKeyText=page_splash&pageId=37fd02c4-dda4-4a55-9f02-348789968d24&persistentId=94190d77-3f39-4f9f-a29a-abd72d7391bd&previousReferrerPageFunctionalContextText=&referrerPageFunctionalContextText=&requestFunctionalContextText=splash&requestTrackingId=37fd02c4-dda4-4a55-9f02-348789968d24&requestUrl=http%3A%2F%2Fmyspace.com%2F&visitId=ebb7924a-2ee9-4341-b920-be980eff119a
    
    you can see in the post data, that the "pageId" is in there and hasn't changed, after this request another one is automically fired off, this is were i get lost. Below is the request

    Code:
    
    POST https://myspace.com/beacon HTTP/1.1
    Host: myspace.com
    User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: text/plain; charset=UTF-8
    Referer: https://myspace.com/signin
    Content-Length: 1028
    Cookie: persistent_id=pid%3D94190d77-3f39-4f9f-a29a-abd72d7391bd%26llid%3D%26lprid%3D%26lltime%3D; visit_id=ebb7924a-2ee9-4341-b920-be980eff119a; ads=adInitVisit%3D; player=sequenceId%3D-1%26paused%3Dfalse%26currentTime%3D0%26volume%3D0.5%26mute%3Dfalse%26shuffled%3Dfalse%26repeat%3Doff%26mode%3Dqueue%26radioEntity%3D%26radioMediaType%3D%26radioMediaId%3D%26radioCurrentTime%3D0%26pinned%3Dfalse%26streamStartDateTime%3D%26radioStreamStartDateTime%3D%26at%3D300%26incognito%3Dfalse%26allowSkips%3Dtrue%26ccOn%3Dfalse; __utma=102911388.1364506208.1384907839.1384907839.1384907839.1; __utmb=102911388.2.10.1384907839; __utmc=102911388; __utmz=102911388.1384907839.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); auth_context=pfc=splash&action=trendingWelcomeSignin&object=
    Connection: keep-alive
    Pragma: no-cache
    Cache-Control: no-cache
    
    {"dsid":2,"dsv":1,"pggd":"8e5b5d8a-73b8-4fcd-b48c-67b5423a95dd","pageId":"8e5b5d8a-73b8-4fcd-b48c-67b5423a95dd","vgd":"ebb7924a-2ee9-4341-b920-be980eff119a","visitId":"ebb7924a-2ee9-4341-b920-be980eff119a","isnv":1,"lid":-1,"currentUserLoginId":null,"llid":-1,"lastLoginId":null,"lltime":"1970-01-01T00:00:00.000Z","lastLoginUtcDateTime":"1970-01-01T00:00:00.000Z","prid":-1,"currentUserProfileId":null,"lprid":-1,"lastProfileId":null,"tprid":-1,"targetProfileId":null,"pid":"94190d77-3f39-4f9f-a29a-abd72d7391bd","persistentId":"94190d77-3f39-4f9f-a29a-abd72d7391bd","abt":0,"abtb":0,"sn":"las1-app019","webServerName":"las1-app019","webServerIPAddressId":"10.144.18.29","pc":"en-US","currentCultureCode":"en-US","pf":"signin","pageFunctionalContextText":"splash","rpf":"splash","referrerPageFunctionalContextText":"","ll":"34.076212|-118.393564","i":null,"cek":"","currentContentEntityKeyText":null,"ipDerivedIsoCountryCode":"US","ipDerivedLocationId":6045553,"promptOriginPfc":"splash","promptAction":"trendingWelcomeSignin"}
    
    
    
    Now the pggd and pageId varibles have changed.
    Instead of being > pggd":"37fd02c4-dda4-4a55-9f02-348789968d24","pageId":"37fd02c4-dda4-4a55-9f02-348789968d24"
    There now > "pggd":"8e5b5d8a-73b8-4fcd-b48c-67b5423a95dd","pageId":"8e5b5d8a-73b8-4fcd-b48c-67b5423a95dd"

    I was thinking that maybe it was a md5 hash of the original values, with "-" inserted into the md5 hash value. Since without the "-" they have the length of 32, and pretty much look like a hd5 hash, but trying that didnt work.

    And finally the actual login request below.

    Code:
    
    POST https://myspace.com/ajax/account/signin HTTP/1.1
    Host: myspace.com
    User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Hash: YzZlOTNkNGMzMTRlZTE2M8Kqw4sgwrTCrsOiPcO0OsO7w4cqGcKpw5sQwqTCqEcqwqBiwrsWwqdybsOjZsK3woB/A8Opw57CoFo+wqF0wrZfwpXDu07CqcKxwqMxw7nCnmrDnsKqEUxUcMOKYV0gOMKOYkNbw7MLSTfDrMO6w4/DjEEAwqzCj0TDmMOnZRYgJsKCOcKDQsOhw6PDqMKsSiluIGnDmzjDosO9XCVSM8OkNcK1asK1
    Client: persistentId=94190d77-3f39-4f9f-a29a-abd72d7391bd&screenWidth=1280&screenHeight=800&timeZoneOffsetHours=6&visitId=ebb7924a-2ee9-4341-b920-be980eff119a&windowWidth=1280&windowHeight=685
    X-Requested-With: XMLHttpRequest
    Referer: https://myspace.com/signin
    Content-Length: 98
    Cookie: persistent_id=pid%3D94190d77-3f39-4f9f-a29a-abd72d7391bd%26llid%3D%26lprid%3D%26lltime%3D; visit_id=ebb7924a-2ee9-4341-b920-be980eff119a; ads=adInitVisit%3D; player=sequenceId%3D-1%26paused%3Dfalse%26currentTime%3D0%26volume%3D0.5%26mute%3Dfalse%26shuffled%3Dfalse%26repeat%3Doff%26mode%3Dqueue%26radioEntity%3D%26radioMediaType%3D%26radioMediaId%3D%26radioCurrentTime%3D0%26pinned%3Dfalse%26streamStartDateTime%3D%26radioStreamStartDateTime%3D%26at%3D300%26incognito%3Dfalse%26allowSkips%3Dtrue%26ccOn%3Dfalse; __utma=102911388.1364506208.1384907839.1384907839.1384907839.1; __utmb=102911388.2.10.1384907839; __utmc=102911388; __utmz=102911388.1384907839.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); auth_context=pfc=splash&action=trendingWelcomeSignin&object=
    Connection: keep-alive
    Pragma: no-cache
    Cache-Control: no-cache
    
    email=username&password=password&rememberMe=on&pageId=8e5b5d8a-73b8-4fcd-b48c-67b5423a95dd
    
    
    
    as you can see the new changed "pageid" value is here to.

    So if anyone has figured this out already that can help me out that would dope. or if you have some free time and want a challenge, and want to try to crack it :)

    btw help would be apperciated thanks..
     
    Last edited: Nov 21, 2013
  2. phatzilla

    phatzilla Supreme Member

    Joined:
    Apr 9, 2009
    Messages:
    1,365
    Likes Received:
    1,017
    looks like some weird guid value.

    But you can just remove the entire parameter from the POSTDATA during login and it would work anyway


    email=email@gmail.com&password=123456&rememberMe=on
     
  3. kill4

    kill4 Regular Member

    Joined:
    May 11, 2009
    Messages:
    243
    Likes Received:
    42
    Location:
    Texas
    Hey phatzilla long time no talk. Actually that some what worked and gave me a idea. To make it look natural looks like you got to do thos beacon request with the right info. All i did was skip the beacon requestes and went straigh to the login and preserve some info and it worked, really a hack but screw it it worked lol. Im sure you can guess what i did you good at this stuff.

    Thanks.