1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HTTPWEBREQUEST JavaScript / C# BOT

Discussion in 'General Programming Chat' started by NetCrime, Jan 10, 2015.

  1. NetCrime

    NetCrime Regular Member

    Joined:
    Mar 9, 2011
    Messages:
    236
    Likes Received:
    104
    Location:
    Lithuania
    Can't find a solution for this problem hope someone had similar issues and can share experence dealing with it.

    I'm making a BOT for video chat website that has function to send friend invite. This function uses JavaScript to do that action.

    Code:
    <li class="ignore"><a href="javascript:void(0)">Ignore</a></li>
    
    <li class="friend"><a href="javascript:void(0)">Add Friend</a></li>
    
    Actualy I don't uderstand why it fires same
    Code:
    "javascript:void(0)"
    for ignore and add but that's not main problem.

    When I capture packet that is POST'ed to server on Add Friend button click it looks like this:

    Code:
    POST (info hided)/amfgateway.php HTTP/1.1Host: (info hided)
    Connection: keep-alive
    Content-Length: 52
    Origin: (info hided)
    X-Requested-With: ShockwaveFlash/16.0.0.235
    User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
    Content-Type: application/x-amf
    Accept: */*
    Referer: (info hided)
    Accept-Encoding: gzip, deflate
    Accept-Language: lt,en-US;q=0.8,en;q=0.6,ru;q=0.4,**;q=0.2
    Cookie: (info hided)
    
     bcAmfService.addFriend /1   
        Aa$     
    
    
    Actualy POSTDATA looks like it is encrypted:

    ac9c056974.png

    Why this may occure is it really encrypted or i'm just doing something wrong here?
     
  2. sockpuppet

    sockpuppet Junior Member

    Joined:
    Nov 7, 2011
    Messages:
    155
    Likes Received:
    145
  3. NetCrime

    NetCrime Regular Member

    Joined:
    Mar 9, 2011
    Messages:
    236
    Likes Received:
    104
    Location:
    Lithuania
    Thanks Sockpuppet your avatar creaps me out but your info is valuable and pushed me forward!

    I'm using Fiddler4 to capture packets and I had to install Addon AMF Parser (https://fiddleramfparser.codeplex.com/) in case anyone else will need it.

    So with that addon I could view what info is passed to the server and I beleve it sends user ID under Content > 0 > Actual user ID

    [​IMG]

    So now I need to figure out how to replicate this packet if it's posible.
     
  4. ttrox

    ttrox Regular Member

    Joined:
    Jun 28, 2013
    Messages:
    217
    Likes Received:
    75
    javascript:void(0) does nothing and has nothing to do with whatever that button is doing behind.
    They're possibly binding the function based on the class. I would try and check that out.
     
  5. NetCrime

    NetCrime Regular Member

    Joined:
    Mar 9, 2011
    Messages:
    236
    Likes Received:
    104
    Location:
    Lithuania
    Kinda bumped in to a wall here with that AMF packet.. Can't find any solution..

    Would appreciate any help with forming and sending that AMF packet request to server
     
  6. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,410
    Likes Received:
    3,057
    Gender:
    Male
    That javascript:void(0) does nothing. There should be some other function that is bound to that particular element somewhere else. As for sending the header you specified, this SOF thread might be of use:

    Code:
    http://stackoverflow.com/questions/5650262/send-post-request-with-x-amf-flash-request-header
    Edit: oops sorry looks like you are using C#, so I can't really help as it is not my domain... but you kind of get the idea how it is done in one language.. Now you can translate it hopefully.
     
    Last edited: Jan 10, 2015
  7. NetCrime

    NetCrime Regular Member

    Joined:
    Mar 9, 2011
    Messages:
    236
    Likes Received:
    104
    Location:
    Lithuania
    Well it seems that in your SOF example he is using CURL library and I don't know which library to use / how to use in C# so I'm still stuck..
     
  8. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,410
    Likes Received:
    3,057
    Gender:
    Male
    Code:
    http://stackoverflow.com/questions/7929013/making-a-curl-call-in-c-sharp
    http://stackoverflow.com/questions/21255725/webrequest-equivalent-to-curl-command
    
     
  9. NetCrime

    NetCrime Regular Member

    Joined:
    Mar 9, 2011
    Messages:
    236
    Likes Received:
    104
    Location:
    Lithuania
    Thank you for your efforts but this still didn't solve anything. In those two SOF links there is just simply explained how to do HTTPWEBREQUEST and in my case I need that HTTPWEBREQUEST to be in binary with content-type: x-amf.

    I have writed httpwebrequest for testing purposes that looks like :

    Code:
     public static string addFriend()        {
                try
                {
    
    
                    ASCIIEncoding encoding = new ASCIIEncoding();
                    string postData = "This is test data";
                    byte[] data = encoding.GetBytes(postData);
    
    
                    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://(HIDDED)/amfgateway.php");
    
    
                    request.Method = "POST";
                    request.Host = "(HIDDED)";
                    request.KeepAlive = true;
                    request.ContentLength = data.Length;
                    request.Accept = "*/*";
                    request.Headers.Add("Origin: http://(HIDDED)");
                    request.Headers.Add("X-Requested-With: XMLHttpRequest");
                    request.UserAgent = "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36";
                    request.ContentType = "application/x-amf";
                    request.Referer = "http://(HIDDED);
                    request.Headers.Add("Accept-Encoding: gzip, deflate");
                    request.Headers.Add("X-Requested-With: ShockwaveFlash/16.0.0.235");
                    request.Headers.Add("Accept-Language: lt,en-US;q=0.8,en;q=0.6,ru;q=0.4,**;q=0.2");
                    request.Headers.Add("Cookie: (HIDDED)");
                    Stream stream = request.GetRequestStream();
                    stream.Write(data, 0, data.Length);
                    stream.Close();
    
    
                    WebResponse response = request.GetResponse();
                    stream = response.GetResponseStream();
    
    
                    StreamReader sr = new StreamReader(stream);
                   // MessageBox.Show(sr.ReadToEnd());
    
    
                    sr.Close();
                    stream.Close();
    
    
                    return sr.ReadToEnd().ToString();
    
    
                    
                }
                catch (Exception ex)
                {
                   // MessageBox.Show("Error: " + ex.Message);
                    return ex.Message;
                }
            }
    But this is not sended as AMF it just simple plain text.. And I also need to implement user id to POSTDATA (or in any other way) that is seen in picture in my first post.
     
  10. sockpuppet

    sockpuppet Junior Member

    Joined:
    Nov 7, 2011
    Messages:
    155
    Likes Received:
    145
    you can use http://www.fluorinefx.com/ to build the AMF message

    or copy the message from your request and replace the user id
    use wireshark to copy: select the amf packet and right click -> copy -> hexstream
    looking at your picture it seems like AMF0 and type number so the 8 bytes at the end should be the id, you can confirm this by clicking on the id in wireshark, it should highlight these bytes
    so cut off these bytes when you import it into your code

    AMF0.number is encoded as floating point so it is like double in c#, do something like this to append it
    Code:
    byte[] data = myPacket();
    Stream stream = request.GetRequestStream();
    stream.Write(data, 0, data.Length);
    
    double id = 123;
    byte[] bytes = BitConverter.GetBytes(id);
    // it's big-endian so reverse the order
    for(int i = bytes.Length-1; i >= 0; i--) {
        stream.WriteByte( bytes[i] );
    }
    
    stream.Close();