I am trying to get information from a site, to do this I've created the following VBA code. However, the request will always timeout. Have I made some sort of fundamental mistake?
Right now I'm mimicking the request that my browser would send, perhaps that is the source of the problem. I have seen other posts where this is done and seems to work though.
Code:
Sub fill()
Dim w As New WinHttpRequest
w.SetTimeouts 5000, 5000, 5000, 5000
w.Open "POST", "http://www.vti.net.au/calculator"
w.SetRequestHeader "Host", "www.vti.net.au"
w.SetRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0"
w.SetRequestHeader "Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
w.SetRequestHeader "Accept-Language", "en-US,en;q=0.5"
w.SetRequestHeader "Accept-Encoding", "gzip, deflate"
w.SetRequestHeader "Referer", "http://www.vti.net.au/calculator"
w.SetRequestHeader "Cookie", "SESS85bf6b43b33c734cba757f15a25cc79e=7521a51d45d3609955bf90d18f8d0f90; has_js=1; _ga=GA1.3.2146414506.1410196274"
w.SetRequestHeader "Connection", "keep-alive"
w.Send "Length=330&Connectors=4&Splices=4&Cord=1&submit=Calculate"
MsgBox "test"
End Sub
Request info:
Related
I am using jwt to authorize users on a react app I am working on. As opposed to using localStorage or sessionStorage to store these tokens, I am sending httpOnly, sameSite: strict, secure cookies as shown.
res
.cookie("jwt-access", accessToken, {
httpOnly: true,
sameSite: "strict",
secure: true,
})
.cookie("jwt-refresh", refreshToken, {
httpOnly: true,
sameSite: "strict",
secure: true,
})
.json({ error: false, response: "Authorized" });
My app is successfully able to communicate with my api using the access and refresh tokens while hosted on the same domain as the api server (www.example.com/app, www.example.com/api).
If I understand correctly the react development server is hosted on an http server running on port 3000. Because this server is considered to be running on a different and unsecure domain, these secure cookies are not able to be properly communicated. I thought reconfiguring these cookies to secure: false and sameSite: "none" would have allowed these cookies to be correctly communicated but it hasn't.
Why is it that these updated cookies are unable to be sent/received with the development server and what can I do to properly configure them?
If its any use, here is the request header from each server:
Production server correctly receives cookies
[Symbol(kHeaders)]: {
host: 'localhost:446',
connection: 'close',
'sec-ch-ua': '"Google Chrome";v="107", "Chromium";v="107", "Not=A?Brand";v="24"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'https://zyae.net/',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en-US,en;q=0.9',
cookie: 'jwt-access=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYzODJkOWNjYTMwMDM2N2NkOGZlZGZiZiIsImlhdCI6MTY2OTU5ODg4MiwiZXhwIjoxNjY5NTk5NDgyfQ.bYSN7jJwuL2UyLpu3rModl5HAQ7FQ8R7sQUDEOq7Z0g; jwt-refresh=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYzODJkOWNjYTMwMDM2N2NkOGZlZGZiZiIsImlhdCI6MTY2OTU5ODg4Mn0.gv4BycPhBlEXOc6TLYj6w07diAQ0hOBQT03tTNfF9Hs',
'if-none-match': 'W/"9c-GSJl0bJ1H5bULPZaYoSPi1M3gMw"'
}
Development server
[Symbol(kHeaders)]: {
host: 'localhost:446',
connection: 'close',
pragma: 'no-cache',
'cache-control': 'no-cache',
'sec-ch-ua': '"Google Chrome";v="107", "Chromium";v="107", "Not=A?Brand";v="24"',
accept: 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36',
'sec-ch-ua-platform': '"Windows"',
origin: 'http://zyae.net:3000',
'sec-fetch-site': 'cross-site',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
referer: 'http://zyae.net:3000/',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en-US,en;q=0.9'
}
i have multiple files which is HTTP request in json file format and every file content as following .
{
"http://testphp.vulnweb.com/search.php": {
"headers": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "en-US,en;q=0.5",
"Connection": "close",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0"
},
"method": "POST",
"params": [
"goButton",
"searchFor"
]
}
}%
desired output is raw request as following
POST /search.php HTTP/1.1
Host: testphp.vulnweb.com
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.30
Connection: close
searchFor=a&goButton=go
and BTW the default char in the end of lines is \r\n as it the default format of HTTP raw request and there is extra \r\n in the line before parameters.
i really don`t know if awk could handle this or not but if it how hard it will be??
plz also recommend any online solution to do so if i have to go that way because i struggling in search for reformat from json to raw request.
Thanks
Access to XMLHttpRequest from has been blocked by CORS policy: Response to preflight request doesn't pass
access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
My CORS configuration:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"GET",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"ETag",
"x-amz-server-side-encryption",
"x-amz-request-id",
"x-amz-id-2",
"Content-Length",
"Content-Type",
"Connection",
"Date",
"x-amz-version-id",
"Server"
],
"MaxAgeSeconds": 10
}
]
Request headers:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-
user-agent
Access-Control-Request-Method: POST
Cache-Control: no-cache
Connection: keep-alive
Host: s3.amazonaws.com
Origin: http://localhost:8080
Pragma: no-cache
Referer: http://localhost:8080/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/86.0.4240.111 Safari/537.36
It was trying to reach a wrong region as I didn't specify one
So, I'm trying to send a request to a http server from VBA using the WinHttpRequest class.
I've already made a similar code which sends requests to another server, and it worked. This one won't even go through the ".Send". It fails (timeout).
I've checked every RequestHeader at Google Chrome devtools and tried to replicate the web request, but failed (with and without the cookies).
Any ideas?
The code:
Dim WHTTP As New WinHttp.WinHttpRequest
With WHTTP
.Open "GET", "https://contactcenter-prd.prosodie.com/prweb/sso", False
.SetRequestHeader "Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
.SetRequestHeader "Accept-Encoding", "gzip, deflate, br"
.SetRequestHeader "Accept-Language", "pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"
.SetRequestHeader "Connection", "keep-alive"
'.SetRequestHeader "Cookie", "JSESSIONID=337C72E2DBCC1080C674033FFC51EBFA.contactcenter; Pega-RULES=" & Chr(34) & "{atn}e3ByfVkzNDBlc3NYRlBYdWFRT2dkRFRjekU5LytjNm51MEMwazI4YmJqVDNvaFlUTE1LQUN3T1p6SUVYMEd5dlUxaHRSWEVINFpJTWVhY1YKdCtpRkQwZjJLdz09" & Chr(34) & "; BWROUTEID=s2ac70d938fbd5ee39c5b1b93ac33d7b.1"
.SetRequestHeader "Host", "contactcenter-prd.prosodie.com"
.SetRequestHeader "Upgrade-Insecure-Requests", "1"
'.SetRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36" ' From Chrome
.SetRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" ' Some guy said it would work (it didn't)
'.SetTimeouts 1200000, 1200000, 1200000, 1200000
.Send
End With
EDIT:
The purpose of the macro is to enter the website, get some info, put the info into a worksheet and exit the website.
I'm aware that the URL redirects to another, but (I think) I have to go to the first website to get some cookies.
EDIT 2:
Problem solved.
I had to setup a proxy to use the website.
.SetProxy 2, myProxy did the trick!
The problem was solved by using .SetProxy 2, proxy.
I want to route all the web traffic generated by the Excel VBA tool through a Sock5 Proxy.
I have added the proxy address and port number in Internet Settings in Control Pannel.
But when I analyse through Wireshark the packets that we are being exchanged, I see that my machine is communicating ditrectly with the destination.
However, when I analyse the packet that happens when I use chrome or TOR, the exchange looks to be happening through the Sock5 Proxy server.
Follwing is my snippet that I use to make connection :
xmlhttp.setProxy SXH_PROXY_SET_PRECONFIG
xmlhttp.Open "GET", url, False
xmlhttp.setrequestheader "Content-Type", "text/html"
xmlhttp.setrequestheader "User-Agent", " Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0"
xmlhttp.setrequestheader "Connection", " keep-alive"
xmlhttp.setrequestheader "Cache-Control", "max-age=0"
xmlhttp.setrequestheader "Accept-Language", "en-us,en;q=0.5"
xmlhttp.setrequestheader "Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
xmlhttp.send
Though I am not sure whether I am using "SetProxy" correctly or not.
Please Help..