Help with httpsocket

Hello,

I wanted to create a simple data logger for my router to copy a few connection historical data points. Whoever designed the router html code wanted to harden it against xss attacks so i cannot push the standard authorization header.

I think the correct strategy is to:

  1. Open a httpsocket and get the login page
  2. Post the user and the password in the form while storing the session cookie as a string
  3. Get the data i want using the cookie

I don’t mind having the first two steps as a htmlviewer object if that’s the easier way.

Any hints on how to proceed?

Thank you!

Ciao Matteo,
you could try to fill the login page form with a post (or get) and read the cookies in the httpsocket header.
The rebuild another request with the cookie and other header element if needed to get your data.

if some other info are needed for the first form (it could check the reference from where it’s called) you can emulate with the copy the right headers from your browser connection.

As last resource you can try to use a javascript in the htmlviewer to get to cookie.

@Antonio Rinaldi i have attempted to use a http socket, compiling the custom user/pass field the router requires( the latest model provided by TIM, the 200mbps tim smart evo to be precise) and executing the authentication routine but it fails to execute successfully, there must be some hidden code I can’t access on the client side. Attempting to extract the cookie from the htmlviewer object fails too(I get a blank string). I will have to setup a link to chrome and have the cookie being extracted by hand using dev tools

Have you tried to send the referrer header (and browser info)?

I’ve tried sniffing the response to the webpage when used by chrome, the authentication routine post (post /authenticate) requires a userid(cleartext), password(encrypted) and a cross site antiforgery token(which i cannot find where is created in the site code) in the client to router post. For the time being i have dropped the login automation, I have already spent too much time on this hobby project :slight_smile: