How to pass login and password via POST VBA Httprequest?
Thanks very much for all the help. Turns out the key for find the answer was to use the right tools.
As @chillin recommended using a traffic analyser was essential. I was trying to get the HTTP headers with "Live HTTP Headers" chrome extension, but that only gives my information about tha manual authentication process and even then INCOMPLETE information.
So I downloaded "WireShark" and try to sniff the HTTP traffic, but I couldn't since it was encrypted. Then I did some research and found this way of workaround the encryption:
https://redflagsecurity.net/2019/03/10/decrypting-tls-wireshark/
After this step-by-step guide and apliccate an http packets filter (just write http in the wireshark filter textbox) I was able to sniff the HTTP traffic (the one I generate when I log in manually to the website and the one generated via excel(vba) HTTPREQUEST.
After this everything got easier and I end up with the code below:
Sub HTTPRESQUEST()
'https://stackoverflow.com/questions/22051960/vba-winhttp-to-download-file-from-password-proteced-https-website/
'https://redflagsecurity.net/2019/03/10/decrypting-tls-wireshark/
'https://wiki.wireshark.org/TLS?action=show&redirect=SSL
'https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret
Dim WHTTP As WinHttp.WinHttpRequest
Set WHTTP = New WinHttpRequest
'Logon page:
mainUrl = "https://www.somewebsite/Logar.php"
myuser = "myuser"
mypass = "mypassword"
strAuthenticate = "username=" & myuser & "&bypass=" & mypass
WHTTP.Open "POST", mainUrl, False
WHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
WHTTP.Send strAuthenticate
End Sub
That was enough to do the website log in. No need to encode the username and password.
PS: In the strAuthenticate the "username" and the "bypass" are the HTML objects ids for the username textbox and the password textbox.
I hope this answear can help other people. Thanks again for all the help!
VBA XMLHTTP clear authentication?
These questions have been discussed in many ways due to major browsers different implementations of caching methods.
I will give you what worked for me and then the sources I found on this feature.
The only solution I could came across was to force the browser to not cache the request.
myURL = "http://my.domain.com/myscript.cgi"
Dim oHttp As New MSXML2.XMLHTTP
oHttp.Open "POST", myURL, False
oHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded'"
oHttp.setRequestHeader("Cache-Control", "no-cache");
oHttp.setRequestHeader("Pragma", "no-cache");
oHttp.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT");
oHttp.setRequestHeader "Authorization","Basic " & Base64EncodedUsernamePassword
oHttp.send "PostArg1=PostArg1Value"
Result = oHttp.responseText
It seems that Cache-Control
works on most browsers and Pragma
only on Firefox and not IE (don't know why...)
If-Modified-Since
is used for IE, since IE uses different settings in his own algorithm to determine whether or not the request should be cached. XMLHttpRequest seem to not be treated as the same as HTTP responses.
Careful : With this code you will need username
and password
each time a new object is created. Maybe you should create a new object, instantiate it once and then destroy it after use. In between you would have all your requests handled in different functions with only one authentication.
Sources
MSDN setRequestHeader Method
MSDN IXMLHTTPRequest
XMLHTTPREQUEST CACHING TESTS
XMLHttpRequest and Caching
Related Topics
Default Value in Lombok. How to Init Default With Both Constructor and Builder
Kafka Consumer in Java Not Consuming Messages
How to Parallelize a Foreach Loop in Java
Limiting the Number of Characters in a String, and Chopping Off the Rest
In Java How to Extract Exact Domain Name from Url
How to Use Limit in Spring Within SQL Query
Java Ssl: How to Disable Hostname Verification
Avoid Keycloak Default Login Page and Use Project Login Page
Rounded Swing Jbutton Using Java
How to Remove All Special Character in a String Except Dot and Comma
How to Exclude Classes from Test Coverage Using Java Annotations in Spring Boot
After Spring Boot 2.0 Migration: Jdbcurl Is Required With Driverclassname
How to Store a Large (10 Digits) Integer
How to Link Feature and Step Definition in Cucumber
Changing Scene When a Button Is Pressed Fxml
Adb Cannot Connect to Daemon At Tcp:5037
Spring Security Configuration Filter Any Requests Except a Specific Endpoint
Java.Lang.Illegalstateexception: Fragment Not Attached to a Context