Byethost Server Passing HTML Values "Checking Your Browser" With Json String

ByetHost server passing html values Checking your browser with JSON String

Solved!

I had the same issue using Byethost to retrieve JSON data from my PHP server. We just need to add a cookie to the HTTP request to pass the testcookie-nginx-module

As Richard's answer says:

The main problem is that Byet Host implement a simple security antibots module >named testcookie-nginx-module

https://kyprizel.github.io/testcookie-nginx-module/

On the link he provided we can see that the testcookie-nginx-module makes a 2-steps validation:

1. The first time that a HTTP request is done, the module returns a javascript instead of the JSON we are expecting. This script is executed on the client (tipically a web browser) and generates a validation cookie containing an AES key.

Here's the script I've received form my server:

<html>
<body>
    <script type="text/javascript" src="/aes.js" ></script>
    <script>
        function toNumbers(d){
        var e=[];
            d.replace(/(..)/g,function(d){
                e.push(parseInt(d,16))});
            return e
        }
        function toHex(){
            for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)
                e+=(16>d[f]?"0":"")+d[f].toString(16);
                return e.toLowerCase()
        }
        var a=toNumbers("f655ba9d09a112ffff8c63579db590b4"),
            b=toNumbers("98344c2eee86c3ffff90592585b49f80"),
            c=toNumbers("1286963467aa92ffff8323bdca0d7be9");
        document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; 
        location.href="http://myserver.byethost8.com/myPhpPage.php?i=1";
    </script>
    <noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript>
</body>

2. The script adds the validation cookie to the document and redirects it to the url we actually want to access. The testcookie-nginx-module validates the cookie AES key and and let the request hit the url that will response with the JSON data we want to access.

On the following HTTP requests the client will have stored the cookie and will add it to the request skipping the step 1.

Solution for our Android App

We are going to skip the cookie generation by getting it from a web browser and add it directly to our Android HTTP request (Unless of course you want to get involved in generating it).

Before you get the cookie from the web browser make sure you accessed the url at least once with the browser to generate it.

• Getting the cookie key from the web browser. I used Google Chrome for it:

  1. From the Chrome menu in the top right corner of the browser, select Settings.
  2. At the bottom of the page, click Show advanced settings....
  3. Under Privacy, select Content settings....
  4. select All cookies and site data....
  5. Search for you website name. By searching "byethost" you'll find it.
  6. Open the cookie named __test and copy the values of content, path and expires

• Setting the cookie on our Android app. On your code should be something like:

  try 
  {
   if(post == "POST")
   {
       HttpClient httpClient = new DefaultHttpClient();
       HttpPost httpPost = new HttpPost(loginUrl);
       httpPost.setEntity(new UrlEncodedFormEntity(para));
       httpPost.setHeader("User-Agent","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 ");
       httpPost.addHeader("Cookie", "__test=THE_CONTENT_OF_YOUR_COOKIE_HERE; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/");
       HttpResponse httpResponse = httpClient.execute(httpPost);
       HttpEntity httpEntity = httpResponse.getEntity();
       is = httpEntity.getContent();
  }
  else if(post == "GET")
  {
      HttpClient httpClient = new DefaultHttpClient();
      String paramString = URLEncodedUtils.format(para, "utf-8");
      loginUrl += "?" + paramString;
      HttpGet httpGet = new HttpGet(loginUrl);
      httpGet.addHeader("Cookie", "__test=THE_CONTENT_OF_YOUR_COOKIE_HERE; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/");
      HttpResponse httpResponse = httpClient.execute(httpGet);
      HttpEntity httpEntity = httpResponse.getEntity();
      is = httpEntity.getContent();
  }
  }
  

And that's it. Now every time the app makes an HTTP request it will include the cookie to pass the testcookie-nginx-module and will be retrieving your JSON data.

I hope this helps and is not too late.

Regards

org.json.JSONException: Value html body script of type java.lang.String cannot be converted to JSONObject

Thank you guys, there is no problem with the code. This is an extra protection that has been added deliberately by byethost.com to block bots from accessing our sites resulting in huge security benefits to our scripts. I reuploaded these files into 000webhost.com and it worked like a charm.
For further information, refer this discussion
ByetHost server passing html values "Checking your browser" with JSON String

Related Topics