Author Topic: Winsock security error  (Read 15558 times)

Offline CuF

  • Sr. Member
  • ****
  • Posts: 331
  • Karma: +40/-0
    • View Profile
Winsock security error
« on: April 04, 2013, 05:49:37 pm »
I've been working on a script for AnimeBytes... mostly because their site has an awful layout.
Anyway, trying to make the login work, but I can't get a foot hold.
The log shows:
Code: [Select]
[3:42:58 AM]
POST https://yuki.animebytes.tv/user/login
Referer:
Cookie:



[3:42:59 AM]
cWinHTTP1: 1 - Error: -2147012858 - The host name in the certificate is invalid or does not match

[3:42:59 AM]
POST https://yuki.animebytes.tv/user/login
Referer:
Cookie:



[3:42:59 AM]
cWinHTTP1: 1 - Error: -2147012858 - The host name in the certificate is invalid or does not match

No idea here.  Suggestions?

Edit: More info, the logon uses a unique id for each logon attempt, so I'm using prelogin and code0 to grab the "crf_token".
In theory, since that is first, it is probably what is supposed to be occurring when this errors out.

The code so far...
Code: [Select]
[login]
prelogin=code(`https://yuki.animebytes.tv/user/login`,0)
login=https://yuki.animebytes.tv/user/login
form=username=%USER%&password=%PASS%&csrf_token=%CSRF%
failed=attempts remaining
failed2=Security token invalid

[code0]
@i=find(1,@data,`name="csrf_token"`,`value=`)
num=extract(@i,@data,`"`,`"`)
$form=replace($form,`%CSRF%`)
[/code0]
« Last Edit: April 04, 2013, 05:58:05 pm by CuF »

Offline Bovski

  • Head Cider Tester
  • Hero Member
  • *****
  • Posts: 673
  • Karma: +189/-0
  • High Five Me
    • View Profile
    • Warez The Index
Re: Winsock security error
« Reply #1 on: April 05, 2013, 07:56:42 pm »
Try logging in with IE you may be able to set an exception.

Offline chip!

  • Bad Ass
  • Administrator
  • Unstoppable
  • *****
  • Posts: 2301
  • Karma: +629/-6
    • View Profile
Re: Winsock security error
« Reply #2 on: April 06, 2013, 03:19:44 am »
i'm looking into it to make sure the 'engine' is OK..  I dont have a valid account, but ill see what I can find out.


  -  https://convivea.com  -   And...  boom goes the dynamite.

Offline CuF

  • Sr. Member
  • ****
  • Posts: 331
  • Karma: +40/-0
    • View Profile
Re: Winsock security error
« Reply #3 on: April 06, 2013, 04:01:51 am »
FF doesn't seem to have any complaints but IE errors that:
The security certificate presented by this website has expired or is not yet valid.
The security certificate presented by this website was issued for a different website's address.

Understandable since it does look like the certificate has expired and the site has changed names from animebyte.es to animebytes.tv without a new certificate.

An exception doesn't seem to help BC work through it.
In theory you don't need an account to get this far, BC just won't load the logon page.  Script is attached.

Offline chip!

  • Bad Ass
  • Administrator
  • Unstoppable
  • *****
  • Posts: 2301
  • Karma: +629/-6
    • View Profile
Re: Winsock security error
« Reply #4 on: April 06, 2013, 04:10:09 am »
i've added a flag to the code for WinHTTP to ignore those certificate SSL errors..  so hang tight till i can post the new version.. should be working then :)



also, here is a working header for the script  (havent checked your post above, but i fixed a few things while testing)

Code: [Select]
[script]
name=AnimeBytes.tv
source=AnimeBytes
author=CuF
modified=Chip 2013/04/06
pwd=1
version=2

[home]
1=https://yuki.animebytes.tv

[profiles]
all=/torrents.php?searchstr=%SEARCH%t&action=advanced&search_type=title&tags_type=0&sort=relevance&way=desc&hentai=2

[login]
prelogin=code(`https://yuki.animebytes.tv/user/login`,0)
login=https://yuki.animebytes.tv/user/login
form=csrf_token=%CSRF%&username=%USER%&password=%PASS%&keeplogged_sent=true&keeplogged=on&login=Log+In%21
failed=attempts remaining
failed2=/user/login

[code0]
@i=find(1,@data,`csrf_token`,`value=`)
num=extract(@i,@data,`"`,`"`)
$form=replace($form,`%CSRF%`,num)
[/code0]

although, not sure about failed2= because i havent been able to login.


but I was going to say, i like to use Google Chrome and then turn on "Developers Tools" and go to the "Network Tab" and then do the search and then I can view the actual HTTP request of Chrome, and then quickly build the request for Bit Che using that..  (like making sure you have all the FORM post stuff).. see the screen shot:

« Last Edit: April 06, 2013, 04:18:49 am by chip! »
  -  https://convivea.com  -   And...  boom goes the dynamite.

Offline CuF

  • Sr. Member
  • ****
  • Posts: 331
  • Karma: +40/-0
    • View Profile
Re: Winsock security error
« Reply #5 on: April 06, 2013, 04:34:59 am »
I wonder if it's only because my version if IE is dated.  It's IE8 only because I don't use it.
Were you able to duplicate the error?

Btw, that developer tool in chrome is pretty cool.  I have no idea if Firefox has something similar or not.

Edit: Just to refresh my memory...
Failed is supposed to be the response for bad username or password.
Failed2 is for expired (or not accepting) cookies?

I don't know why, but I can never keep it straight.
« Last Edit: April 06, 2013, 04:37:01 am by CuF »

Offline chip!

  • Bad Ass
  • Administrator
  • Unstoppable
  • *****
  • Posts: 2301
  • Karma: +629/-6
    • View Profile
Re: Winsock security error
« Reply #6 on: April 06, 2013, 05:15:33 am »
I wonder if it's only because my version if IE is dated.  It's IE8 only because I don't use it.
Were you able to duplicate the error?

not to do with your browser. I was able to duplicate the error... it was because I did not have a flag set in the HTTP connection code. the default is to 'halt' on *every* SSL certificate error...  but ive changed it to "ignore all SSL certificate errors"..

Btw, that developer tool in chrome is pretty cool.  I have no idea if Firefox has something similar or not.

I saw one in the past for FireFox... HTTP Header Control or Live Headers.. or something, but it was a little bit clunky..


Edit: Just to refresh my memory...
Failed is supposed to be the response for bad username or password.
Failed2 is for expired (or not accepting) cookies?

yeah thats exactly right..

failed should be to detect if a bad user/pass attempt to login
failed2 should be for when a your previous valid login expired

should be.. because sometimes they have to represent different logic events.. but yeah, thats the general plan :)
  -  https://convivea.com  -   And...  boom goes the dynamite.

Offline chip!

  • Bad Ass
  • Administrator
  • Unstoppable
  • *****
  • Posts: 2301
  • Karma: +629/-6
    • View Profile
Re: Winsock security error
« Reply #7 on: April 06, 2013, 07:26:25 am »
CuF can you give this build a test that should fix the problem? :)

http://convivea.com/forums/index.php?topic=2131.msg20198#msg20198


just make sure you update your script header, there was an error with the code0  (missing 'num' from the replace() function).. and updated the form=
« Last Edit: April 06, 2013, 07:35:41 am by chip! »
  -  https://convivea.com  -   And...  boom goes the dynamite.

Offline CuF

  • Sr. Member
  • ****
  • Posts: 331
  • Karma: +40/-0
    • View Profile
Re: Winsock security error
« Reply #8 on: April 06, 2013, 08:22:07 am »
CuF can you give this build a test that should fix the problem? :)

http://convivea.com/forums/index.php?topic=2131.msg20198#msg20198


just make sure you update your script header, there was an error with the code0  (missing 'num' from the replace() function).. and updated the form=
Yup, missed that pesky 'num'.  New version works a treat.  Thanks.
Now to chisel away at extremely complicated layout of search results.

Btw, looks like a nice site.  Can't remember where I heard about it, but I've been waiting about a year for an invite.