Using WebBrowser Control in VB6 to "post"

digitalwav
digitalwav used Ask the Experts™
on
How does one post data to the WebBrowser control?  I'm trying to build an app that will logon to a secure site, do a few queries and update a local database in accordance to what is found by the queries.  But I need to know how to post the password/userid data. I've figured out how to get the html code out of the control so I can parse it for what I'm hunting for. (the site is SSL and uses javascript)

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Heres a simplified solution....

I used an actual site, but the password & username are bogus!!!!!! ;-)

Make a project and draw a webbrowser control on it.
you'll need a reference to mshtml.tlb in your project
and a control reference to shdocvw.dll (Microsoft internet controls)

paste this code into the form code area, and hit F5

'============================================================

Private WithEvents m_HtmlDoc As HTMLDocument

Sub Form_Load()
 'First generate your html post code to a file.
 'then load it into a webbrowser control,
 fp = FreeFile
 Open "c:\temp.html" For Output As fp
 Print #fp, "<html><body onload='alert(""here we go!"");document.all.fred.submit()'>"
 Print #fp, "<form id=fred action='https://toolbox.iinet.net.au/index.cgi' method=post>"
 Print #fp, "<input type=textbox name=username value=fred>"
 Print #fp, "<input type=textbox name=password value=bloggs>"
 Print #fp, "</form></body></html>"
 Close fp
 WebBrowser1.Navigate "c:\temp.html"
End Sub


Private Sub WebBrowser1_DocumentComplete(ByVal pDisp As Object, url As Variant)
    Set m_HtmlDoc = WebBrowser1.Document
    Static counter As Integer
    counter = counter + 1
    Select Case counter
        Case 1
            ' this is the first load, just our page.
        Case 2
            ' parse for ssl transported stuff here
            MsgBox m_HtmlDoc.body.innerHTML
            ' generate and send more posts as needs require based on the results of your parse
    End Select
End Sub
'============================================================


Have fun!!!

Commented:
Heres a simplified solution....

I used an actual site, but the password & username are bogus!!!!!! ;-)

Make a project and draw a webbrowser control on it.
you'll need a reference to mshtml.tlb in your project
and a control reference to shdocvw.dll (Microsoft internet controls)

paste this code into the form code area, and hit F5

'============================================================

Private WithEvents m_HtmlDoc As HTMLDocument

Sub Form_Load()
 'First generate your html post code to a file.
 'then load it into a webbrowser control,
 fp = FreeFile
 Open "c:\temp.html" For Output As fp
 Print #fp, "<html><body onload='alert(""here we go!"");document.all.fred.submit()'>"
 Print #fp, "<form id=fred action='https://toolbox.iinet.net.au/index.cgi' method=post>"
 Print #fp, "<input type=textbox name=username value=fred>"
 Print #fp, "<input type=textbox name=password value=bloggs>"
 Print #fp, "</form></body></html>"
 Close fp
 WebBrowser1.Navigate "c:\temp.html"
End Sub


Private Sub WebBrowser1_DocumentComplete(ByVal pDisp As Object, url As Variant)
    Set m_HtmlDoc = WebBrowser1.Document
    Static counter As Integer
    counter = counter + 1
    Select Case counter
        Case 1
            ' this is the first load, just our page.
        Case 2
            ' parse for ssl transported stuff here
            MsgBox m_HtmlDoc.body.innerHTML
            ' generate and send more posts as needs require based on the results of your parse
    End Select
End Sub
'============================================================


Have fun!!!

Commented:
Sorry about the double post! not sure what happened there ??? !
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Commented:
You can also use the winsock control, first add the component Microsoft WinSock Control, without making use of the wb control, thus you can use textboxes and one button send in your VB form as your user form instead of the wb form:

Private Sub cmdSend_Click()
   
    WinSock1.Connect("www.host.com",80)

End Sub

Private Sub WinSock1_Connect()

Dim vMsg As String
vMsg = "username=" & txtUserName.Text & "&password=" & txtPassWord.Text

Winsock1.SendData "POST /index.html HTTP/1.1" & vbCrLf & _
"Accept: */*" & vbCrLf & _
"Referer: http://www.host.com/whatever.html" & vbCrLf & _
"Accept-Language: en-us" & vbCrLf & _
"Content-Type: application/x-www-form-urlencoded" & vbCrLf & _
"Accept-Encoding: deflate" & vbCrLf & _
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" & vbCrLf & _
"Host: www.host.com" & vbCrLf & _
"Content-Length: " & Len(vMsg) & vbCrLf & _
"Cache-Control: no-cache" & vbCrLf & _
"Connection: Keep-Alive" & vbCrLf & _
vbCrLf & _
vMsg

End Sub

Commented:
ohh sorry, now that I see that you want to connect to a secure server... you can use Winsock with the CONNECT method to connect to a SSL secure server

Commented:
but only if the server handles proxy server requests ;-)
digitalwavIT Infrastructure Manager

Author

Commented:
Ok, I'm working through both examples and the winsock one is giving me problems- the winsock1.connect line seems to be expecting an = sign at the end of it. Any ideas?
digitalwavIT Infrastructure Manager

Author

Commented:
Never mind I got it, the new question is how to I see what data was returned from the connect/post?
You couls read the resulting html in the documentcomplete event of webbrowser as stated earlier.
Commented:
"Never mind I got it, the new question is how to I see what data was returned from the connect/post?"

Here is an example of filling a simple textbox with the responde from the server, keep in mind that the text will be replaced each new response

Private Sub wsChat_DataArrival(ByVal bytesTotal As Long)

Dim ServerResponse As String
WinSock1.GetData ServerResponse
Text1.Text = Text1.Text & ServerResponse

End Sub

Commented:
Private Sub WinSock1_DataArrival(ByVal bytesTotal As Long)

Dim ServerResponse As String
WinSock1.GetData ServerResponse
Text1.Text = Text1.Text & ServerResponse

End Sub
digitalwavIT Infrastructure Manager

Author

Commented:
I put a few stops in and it never gets to a datarrival. Not sure if it's hanging on the connect but I commented that all out. This is what I have in the code thus far:

Private Sub Command1_Click()
Winsock1.RemoteHost = "site deleted"
Winsock1.RemotePort = "443"
Winsock1.Connect
End Sub

Private Sub Winsock1_Connect()

'Dim vMsg As String
'vMsg = "txtUserID=useridnumber" & "&txtPassword=password"

'Winsock1.SendData "POST /security/loginPage.aspx HTTP/1.1" & vbCrLf & _
"Accept: */*" & vbCrLf & _
"Referer: https://www.techdata.com/security/loginPage.aspx" & vbCrLf & _
"Accept-Language: en-us" & vbCrLf & _
"Content-Type: application/x-www-form-urlencoded" & vbCrLf & _
"Accept-Encoding: deflate" & vbCrLf & _
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" & vbCrLf & _
"Host: www.host.com" & vbCrLf & _
"Content-Length: " & Len(vMsg) & vbCrLf & _
"Cache-Control: no-cache" & vbCrLf & _
"Connection: Keep-Alive" & vbCrLf & _
vbCrLf & _
vMsg

End Sub

Private Sub Winsock1_DataArrival(ByVal bytesTotal As Long)
Dim strData As String
Winsock1.GetData strData
Text1.Text = strData

End Sub

Commented:
Dont waste your time digitalWav,
the winsock control will NEVER work, unless you understand and implement SSL on top of your socket connections. (see OpenSSL.org)

See below, this is the return data from the post in the MsgBox statement in my first answer, all the SSL is done by the Browser for you.

            ' parse for ssl transported stuff here
            MsgBox m_HtmlDoc.body.innerHTML
            ' generate and send more posts as needs require based on the results of your parse

Mime headers and post bodies are ALL fully encrypted "on the wire" by SSL, the SSL protocol is constantly
negotiating encryption, so to do it properly you would grab a copy of OpenSSL and learn some asynchronous sockets in C or C++
and bind up the libraries built by the OpenSSL projects.

WINSOCK control will never work with https unless you are a genious ;-)

Commented:
:-)

NeXus throws down the red flag of challenge!  

Commented:

Bit more info for ya's!
It was also mentioned that you can use the CONNECT request type to get https, let me explain the difficulties with this...

Reference:
http://muffin.doit.org/docs/rfc/tunneling_ssl.html
INTERNET-DRAFT
<draft-luotonen-ssl-tunneling-02.txt>           Ari Luotonen
Netscape Communications Corporation
December 14, 1995  


Tunneling SSL Through a WWW Proxy

The CONNECT protocol is a simple tunnelling mechanism for connecting non http speaking computers, it was specifically designed with https in mind, the protocol works like this:

1) open connection to proxy server
2) send: CONNECT www.whatever.com:443\n\n
3) the proxy server connects
4) the proxy server sends back ok signal: HTTP/1.0 200 Connection established\nProxy-agent: Netscape-Proxy/1.1\n\n
5) now connected you can send SSL encrypted data back and forth, or any other data depending on the client / servers (SMTP etc)

You still have to do the SSL bit your self using this method, PLUS you need a proxy server to do this with / test against.





Commented:
Let me make some alterations to your code

Private Sub Command1_Click()
Winsock1.RemoteHost = "www.techdata.com"
Winsock1.RemotePort = 443
Winsock1.Connect
End Sub

Private Sub Winsock1_Connect()


'Winsock1.SendData "CONNECT www.techdata.com:443 HTTP/1.1" & vbCrLf & _
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" & vbCrLf & _
"Host: www.techdata.com" & vbCrLf & _
"Content-Length: 0" & vbCrLf & _
"Cache-Control: no-cache" & vbCrLf & _
"Proxy-Connection: Keep-Alive" & vbCrLf & _
"Pragma: no-cache" & vbCrLf & _

End Sub

Commented:
BUCHAS... mate,
your still talking proxy designed for a SSL enabled browser, please explain how the complete absence of SSL encyption techniques on a pure socket based connection could work in this scenario.

... ie ...
Proxy-Connection: Keep-Alive
...
Commented:
Ok guys, here is a trace from my proxy server that accepts these CONNECT methods to pass on to https servers,
have a gander, hopefully it will illuminate my argument a little better.

You will notice now that once connections have been established, all data transfered is binary encrypted, until end of connection.


***Proxy accepts connection: OnAccept
      [Event] Connection accepted on socket 632 from: 192.168.0.177
      [OnRead] remoteServer:0
      [OnRead starts at socket 632]
      215 bytes, In Data:

      CONNECT www.iinet.net.au:443 HTTP/1.0
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
      Host: www.iinet.net.au
      Content-Length: 0
      Proxy-Connection: Keep-Alive
      Pragma: no-cache


***Proxy connects to remote server
      Connecting to remote server www.iinet.net.au port 443 on socket 420
      [OnConnect] socket 420 remote server 1


***Proxy sends back connection status to client
      Sending to 632 80 bytes

      HTTP/1.0 200 Connection established
      Proxy-agent: NetFire Proxy Version 1.0


*** SSL starts now ***
You will notice now that once connections have been established, all data transfered in binary encrypted.

***Remote Client sends SSL data for server
      [OnRead starts at socket 632]
      78 bytes, In Data: €L
      sending nBytes:78 to Server
      nRet:78 made it to Server


***Remote Server sends SSL response data back to client
      [OnRead starts at socket 420]
      1372 bytes, In Data: 
      sending nBytes:1372 to client
      nRet:1372 made it to client

***Remote Server sends SSL response data back to client
      [OnRead starts at socket 420]
      1348 bytes, In Data: œ]S3FÉ‚;ìzB¢9åØ"82U ØÂl2_!‡zß(À×b"€NU.é±û^±õ•ã¢íÕ>eeEÖOïídZѵ‘­Qµ¥=­Æ¶
      sending nBytes:1348 to client
      nRet:1348 made it to client

***Remote Client sends SSL data for server
      [OnRead starts at socket 632]
      204 bytes, In Data: 
      sending nBytes:204 to Server
      nRet:204 made it to Server

etc etc etc

Commented:
NeXus is right, it's more hardwork for making a ssl connection through the mswinsock, but you gain more control over it. I can point you to a control with ssl support, it's like a winsock with ssl support, I never used this, so don't ask me how to use, read its documentation:

http://www.vbrad.com/pf.asp?p=source/src_winsock_less.htm

regards

Commented:
Also, this might be interesting for you

http://www.dart.com/samples/vb.asp#ssl
digitalwavIT Infrastructure Manager

Author

Commented:
Ok, I appreciate everyone's help. I've tried both methods and found that the webbrowser method may work better but there's a catch- the site I'm working with requires cookies and may need javascript support to make the initial logon. Can this control handle it and if so how? I can "browse" in the webbrowser control window, but cannot logon to the site.

Commented:
What you should do now, is utilize the proxy server scenario.

Point your internet explorer to use a a proxy of your own device that logs mime traffic...
log in to the site and ... stop, by capturing the mime headers and the post information (via a proxy log) of the login process, you can make up a custom form
that you generate in your visual basic and use in the same way as my first example.

The JavaScript is irrelevant, it really is a red herring, what you need is the correct DATA to travel between client and server,
the JavaScript just facilitates marshalling and manipulation of that data set, all of which you can do in your VB.

You may find, that once logged in a GUID is passed back from the server via a webpage and embedded in additional posts back to the server
to identify the client, I have encountered this many times, You will have to harness your parsing skills to find these and other embedded treats ;-)

It comes down do your data analysis skills now digitalWav. :-)

Good luck
digitalWav!

Commented:
P.S. the cookies you need will be revealed in the proxy logs as well.

Commented:
I have tought of another solution, which works similary to the winsock control, but better. I'm too tired now, I'll post it tomorrow if you are interested.

hey NeXus we are struggling for 200 points hahaha

Commented:
not wrong! what a hard guy to please!!! ;-)
digitalwavIT Infrastructure Manager

Author

Commented:
Oh come on guys...I'm just trying to learn something new! I have a goal! I hate programming without a goal and as you probably know documentation often time stinks!  How many points do you think it's worth so far? I can up it if you want!!

BUCHAS if you want to post the other method please do. I would like to award points today to you and NeXus. You've all  given me a great starting point and the more options and examples I have the better. I learn by example.


Thanks!!!
Commented:

WebBrowser1.Navigate "https://www.techdata.com/security/loginPage.aspx?txtUserID=" & txtUserName.Text & "&txtPassword=" & txtPassWord.Text '(perhaps it might need some others parameters!}

This way, the browser will send a GET to the server with your username and password, but they are just AN EXAMPLE!! you must know which parameters to pass to the login page
Commented:
My advise is take each webpage as a step.

1) navigate to the site.
2) have a look at the page source html, find the form that does the post, or the hyperlink that you need to follow, copy it, study it, understand it, make notes.
3) Log in, find the unique identifier that defines user server side state (guid or cookie), get the next page in the browser window do point 2 again.
4) keep doing this, untill you have the site data (forms - posts, hyperlinks - gets & parsed data) you need.

5) go back over the forms, and hyperlinks and data (POSTS & GETS) that you wrote down earlier.
6) construct these steps (make simplified web pages) in visual basic, replacing and variables in the data as you need.
7) execute each step (or web page) in the browser and parse the info coming back.

cheers!
digitalwavIT Infrastructure Manager

Author

Commented:
Thanks guys. I've learned a lot. As NeXus said, it's up to me to do some indepth research!!

Thanks!!!
digitalwavIT Infrastructure Manager

Author

Commented:
NeXus- what proxy server did you use to get your trace?

Commented:
Its one I wrote myself in C :-)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial