mIRC Home    About    Download    Register    News    Help

Print Thread
help with login script to webpage #267897 16/10/20 08:29 PM
Joined: Nov 2011
Posts: 16
B
Bast Online OP
Pikka bird
OP Online
Pikka bird
B
Joined: Nov 2011
Posts: 16
Can someone help me with a login script.

i have this.
Code
alias subc {
  echo -s *** Closing Cod.Stats
  sockclose cstats
  echo -s *** Opening Cod.Stats
  sockopen -e cstats my.callofduty.com 443
}

on *:sockopen:cstats: {
  sockwrite -n $sockname GET /api/papi-client/stats/cod/v1/title/mw/platform/battle/gamer/Ancientswede $+ % $+ 232802/profile/type/warzone HTTP/1.0
  sockwrite -n $sockname User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
  sockwrite -n $sockname Host: my.callofduty.com
  sockwrite -n $sockname Accept-Language: en-us
  sockwrite -n $sockname Accept: */*
  sockwrite -n $sockname
}

on *:sockread:cstats: {
  if ($sockerr) {
    echo -a Error.
    halt
  }
  else {
    var %temp
    sockread -f %temp
    echo -a %temp
  }
}


it works but i need to send the login/authenticated to the site so can i retrive the data, but i have no idea how to do that.

i need to send this
Code
POST Auth tokens
https://profile.callofduty.com/do_login?new_SiteId=cod
Obtain the auth tokens (atkn, rtkn) from the cookies of the response after triggering a login of a user. These tokens have a suspected lifetime of about 2 hours after which they have to be reobtained.

HEADERS
CookieXSRF-TOKEN={{XSRF-TOKEN}}
PARAMS
new_SiteIdcod
BODY formdata
username{{accountEmail}}
The e-mail address of your Activision account

password{{accountPassword}}
The password of your Activision account

remember_metrue
A boolean representing the option to save your login credentials

_csrf{{XSRF-TOKEN}}
The XSRF-TOKEN, needs to be obtained (or reobtained) if the reply throws a 403 Unauthorized error

Code
curl --location --request POST 'https://profile.callofduty.com/do_login?new_SiteId=cod' \
--header 'Cookie: XSRF-TOKEN={{XSRF-TOKEN}}' \
--form 'username={{accountEmail}}' \
--form 'password={{accountPassword}}' \
--form 'remember_me=true' \
--form '_csrf={{XSRF-TOKEN}}'


Code
GET CSRF-token
https://profile.callofduty.com/cod/login
Obtain a CSRF-token from the Call of Duty login form that we can send with our future requests. Without a CSRF-token in the cookies of our request headers we will be returned a 403 error (Unauthorized)



But as i said i have no idea how to send the stuff to the page so i can get the data, i know how to sort it afterwards, so if anyone can/want to help me with this it would be much appreciated.

Re: help with login script to webpage [Re: Bast] #267900 17/10/20 07:21 AM
Joined: Apr 2010
Posts: 947
F
FroggieDaFrog Offline
Hoopy frood
Offline
Hoopy frood
F
Joined: Apr 2010
Posts: 947
You can use $urlget() to do http requests.

Assuming your curl is correct you would do something such as:

Code
alias postit {

  // build the body as url-encoded form parameters
  bset -t &body 1 username={{accountEmail}}&password={{accountPassword}}&remember_me=true&_csrf={{XSRF-TOKEN}}

  // build a list of headers, seperated by crlf, inside a bvar:
  bset -t &headers 1 Content-Type: application/x-www-form-urlencoded $+ $crlf
  bset -t &headers -1 Content-Length: $bvar(&body, 0) $+ $crlf
  bset -t &headers -1 Cookie: XSRF-TOKEN={{XSRF-TOKEN}}

  // start the request
  noop $urlget(https://profile.callofduty.com/do_login?new_SiteId=cod, pb, &response, postit_response, &headers, &body)
}

alias postit_response {

  var %id = $1

  var %response_bvar = $urlget(%id).target

  // do something with %response_bvar
  echo -s >> $bvar(%response_bvar, 1-3000).text
}

Last edited by FroggieDaFrog; 17/10/20 07:22 AM.

I am SReject
My Stuff
Re: help with login script to webpage [Re: FroggieDaFrog] #267909 18/10/20 01:31 AM
Joined: Nov 2011
Posts: 16
B
Bast Online OP
Pikka bird
OP Online
Pikka bird
B
Joined: Nov 2011
Posts: 16
tank you. But i dont understand that code at all smile
And it throws me No such identifier: $urlget

But i have looked at it more and the login page is this one https://profile.callofduty.com/cod/login
wich i need to put in my mail and password.
then i need to request this site after https://www.callofduty.com/api/papi-client/stats/cod/v1/title/mw/platform/battle/gamer/Ancientswede%232802/profile/type/warzone
i have tried and googled it and cant find any answer at all.
But looks like im able to do a POST first or am i wrong?

Havent been tuching coding in 5 years and i never messed around with the sock thingy. smile

Last edited by Bast; 18/10/20 01:32 AM.
Re: help with login script to webpage [Re: Bast] #267910 18/10/20 04:38 AM
Joined: Jan 2004
Posts: 1,407
maroon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 1,407
Urlget was added in version 7.56, so if you're needing help for an older version, please mention your version when asking for help. Or, if able to upgrade, try that.

Last edited by maroon; 18/10/20 04:40 AM.
Re: help with login script to webpage [Re: maroon] #267911 18/10/20 07:09 AM
Joined: Nov 2011
Posts: 16
B
Bast Online OP
Pikka bird
OP Online
Pikka bird
B
Joined: Nov 2011
Posts: 16
o my bad,i was a couple of version off that. Did the update so im on the latest atm.
That code still shows me a
Code
Invalid parameters: $bvar (line 171, twitch.mrc)

Last edited by Bast; 18/10/20 07:11 AM.
Re: help with login script to webpage [Re: Bast] #267912 18/10/20 07:34 PM
Joined: Jan 2004
Posts: 1,296
L
Loki12583 Online
Hoopy frood
Online
Hoopy frood
L
Joined: Jan 2004
Posts: 1,296
Your problem is likely because there was no response data. This can happen based on the http status code. You can echo $urlget(%id).reply to see the headers.

But I think I've identified a problem using $urlget for this purpose. When you finally get the correct POST sent, the response is a 302 redirect which mIRC follows and eventually responds with a 200 OK. But the original response headers with the 302 are no longer available so you cannot retrieve the auth cookies. It took me a while to realize this was the problem rather than something I was doing wrong.

mIRC needs to add the ability not to follow redirects; I could imagine other ways to work around this but that's probably the easiest. Until this is added you'll need to use raw sockets, use curl to obtain these cookies, or use another script like JSON-For-Mirc.

Edit: Looks like jsonformirc also follows redirects after a POST?

Last edited by Loki12583; 18/10/20 09:53 PM.
Re: help with login script to webpage [Re: Loki12583] #267913 18/10/20 08:23 PM
Joined: Nov 2011
Posts: 16
B
Bast Online OP
Pikka bird
OP Online
Pikka bird
B
Joined: Nov 2011
Posts: 16
i get a 403 Respons.
But i have tried like alot of different login path since it seems to be multiple adresses, byt they all give me the same respons.
So im guessing im getting to the wrong page?

well it beats me since i have no idea to tackle this problem. The code to login should be good since its the same person who has coded the call of duty stats plugin for discord and he has documented the login process here

Re: help with login script to webpage [Re: Bast] #267915 18/10/20 11:38 PM
Joined: Jan 2004
Posts: 1,296
L
Loki12583 Online
Hoopy frood
Online
Hoopy frood
L
Joined: Jan 2004
Posts: 1,296
I have a proof-of-concept working: HERE

Currently it's using my old script for custom sockets and JSON-For-Mirc

I left in all the test functions and debug text. /cod.login.jfm and /cod.login.urlget both result in a 200 OK when I expect to receive a 302 Temporary Redirect.

Cookie handling in the script will need to be improved regardless of which socket method is used.

Re: help with login script to webpage [Re: Loki12583] #267916 Yesterday at 01:52 AM
Joined: Nov 2011
Posts: 16
B
Bast Online OP
Pikka bird
OP Online
Pikka bird
B
Joined: Nov 2011
Posts: 16
wow thats super awesome of you.

if i do /cod.stats it shows me this

Code
url https://my.callofduty.com/api/papi-client/stats/cod/v1/title/mw/platform/battle/gamer/Ancientswede%232802/profile/type/warzone
redirect
method post
type binvar
target &response
alias urlget.callback
id 1046
state fail
size 0
resume 0
rcvd 0
time 469
reply


/cod.login i just get the * /echo: insufficient parameters (line 86, script4.mrc)

so in what way should i call the script? i have set the password and email in the vars.

Re: help with login script to webpage [Re: Bast] #267917 Yesterday at 02:27 AM
Joined: Jan 2004
Posts: 1,407
maroon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2004
Posts: 1,407
The echo error is caused when there's a blank line or a line containing only spaces. You can either do checking to avoid echoing 'nothing', or have a prefix at the front of the echo.

echo -a %temp

would change to one of these:

echo -a >>: %temp
if ($remove(%temp,$chr(32)) != $null) echo -a %temp

Re: help with login script to webpage [Re: maroon] #267918 Yesterday at 02:56 AM
Joined: Jan 2004
Posts: 1,296
L
Loki12583 Online
Hoopy frood
Online
Hoopy frood
L
Joined: Jan 2004
Posts: 1,296
The error on that specific line indicates no cookies were stored.

Did you also install the JSON-For-mIRC script? You'll want that anyway to parse the json responses.

If you enter these commands do they produce real values? Don't post the actual cookie values here they could be used to access your account. You should be getting a lot of debug text in your current window while these are executing.

Code
//echo -ag token: $cod.token
//echo -ag cookies: $cod.cookies


Edit:
Hopefully you can get the login working. I added a new function to cache and print some stats:
Code
/cod.login
/cod.stats.display

Username: Ancientswede#2802
Level: 153
Kills: 64154


Last edited by Loki12583; Yesterday at 03:54 AM.
Re: help with login script to webpage [Re: Loki12583] #267920 Yesterday at 04:07 AM
Joined: Nov 2011
Posts: 16
B
Bast Online OP
Pikka bird
OP Online
Pikka bird
B
Joined: Nov 2011
Posts: 16
I did mess up before it seems like.
If i do a /cod.login now it shows me alot of text
Code
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
Content-Length: 431
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Language: en
Date: Mon, 19 Oct 2020 04:45:11 GMT
Connection: close
X-Activision-Regioncode: AB
Set-Cookie:ALOT.OF.TEXT
2
2 :: _abck=ALOT.OF.TEXT
2 :: Domain=.callofduty.com; Path=/; Expires=Tue, 19 Oct 2021 04:45:11 GMT; Max-Age=31536000; Secure

-
_abck=ALOT.OF.TEXT-1;


if i do
//echo -ag token: $cod.token
//echo -ag cookies: $cod.cookies

Code
token: ALOT.OF.TEXTk
cookies: _abck=ALOT.OF.TEXT;


on cod.stats i get

Code
url https://my.callofduty.com/api/papi-client/stats/cod/v1/title/mw/platform/battle/gamer/%232802/profile/type/warzone
redirect
method post
type binvar
target &response
alias urlget.callback
id 1065
state ok
size 0
resume 0
rcvd 148
time 1141
reply HTTP/1.1 200 OK
Content-Type: application/json
Expires: Mon, 19 Oct 2020 05:48:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 19 Oct 2020 05:48:59 GMT
Connection: keep-alive
Set-Cookie: API_CSRF_TOKEN=07cbdb71-3fbf-4ab3-bc62-80a612c159c9; Secure; SameSite=Strict; Path=/


response {"status":"error","data":{"type":"com.activision.mt.common.stdtools.exceptions.NoStackTraceException","message":"Not permitted: not authenticated"}}





btw, the remember me thing in the code is that something that need to be there for the cookie? caus its no such box on the login page which i asume its for?

Last edited by Bast; Yesterday at 05:49 AM.
Re: help with login script to webpage [Re: Bast] #267924 Yesterday at 09:55 PM
Joined: Dec 2002
Posts: 205
T
Talon Offline
Fjord artisan
Offline
Fjord artisan
T
Joined: Dec 2002
Posts: 205
You can be given multiple cookies, all on individual "Set-Cookie:" header lines. They normally have more information than what you're showing... You can't pass back an identical cookie for this reason, there's a proper protocol to follow.

For instance:

Set-Cookie: item=value;Max-Age=N;Path=/

With the provided information, we have a cookie "item" with the value of "value" which expires at age N, and this cookie applies to a Path relevant to the root directory "/".

If we made a request which applies to this cookies path, we must return this cookie within our own request header, minus the additional information. If our request path does NOT apply to the relative cookies acceptable path, this cookie should NOT be relayed, but in this cause, the path is "/" which is the root directory, so all paths "/some/other/location/etc.." would apply, so our response would look something like:

Cookie: item=value

Now what if we're delivered multiple cookies that all apply?
like:

Set-Cookie: item=value;Max-Age=N;Path=/
Set-Cookie: item2=value2;Max-Age=N;Path=/

Well now we must combine our request header cookies into a return (although I think it's also possible to submit multiple cookie lines too, haven't read up on http/1.1 protocol in a while)

Which would look something like:

Cookie: item=value; item2=value2

Your Regex capture group appears to not be greedy and find up-to the first ";" and include this within the capture, I do believe the last relayed cookie should not end in a semi-colon.

I've tested this locally and watched the response headers from both Firefox and Chrome, and this is how they both appear to re-represent a stored cookie string. I haven't exploited deliberately sending a crazy amount of cookies to see how it handles what can fit in a "Cookie:" header line, to witness how it might break-up such a long string.

Firefox Test:
Code
GET /cp HTTP/1.1
Host: xxxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://xxxx/cp/
Cookie: ClientID=xxxx; OtherData=xxxx
If-Modified-Since: Fri, 09 Mar 2018 02:34:29 GMT
Cache-Control: max-age=0


Not sure if this could be a culprit or not. Also, the value's should be unpacked (uri-compliant, the whole + for space, %XX for illegal characters, etc..) but I do believe you aren't re-packing the value from the httpd request response anyways, but that was another thought I had.

I've never used JSON-4-mIRC so I can't help much beyond that, but I have done plenty of API-related things dealing with cookies over http/https with raw sockets, long before the existance of json-4-mirc and $urlget. It's not too terribly difficult if you understand http/1.1 protocol, which is quite an extensive RFC read.

Also you've posted your response as "A-LOT-OF-TEXT" which makes me wonder if you might be getting any line too long errors? maybe you should be hadding these to a table with -b and saving a binvar? If you go that route, make sure to noop $hget(table,item,&bvar) to load it up, then you could /bcopy whatever data you wish to append, then once again /hadd -b it back to the table, to keep extending your cookie tokenized list.

Re: help with login script to webpage [Re: Talon] #267925 23 hours ago
Joined: Nov 2011
Posts: 16
B
Bast Online OP
Pikka bird
OP Online
Pikka bird
B
Joined: Nov 2011
Posts: 16
thanks Talon, But i dint understand anything of that cry

i just want to login to one page then its going to redirect me to the api page, never thought that would be so hard smile

maybe i have to look into a php script that can output a txt file or something instead.

Last edited by Bast; 23 hours ago.
Re: help with login script to webpage [Re: Bast] #267926 23 hours ago
Joined: Jan 2004
Posts: 1,296
L
Loki12583 Online
Hoopy frood
Online
Hoopy frood
L
Joined: Jan 2004
Posts: 1,296
In the remote editor, in the variable tab do you have %username and %password set? Originally my comments were missing the % in the set commands.

I have not seen you post anything with the csrf token, this may indicate json-for-mirc is not working. You have "JSON For Mirc.js" in the same folder as the mrc script? Can you enter this and reply with the response?

Code
//echo -ag $jsonversion :: $cod.token


But the script is working. The cookie regex is fine, it's global //g and I loop over the set-cookie values to include them in the next request. SReject is looking into changing json-for-mirc to disable redirects. I have made this change locally and can now skip my custom sockets in lieu of an entire json-for-mirc approach.

Re: help with login script to webpage [Re: Loki12583] #267927 22 hours ago
Joined: Nov 2011
Posts: 16
B
Bast Online OP
Pikka bird
OP Online
Pikka bird
B
Joined: Nov 2011
Posts: 16
Yes i did set the username and password and i have done an ¤echo to make sure its there.
and yes i have both JSON files in the mirc dir

i get this on your command

Code
SReject/JSONForMirc v2.0.4000 :: UFSRAnlnfH7OI8P_1r_6iwxop5T22E7iYdLlcEAebhIij7Ky-c7rKk2iT8dJyjAk

Last edited by Bast; 22 hours ago.
Re: help with login script to webpage [Re: Bast] #267933 8 hours ago
Joined: Jan 2004
Posts: 1,296
L
Loki12583 Online
Hoopy frood
Online
Hoopy frood
L
Joined: Jan 2004
Posts: 1,296
SReject has updated his script to support redirect disabling, you'll have to grab the master files directly:
JSON For mIRC.mrc
JSON For mIRC.js

I have updated my script accordingly, $urlget and custom sockets are no longer used:
CallOfDuty.mrc

It will now log you in automatically upon your first API access if cookies are not detected. Still need to add support for cookie expiration and failure handling.

Just restart mIRC to start fresh and enter /cod.stats.show Ancientswede#2802

Last edited by Loki12583; 8 hours ago.