I'm trying to log into a site and afterwards to send a SMS (you can do that for free by the site - it's nothing more than just enter some text into some fields and 'submit'). I've used wireshark to track some of the post/get requests that my machine has been exchanging with the server - when using the browser.
I'd like to paste some of my Java code:
URL url;
String urlP = "maccount=myRawUserName7&" +
"mpassword=myRawPassword&" +
"redirect_http=http&" +
"submit=........";
String urlParameters = URLEncoder.encode(urlP, "CP1251");
HttpURLConnection connection = null;
// Create connection
url = new URL("http://www.mtel.bg/1/mm/smscenter/mc/sendsms/ma/index/mo/1");
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
//I'm not really sure if these RequestProperties are necessary
//so I'll leave them as a comment
// connection.setRequestProperty("Content-Type",
// "application/x-www-form-urlencoded");
// connection.setRequestProperty("Accept-Charset", "CP1251");
// connection.setRequestProperty("Content-Length",
// "" + Integer.toString(urlParameters.getBytes().length));
// connection.setRequestProperty("Content-Language", "en-US");
connection.setUseCaches(false);
connection.setDoInput(true);
connection.setDoOutput(true);
// Send request
DataOutputStream wr = new DataOutputStream(
connection.getOutputStream());
wr.writeBytes(urlParameters);
wr.flush();
wr.close();
String headerName[] = new String[10];
int count = 0;
for (int i = 1;
(headerName[count] = connection.getHeaderFieldKey(i)) != null; i++) {
if (headerName[count].equals("Set-Cookie")) {
headerName[count++] = connection.getHeaderField(i);
}
}
//I'm not sure if I have to close the connection here or not
if (connection != null) {
connection.disconnect();
}
//the code above should be the login part
//-----------------------------------------
//this is copy-pasted from wireshark's info.
String smsParam="from=men&" +
"sender=0&" +
"msisdn=359886737498&" +
"tophone=0&" +
"smstext=tova+e+proba%21+1.&" +
"id=&" +
"sendaction=&" +
"direction=&" +
"msgLen=84";
url = new URL("http://www.mtel.bg/moyat-profil-sms-tsentar_3004/" +
"mm/smscenter/mc/sendsms/ma/index");
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Cookie", headerName[0]);
connection.setRequestProperty("Cookie", headerName[1]);
//conn
urlParameters = URLEncoder.encode(urlP, "CP1251");
connection.setUseCaches(false);
connection.setDoInput(true);
connection.setDoOutput(true);
wr = new DataOutputStream(
connection.getOutputStream());
wr.writeBytes(urlParameters);
wr.flush();
wr.close();
//I'm not rly sure what exactly to do with this response.
// Get Response
InputStream is = connection.getInputStream();
BufferedReader rd = new BufferedReader(new InputStreamReader(is,
"CP1251"));
String line;
StringBuffer response = new StringBuffer();
while ((line = rd.readLine()) != null) {
response.append(line);
response.append('\r');
}
rd.close();
System.out.println(response.toString());
if (connection != null) {
connection.disconnect();
}
so that's my code so far. When I execute it ... I don't receive any text on my phone - so it clearly doesn't work as supposed to.
I would appreciate any guidance or remarks.
Is my cookie handling wrong? Is my login method wrong? Do I pass the right URLs. Do I encode and send the parameter string correctly?
Is there any addition valuable data from these POSTs I should take?
P.S. just in any case let me tell you that the username and password is not real. For security reasons I don't want to give valid ones. (I think this is appropriate approach)
Here are the POST requests:
POST /1/mm/auth/mc/auth/ma/index/mo/1 HTTP/1.1
Host: www.mtel.bg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.mtel.bg/1/mm/smscenter/mc/sendsms/ma/index/mo/1
Cookie: __utma=209782857.541729286.1349267381.1349270269.1349274374.3; __utmc=209782857; __utmz=209782857.1349267381.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=28%7C40; PHPSESSID=q0mage2usmv34slcv3dmd6t057; __utmb=209782857.3.10.1349274374
Content-Type: multipart/form-data; boundary=---------------------------151901450223722
Content-Length: 475
-----------------------------151901450223722
Content-Disposition: form-data; name="maccount"
myRawUserName
-----------------------------151901450223722
Content-Disposition: form-data; name="mpassword"
myRawPassword
-----------------------------151901450223722
Content-Disposition: form-data; name="redirect_https"
http
-----------------------------151901450223722
Content-Disposition: form-data; name="submit"
........
-----------------------------151901450223722--
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 Oct 2012 14:26:40 GMT
Content-Type: text/html; charset=Utf-8
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /moyat-profil-sms-tsentar_3004/mm/smscenter/mc/sendsms/ma/index
Content-Length: 0
The above text is vied with wireshark's follow tcp stream when pressing the log in button.
POST /moyat-profil-sms-tsentar_3004/mm/smscenter/mc/sendsms/ma/index HTTP/1.1
*same as the above ones*
Referer: http://www.mtel.bg/moyat-profil-sms-tsentar_3004/mm/smscenter/mc/sendsms/ma/index
Cookie: __utma=209782857.541729286.1349267381.1349270269.1349274374.3; __utmc=209782857; __utmz=209782857.1349267381.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=29%7C40; PHPSESSID=q0mage2usmv34slcv3dmd6t057; __utmb=209782857.4.10.1349274374
Content-Type: application/x-www-form-urlencoded
Content-Length: 147
from=men&sender=0&msisdn=35988888888&tophone=0&smstext=this+is+some+FREE+SMS+text%21+100+char+per+sms+only%21&id=&sendaction=&direction=&msgLen=50
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 Oct 2012 14:31:38 GMT
Content-Type: text/html; charset=Utf-8
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /moyat-profil-sms-tsentar_3004/mm/smscenter/mc/sendsms/ma/success/s/1
Content-Length: 0
The above text is when you press the send button.