Unsolved QtNetworkRequest, GET request on a local GUI interface
-
i'm using QNetworkRequest in order to issue a simple GET request to my router interface. Basically if the post data is empty i issue a GET otherwise i will issue a POST. Let's stick with the GET
QString url=ui->lineEdit_url->text(); QString paras=ui->pTextEdit_paras->toPlainText(); qDebug()<< "paras" << paras; QByteArray post_data; post_data.append(paras); QNetworkRequest request = QNetworkRequest(QUrl(url)); request.setRawHeader("Content-Type", "application/x-www-form-urlencoded"); if(post_data.isEmpty()) { //nam->head(request); nam->get(request); } else { nam->post(request,post_data); } ... connect(nam, SIGNAL(finished(QNetworkReply*)), this, SLOT(finished(QNetworkReply*))); ... void HttppostWindow::finished(QNetworkReply *reply) { if(reply->error() == QNetworkReply::NoError) { ui->textEdit_result->setText(QObject::tr(reply->readAll())); } else { ui->textEdit_result->setPlainText(reply->errorString()); } }
Right now the local interface asks for a login and a pw. The problem is that the retrieved text (login page) with the GET command is the one that the interface would show if the user would have insterted a wrong password (autentication failed please try again and so on). But it is clear that i'm not passing any parameter to the site.
Any ideas?
-
@itsmaxdd
Perhaps because it first requires a login to go further and thus get fetches login failed page.
Connect to authenticationRequired signal, do authentication, and then get the page. -
Let me explain how the auth work.
When there is a GET request, the interface (or browser, i don't know who, i need to sniff more) sends a cookie in the header, its values is xAuth_SESSION_ID=XXXXXXXXXXXXXXX.
The interface is using this Cookie for antiCSRF mechanisms.
In particular in the POST request i sniffed with fiddler which is used by the browser to log in, it can be seen that in the body there is the following content: rn=XXXXXXXXXXXXXXX&hidepw=YYYYYYYYYYYYYYYYYrn is equal to the xAuth_SESSION_ID value while hidepw is the login pw which pass through a sort of MD5 function (available to me).
Do you believe the authenticator would be able to solve the problem?
Who is usually sending an xAuth_SESSION_ID in the header?I'll be back with more info in two days
Regards, -
@itsmaxdd If you have the username and password you should try by the authenticator.
-
@p3c0 How can the authenticator know that it needs the branded MD5 script and that particular content format? I don't think the local interface is implementing an http basic auth
-
Hi @itsmaxdd . Sorry for the late reply. Well then I think another way perhaps could be creating a
QNetworkRequest
and setting raw headers defined by the server. Then you can create aQNAM
object and theput
this request. If the server expects some data with the request then you can createQByteArray
of the required data and thenpost
.