[C#] POST request with other data at same URL

11/25/2014 21:31 Cheating-nl#1
- ALL FIXED
11/25/2014 22:58 Shawak#2
"doesn't seem to work" isn't a good error description.

Are you using a CookieContainer in your requests?
Also, please provide some more background information and code.
11/25/2014 23:18 Cheating-nl#3
Quote:
Originally Posted by Shawak View Post
"doesn't seem to work" isn't a good error description.

Are you using a CookieContainer in your requests?
Also, please provide some more background information and code.
Yes I'm using a CookieContainer.

The request seems to be made, because I'm viewing the responsestream in a webbrowsercontrol now.
However it seems like it's not gettiing verified or something like that. ?Caching problem?

The variabeles, which I give the value's of the token to read from the source seem to be the right ones.

Some of my code:

Code:
            //Get reloadToken & RTVT
            HttpWebRequest tokReq = (HttpWebRequest)HttpWebRequest.Create(marketUrl);
            tokReq.CookieContainer = cookieContainer;
            tokReq.Method = "GET";
            tokReq.CachePolicy = noCachePolicy;

            //Grabbing source
            using (StreamReader sfreader = new StreamReader(tokReq.GetResponse().GetResponseStream()))
            {
                marketsource = sfreader.ReadToEnd();
            }

            //Regex pattern's for extracting the token and RTVT from marketsource
            string tokenpattern = @"(?:reloadToken.+value="")(?<Token>[^\""]+)";
            string rtvtpattern = @"(?:RTVT.+value=')(?<RTVT>[^']+)";

            //Extracting reloadToken and RTVT from source
            string reloadToken = Regex.Match(marketsource, tokenpattern).Groups["Token"].Value;
            string RTVT = Regex.Match(marketsource, rtvtpattern).Groups["RTVT"].Value;
Does a GET request at the page to store the source in a variable, then it looks with RegEx for the reloadToken and RTVT and stores those in a variable too.

Code:
bidPostData = String.Format("reloadToken=" + reloadToken + "&setBid=true&ItemID=" + ItemID + "&ItemType=" + ItemType + "&currentSelecter=all&bidAmount=" + bidAmount + "&RTVT=" + RTVT + "&ajaxAction=biddOnItem");



            HttpWebRequest bidrequest = (HttpWebRequest)HttpWebRequest.Create(bidUrl);
            bidrequest.CookieContainer = cookieContainer;
            bidrequest.Method = "POST";
            bidrequest.CachePolicy = noCachePolicy;
            bidrequest.KeepAlive = true;
            bidrequest.ContentLength = bidPostData.Length;
            bidrequest.ContentType = "application/x-www-form-urlencoded";
            bidrequest.AllowAutoRedirect = true;
            bidrequest.UserAgent = "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36";


            ASCIIEncoding encoding = new ASCIIEncoding();
            byte[] loginDataBytes = encoding.GetBytes(bidPostData);
            bidrequest.ContentLength = loginDataBytes.Length;
            Stream stream = bidrequest.GetRequestStream();
            stream.Write(loginDataBytes, 0, loginDataBytes.Length);

            //response
            HttpWebResponse bidResp = (HttpWebResponse)bidrequest.GetResponse();
            Stream datastream = bidResp.GetResponseStream();
            StreamReader reader = new StreamReader(datastream);

            webBrowser1.DocumentText = reader.ReadToEnd();

            reader.Close();
            datastream.Close();
            bidResp.Close();
Does a POST request at the url and posts the required data, it works. But doing it again (a second time, I'm looking every second with a timer which time it is and when the time is right it does the request again, like once an hour). The second (same) request (but with some different info, reloadToken and RTVT) doesn't have success. And I can't find out why that's happening.
11/27/2014 18:02 Mostey#4
Have you considered that the tokens may change on every request? The page may require you to always send the last token set generated by the page.

Well, what HTTP status code do you get on the second post? I'm kinda sure the server will throw a 403 forbidden if it really expects you to send the last token and you do not.
11/27/2014 21:10 Cheating-nl#5
I'm using a GET request to find the tokens before every POST request, so every POST request it contains fresh tokens. That's why I find this so strange, because the tokens must be the right tokens.
11/27/2014 21:14 Mostey#6
Quote:
Originally Posted by Mostey View Post
Well, what HTTP status code do you get on the second post? I'm kinda sure the server will throw a 403 forbidden if it really expects you to send the last token and you do not.
Get yourself a web debugger such as Fiddler4.
11/27/2014 21:19 Cheating-nl#7
Quote:
Originally Posted by Mostey View Post
Get yourself a web debugger such as Fiddler4.
I have, and the request is just accepted it seems.
11/27/2014 21:29 Mostey#8
Quote:
Originally Posted by Cheating-nl View Post
I have, and the request is just accepted it seems.
It seems? Just get us the response payload, the HTTP status code and other related information to your requests.
11/27/2014 21:49 Cheating-nl#9
First request:
Code:
POST http://gb1.seafight.bigpoint.com/ajax.es HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
Referer: http://gb1.seafight.bigpoint.com/index.es?action=internalMarketplace&subact=Elite
Host: gb1.seafight.bigpoint.com
Cookie: sfrfsid=7a567b395a76273607e13add6887de22; aid=901; bptid=cceb5f194b860dc4f792ec102427d07b; acr=14; aid_fallback=901; aid_fallback_info=935; bpLandingPage_fallback=http%253A%252F%252Fgb1.seafight.bigpoint.com%252FProjectApi%252FAuthentication%253FauthUser%253D14%2526token%253DY_oYkIFEOh5EB7r1yh7ojxu7ka4Ei1_ck27lbRxW93kgWO7B-ih5x7JsEnOb7zCGpGxEHoOvOaVsZ3AKrsa3sd5Zo--LXXbdmd1usLAnv56A_DjrvD6BTdxLfi1NWOQ5QlC4n9mrbRu8xa6hEzpVi21NPJQbSdm0T0Wm3E-djf-gia3U-Ytg3h-MxUSMlU1xWXa9PQ-EhDR39dB1AeOLCkh8T-fPLt47JOI-Oxb_3f4grz0mVnVbhHue0auuRO9BIoDABAWpo5q70IooOoVguDiyrrHyuGHsEbTVmz1fkWZ-Z4QztPVHyBxtl2LxJg1wCsmdlR9AeTGB1wJSn1FWxjE8i5pelPwtAMT9Ww83hffiToIqOKv0P9sDkgjat5Pj9FOHD3EVuqtGqJ9ricaDZOFfgbLY_Wq4nv_frlFbdy7iLksYAG8Imo8K7DxSMdQpR8Ii-d3JjBAEIvI4gRJ0nyRkQyX4aypnlBj4I6Kx-G3iG1pEUo013EryL7kqZiYF5J3ds_5zRWDGP__AGJrc-yrODjdGshoKARfnsybknpGR7omc3UAPYvkfsOvja5ih6YzYZzdPwdV0wBbhqXivTo0yF-I6smPmFBha7q4R0uY0DK_LDIF5Mz8FD0C6V5U8hcP31A_Q7UFO9pyVjOSawimY3ZX8_A2yTKNUp0pBIZQMlR5gZ7Mx
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 175
Expect: 100-continue

reloadToken=20a1fb27da41888e1930bb6d7ddb5f29&setBid=true&ItemID=4&ItemType=Currency&currentSelecter=all&bidAmount=2&RTVT=main7ddf0bf139b71fed8529d09d7a77&ajaxAction=biddOnItem
Second request:
Code:
POST http://gb1.seafight.bigpoint.com/ajax.es HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
Referer: http://gb1.seafight.bigpoint.com/index.es?action=internalMarketplace&subact=Elite
Host: gb1.seafight.bigpoint.com
Cookie: RTVTmain=mainf48cee3b6b15789f58299871ee15; sfrfsid=7a567b395a76273607e13add6887de22; aid=901; bptid=cceb5f194b860dc4f792ec102427d07b; acr=14; aid_fallback=901; aid_fallback_info=935; bpLandingPage_fallback=http%253A%252F%252Fgb1.seafight.bigpoint.com%252FProjectApi%252FAuthentication%253FauthUser%253D14%2526token%253DY_oYkIFEOh5EB7r1yh7ojxu7ka4Ei1_ck27lbRxW93kgWO7B-ih5x7JsEnOb7zCGpGxEHoOvOaVsZ3AKrsa3sd5Zo--LXXbdmd1usLAnv56A_DjrvD6BTdxLfi1NWOQ5QlC4n9mrbRu8xa6hEzpVi21NPJQbSdm0T0Wm3E-djf-gia3U-Ytg3h-MxUSMlU1xWXa9PQ-EhDR39dB1AeOLCkh8T-fPLt47JOI-Oxb_3f4grz0mVnVbhHue0auuRO9BIoDABAWpo5q70IooOoVguDiyrrHyuGHsEbTVmz1fkWZ-Z4QztPVHyBxtl2LxJg1wCsmdlR9AeTGB1wJSn1FWxjE8i5pelPwtAMT9Ww83hffiToIqOKv0P9sDkgjat5Pj9FOHD3EVuqtGqJ9ricaDZOFfgbLY_Wq4nv_frlFbdy7iLksYAG8Imo8K7DxSMdQpR8Ii-d3JjBAEIvI4gRJ0nyRkQyX4aypnlBj4I6Kx-G3iG1pEUo013EryL7kqZiYF5J3ds_5zRWDGP__AGJrc-yrODjdGshoKARfnsybknpGR7omc3UAPYvkfsOvja5ih6YzYZzdPwdV0wBbhqXivTo0yF-I6smPmFBha7q4R0uY0DK_LDIF5Mz8FD0C6V5U8hcP31A_Q7UFO9pyVjOSawimY3ZX8_A2yTKNUp0pBIZQMlR5gZ7Mx
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 179
Expect: 100-continue

reloadToken=55459aec3b1fed39e3ca7e4ced2d3299&setBid=true&ItemID=186&ItemType=Ammunition&currentSelecter=all&bidAmount=2&RTVT=maind3b56784546e9dab704a7cf797cc&ajaxAction=biddOnItem
First Response:
Code:
HTTP/1.1 200 OK
Date: Thu, 27 Nov 2014 20:44:00 GMT
Server: Apache
Set-Cookie: sfrfsid=7a567b395a76273607e13add6887de22; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="CAO PSA OUR"
Set-Cookie: aid=901; expires=Sat, 27-Dec-2014 20:44:00 GMT; path=/
Set-Cookie: aip=deleted; expires=Wed, 27-Nov-2013 20:43:59 GMT; path=/
Set-Cookie: aig=deleted; expires=Wed, 27-Nov-2013 20:43:59 GMT; path=/
Set-Cookie: acr=14; expires=Sat, 27-Dec-2014 20:44:00 GMT; path=/
Set-Cookie: aid=901; expires=Sat, 27-Dec-2014 20:44:00 GMT; path=/
Set-Cookie: aip=deleted; expires=Wed, 27-Nov-2013 20:43:59 GMT; path=/
Set-Cookie: aig=deleted; expires=Wed, 27-Nov-2013 20:43:59 GMT; path=/
Set-Cookie: acr=14; expires=Sat, 27-Dec-2014 20:44:00 GMT; path=/
Set-Cookie: RTVTmain=mainf48cee3b6b15789f58299871ee15
Vary: Accept-Encoding,User-Agent
Content-Length: 1327
Content-Type: text/html; charset=UTF-8
Content-Language: es
X-XTM-Node: pool-seafight-01-www-034229
Connection: Close

{"crystals":"1","pearls":"3.000","gold":"20.617","reloadtoken":"4407ca4e3b28c03b28b87dd1539db48a","state":"OK","message":null,"output":"","divupdates":{"maxBidder_CURRENCY_4":"\u2020\u0e56\u06e3\u06dc\u2666\u02d9\u0387\u0660\u2022zz777\u2022\u0660\u0387\u02d9\u2666\u2020","maxBidder_SHIPEXTENSIONS_7":"BlackBaron","maxBidder_ACTIONITEMS_30":"DutchyHunter","maxBidder_ACTIONITEMS_38":"Mina-S.F.U..","maxBidder_ACTIONITEMS_43":"zoki_uk","maxBidder_SAILS_50":"Leopar.!","maxBidder_AMMUNITION_51":"Bawdyn","maxBidder_NONPERISHABLEGOODS_51":"DutchyHunter","maxBidder_SHIPEXTENSIONS_51":"=Marijuana61=","maxBidder_WEAPONS_51":"-CaptainTR-","maxBidder_NONPERISHABLEGOODS_52":"\u2020\u0e56\u06e3\u06dc\u2666\u02d9\u0387\u0660\u2022zz777\u2022\u0660\u0387\u02d9\u2666\u2020","maxBidder_NONPERISHABLEGOODS_65":"\u2020\u0e56\u06e3\u06dc\u2666\u02d9\u0387\u0660\u2022zz777\u2022\u0660\u0387\u02d9\u2666\u2020","maxBidder_HARPOONS_75":"zoki_uk","maxBidder_NONPERISHABLEGOODS_77":"swissblade","maxBidder_AMMUNITION_120":"\u2020\u0e56\u06e3\u06dc\u2666\u02d9\u0387\u0660\u2022zz777\u2022\u0660\u0387\u02d9\u2666\u2020","maxBidder_WEAPONS_121":"\u4e42_\u3024.\u0e56\u06e3\u06dc\u0158\u01b1\u0141\u0128\u0419\u0193.\u3024_\u4e42","maxBidder_AMMUNITION_186":"\u4e42_\u3024.\u0e56\u06e3\u06dc\u0158\u01b1\u0141\u0128\u0419\u0193.\u3024_\u4e42"}}
Second Response:

Code:
HTTP/1.1 200 OK
Date: Thu, 27 Nov 2014 20:44:06 GMT
Server: Apache
Set-Cookie: sfrfsid=7a567b395a76273607e13add6887de22; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="CAO PSA OUR"
Set-Cookie: aid=901; expires=Sat, 27-Dec-2014 20:44:06 GMT; path=/
Set-Cookie: aip=deleted; expires=Wed, 27-Nov-2013 20:44:05 GMT; path=/
Set-Cookie: aig=deleted; expires=Wed, 27-Nov-2013 20:44:05 GMT; path=/
Set-Cookie: acr=14; expires=Sat, 27-Dec-2014 20:44:06 GMT; path=/
Set-Cookie: aid=901; expires=Sat, 27-Dec-2014 20:44:06 GMT; path=/
Set-Cookie: aip=deleted; expires=Wed, 27-Nov-2013 20:44:05 GMT; path=/
Set-Cookie: aig=deleted; expires=Wed, 27-Nov-2013 20:44:05 GMT; path=/
Set-Cookie: acr=14; expires=Sat, 27-Dec-2014 20:44:06 GMT; path=/
Set-Cookie: RTVTmain=main0607cd8ed5f93edb682b35d90762
Vary: Accept-Encoding,User-Agent
Content-Length: 1327
Content-Type: text/html; charset=UTF-8
Content-Language: es
X-XTM-Node: pool-seafight-01-www-042103
Connection: Close

{"crystals":"1","pearls":"3.000","gold":"20.617","reloadtoken":"672a14a2bbd096c8819a249699af6a3c","state":"OK","message":null,"output":"","divupdates":{"maxBidder_CURRENCY_4":"\u2020\u0e56\u06e3\u06dc\u2666\u02d9\u0387\u0660\u2022zz777\u2022\u0660\u0387\u02d9\u2666\u2020","maxBidder_SHIPEXTENSIONS_7":"BlackBaron","maxBidder_ACTIONITEMS_30":"DutchyHunter","maxBidder_ACTIONITEMS_38":"Mina-S.F.U..","maxBidder_ACTIONITEMS_43":"zoki_uk","maxBidder_SAILS_50":"Leopar.!","maxBidder_AMMUNITION_51":"Bawdyn","maxBidder_NONPERISHABLEGOODS_51":"DutchyHunter","maxBidder_SHIPEXTENSIONS_51":"=Marijuana61=","maxBidder_WEAPONS_51":"-CaptainTR-","maxBidder_NONPERISHABLEGOODS_52":"\u2020\u0e56\u06e3\u06dc\u2666\u02d9\u0387\u0660\u2022zz777\u2022\u0660\u0387\u02d9\u2666\u2020","maxBidder_NONPERISHABLEGOODS_65":"\u2020\u0e56\u06e3\u06dc\u2666\u02d9\u0387\u0660\u2022zz777\u2022\u0660\u0387\u02d9\u2666\u2020","maxBidder_HARPOONS_75":"zoki_uk","maxBidder_NONPERISHABLEGOODS_77":"swissblade","maxBidder_AMMUNITION_120":"\u2020\u0e56\u06e3\u06dc\u2666\u02d9\u0387\u0660\u2022zz777\u2022\u0660\u0387\u02d9\u2666\u2020","maxBidder_WEAPONS_121":"\u4e42_\u3024.\u0e56\u06e3\u06dc\u0158\u01b1\u0141\u0128\u0419\u0193.\u3024_\u4e42","maxBidder_AMMUNITION_186":"\u4e42_\u3024.\u0e56\u06e3\u06dc\u0158\u01b1\u0141\u0128\u0419\u0193.\u3024_\u4e42"}}
11/27/2014 22:08 Mostey#10
And where is the response?
11/27/2014 22:12 Cheating-nl#11
Quote:
Originally Posted by Mostey View Post
And where is the response?
I've edited my post.
11/28/2014 12:18 Mostey#12
The reload tokens do not match. You are sending the request providing the token from an unknown source. Then, the server replies to this request and also provides a reload token in the response. You may need to send the token supplied by the server in the next request - otherwise the server may detect that you are not accessing the resource through a common webbrowser (since there is probably some javascript send on the first request that does the token handling)

This may also apply to other tokens or challenges.
11/28/2014 15:56 Cheating-nl#13
Quote:
Originally Posted by Mostey View Post
The reload tokens do not match. You are sending the request providing the token from an unknown source. Then, the server replies to this request and also provides a reload token in the response. You may need to send the token supplied by the server in the next request - otherwise the server may detect that you are not accessing the resource through a common webbrowser (since there is probably some javascript send on the first request that does the token handling)

This may also apply to other tokens or challenges.
Hmm yes, you could be right in that, in the original page the request is made by javascript. So yes, the server sends new reloadTokens to the page ofcourse because it's javascript.

But, I already tried to do another request like ~5 seconds after the first bidRequest to another page, so the javascript sended token must be gone, than another GET request to take the 'new' reloadToken's just from the pagesource, so it should be fresh reloadToken's right?

This is how the pagesource reloadTokens like before my first bid:

Code:
<input name="reloadToken" value="f5b2374edb3c05b125b68907b1d604a4" type="hidden">
<input name="RTVT" value="main7bd97eca81fbfaaf44cc5b53f58a" type="hidden"></form>
This is how they look after the first bid, so before the second bid:

Code:
<input name="reloadToken" value="4e4e777ad53c52366bd9261d5e3720d7" type="hidden">
<input name="RTVT" value="main7bd97eca81fbfaaf44cc5b53f58a" type="hidden">
I noticed the reloadToken changed, but the RTVT was still the same.

However, in my program I completly reload the bid-page to grab some new reloadToken and RTVT:

This is what happens why I reload the page:

Code:
<input name="reloadToken" value="194b401eee9d96bac4b956c5f0efba9c" type="hidden">
<input name="RTVT" value="mainaf2cd2ed44a3bfecf41ca6cc283d" type="hidden">
So I completely receive a new reloadToken and RTVT, but when doing this in my tool it still not works and at the webpage itself it works like it should do.

Maybe I only should do the second GET request of the pagesource at the reloadToken and not the RTVT?

I have currently no time to test it, doing this tonight or tomorrow.

Thanks for your help so far :)
12/02/2014 21:46 Shawak#14
Are you using the reload token to get your new token or are you just reloading the page? If so, you should consider to get a new token using your reloadToken (which may could change after usage).
03/23/2015 22:27 Cheating-nl#15
I'm replying to this thread again as I'm still/again struggling with this problem.
I've suspended the project for some time a decided to continue it.

How it theoretically works right now:

- The user adds items to a ListBox which my program should bid on.
- When clicked at the button a For Each loop will loop through the ListBox and will bid on every Item in the ListBox

How a single (bid)request looks like right now: (this bidrequest is done for each item in the listbox)

- The first thing it does is do a GET request at the market-page and grab the sourcecode
- Then with some regex it extracts the RTVT and the reloadToken from the source
- Then it sends a POST request with the extracted RTVT and reloadToken

EDIT: Fixed