Search code examples
c#httpsgetrequest

C# HTTPS Get request with cookies

I have been searching for 2 days but I have found nothing.

My problem is that I want to GET html from specific site, but from page that requires the user to be signed in. It means I can do it in 2 ways:

  1. Create full login script (POST login + GET page)
  2. or just GET with cookies I took from browser and put them manually to code.

Right now I want to do the 2nd way. I use HttpWebRequest for it and it seems that it ignores cookies I put into request (with HTTP it works). Can you please tell me what I do wrong? Or where can be a problem?

For getting fresh session for this request go to darkorbit.com log in with: name=jasomdarkorbit password=123456.

I hope you can somehow help me, thank you!

Main code:

//string name = "jasomdarkorbit";
//string pass = "123456";
const string URL = "https://www.darkorbit.com";

string html = "";
string url = URL + "/indexInternal.es?action=internalStart";

//For getting fresh session for this request go to darkorbit.com 
// log in with: name=jasomdarkorbit, password=123456.
string cookies = "dosid=63660eb0d3b6fdc9dcc868c19cf3bf96;";

html = GET(url, cookies);
Debug.WriteLine(html);

My get method code:

public static string GET(string url, string cookie = null)
{
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
    request.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) " + 
"AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36";
    request.Headers.Set(HttpRequestHeader.Cookie, cookie);

    HttpWebResponse response = (HttpWebResponse)request.GetResponse();

    Stream responseStream = response.GetResponseStream();
    StreamReader reader = new StreamReader(responseStream);

    string result = reader.ReadToEnd();

    responseStream.Close();
    reader.Close();
    response.Close();

    return result;
}
Solution

  • Problem was in used HttpWebRequest function and handling of HTTPS communication(in .NET 4.5). With Library Html Agility Pack it work smoothly.

    And 1 important information:

    SESSION cookie is also just a COOKIE so you can just copy/paste it and you are signed as somebody else !

    This approach is used in stealing exploits/XSS attacks...attacker will steal your cookies and then he can log in into your account on that page until that Session identificator change.

    So in my case...I have created C# gui with browser and 2 input fields: game server and dosid cookie. After I logged in on my game account from different browser I copied dosid cookie and game server number from url, placed them to my custom-browser input fields and BOOM I was logged also there.

    Why would I do that ?

    Many pages dont allow being logged in from 2 browsers/PCs at the same time cos each time you log in SESSION will change.