LCF-AT

WinSock problem

36 posts in this topic

Hi kao,

thanks for your answer but I am still confused.

Info: About the complete URL.So its just for the tool itself I made so the first part gets checked and cut out and the rest will used.Also if there is no port info then I used standart port 80 as default port.

Now again some questions:

1.) Is it now possible with WinSock without SSL (openssl etc) to get successfully access to T4Y for example + getting right page content?

2.) How can I check whether I need to request any site with SSL from the response I get?

3.) Why I get success using WinInet with and also without SSL flags on T4Y site?

Using WinInet with & without SSL Flags

GET /index.php HTTP/1.1
Host: tuts4you.com
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

HTTP/1.1 200 OK

Pagecontent all there and right....

Using WinSock
--------------------------------------
GET /index.php HTTP/1.1
Host: tuts4you.com
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

HTTP/1.1 301 Moved Permanently
Date: Fri, 17 Feb 2017 15:57:11 GMT
Server: Apache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: must-revalidate
Set-Cookie: SESSTUTS4YOUCOM=6efd7798c31d1e7dd2eac3b0b89222af; path=/; domain=.tuts4you.com
Last-Modified: Fri, 17 Feb 2017 15:57:11 GMT
Location: https://tuts4you.com/index.php
Strict-Transport-Security: max-age=15768000;includeSubdomains
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

-----------------------------------------
GET /index.php HTTP/1.1
Host: tuts4you.com:443
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

HTTP/1.1 301 Moved Permanently
Date: Fri, 17 Feb 2017 15:59:32 GMT
Server: Apache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: must-revalidate
Set-Cookie: SESSTUTS4YOUCOM=76b7127e22f93deb8c9f415f1cedd435; path=/
Last-Modified: Fri, 17 Feb 2017 15:59:32 GMT
Location: https://tuts4you.com/index.php
Strict-Transport-Security: max-age=15768000;includeSubdomains
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
----------------------------------------
GET /index.php HTTP/1.1
Host: tuts4you.com:80
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

HTTP/1.1 301 Moved Permanently
Date: Fri, 17 Feb 2017 16:00:24 GMT
Server: Apache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: must-revalidate
Set-Cookie: SESSTUTS4YOUCOM=68bdd2ad43c8ec6997f31ed9481ff3b0; path=/
Last-Modified: Fri, 17 Feb 2017 16:00:25 GMT
Location: https://tuts4you.com/index.php
Strict-Transport-Security: max-age=15768000;includeSubdomains
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
-------------------------------------------------
GET /index.php HTTP/1.1
Host: 198.57.187.53:443
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

HTTP/1.1 301 Moved Permanently
Date: Fri, 17 Feb 2017 16:01:11 GMT
Server: Apache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Cache-Control: must-revalidate
Set-Cookie: SESSTUTS4YOUCOM=86888b0965c546f6474a2a0f142c36f2; path=/
Last-Modified: Fri, 17 Feb 2017 16:01:11 GMT
Location: https://tuts4you.com/index.php
Strict-Transport-Security: max-age=15768000;includeSubdomains
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
-----------------------------------------
GET /index.php HTTP/1.1
Host: 198.57.187.53:80
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

HTTP/1.1 404 Not Found
Date: Fri, 17 Feb 2017 16:01:35 GMT
Server: Apache
Accept-Ranges: bytes
Strict-Transport-Security: max-age=15768000;includeSubdomains
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
-----------------------------------------

So I dont get any successfully access to T4Y index.php site using WInSock.Is this because I dont use SSL (extra OpenSSL APIs etc) or should it normaly work anyhow also without SSL?On the examples about WinInet its also working without SSL flags and thats the reason I do wonder.So if it works with WinInet wihtout SSL then it should also work with WinSock without SSL or so thing wrong anyhow?!?

greetz

Share this post


Link to post
Share on other sites

@Teddy Rogers should be able to answer specifics on how the server is configured. From the info you posted, it looks like T4Y works only over HTTPS and WinInet does lots of stuff "behind the scenes", even if don't explicitly tell it to.

You could use WireShark to capture packets for each requedt and see what exactly is happening.

Share this post


Link to post
Share on other sites

So @LCF-AT , do you still need me to look into this issue or is it almost solved ? :)

When you PM-ed me a couple of days ago, I already told you that I would look into it during the weekend as I was (and am) busy till then. But I see that you already put up yet another post yesterday haha :D

Guess you are in a bit of a hurry .. hehe

Anyway, the problrm is, that since you want it to be in ASM, I would need to compile the SSL libraries from scratch on my computer. That would take time and also converting the code to ASM would make it quite bulky as I told you in the PM already.

I have no problem (and its also good :) ) if others are helping out. But what I want to know is whether you would still need me to look into it or not ...

Because I am not really a fan of re-duplication of efforts if you know what I mean.. I do not want to waste time compiling the libraries etc if someone else is already working on it , if you know what I mean... No offense of course, but just want to avoid re-duplication of efforts from our members here.

Is anyone already (and continuing to) work on LCF-AT's issue ? :)

Cheers :)

EDIT :

As I was typing this out, I see that @kao had already posted another reply.

One thing I want to add is that certain security configurations of websites could prevent you from accessing them from "unknown" apps. So as Kao says, its well worth finding out whetehr its teh security configuration of the sites thats preventing you from accessing them.

Having said that, I cannot comment further wihtout knowing what exactly you ar etrying to accomplish with your code in the first place ...

Edited by Techlord

Share this post


Link to post
Share on other sites

Hi again,

hmmm ok.So you mean WinInet functions doing some thing to handle that SSL issue also if I have disabled it?I am not very common using Wireshark.

@Techlord

Sure I do still need help and nothing is sloved yet of course.Yes I am always in hurry if I dont understand something or cant find any solutions. :)

So my main goal is it to use WinSock only for everything to get successfully access to all sites (like browser) without using WinInet anymore (its working slower and its also limited) but the problem is that I get more success using WinInet instead of WInSock but I dont want use both anymore.So if I need this SSL / TLS thing for WinSock to get success then I would like to use WinSock with SSL and then I could quit WinInet but I still dont know how to implement it for a simple client for example.If I see it right then they are just a few APIs I need to use from ssleay32.dll but I dont check some C / C++ structs I need to use with that key pem thing etc.

greetz

1 person likes this

Share this post


Link to post
Share on other sites
On Friday, 17 February, 2017 at 11:59 AM, LCF-AT said:

Sure I do still need help and nothing is sloved yet of course.Yes I am always in hurry if I dont understand something or cant find any solutions

Well, since most of the discussin would not be of too much interest to others, I would be continuing the discussion via PM. probably would post the final solution that we arrive at, here, for anyone else referring to this thread down the road, If anyone else is following this thread with interest and would rather like the discussion done on the thread, please let us know :)

Cheers :)

1 person likes this

Share this post


Link to post
Share on other sites

Here is a basic test prog to fetch a t4y web page using wininet stuff. I used most of this code in a x64dbg plugin to download snapshot updates from github. I've re-purposed it for this test program. Hopefully it helps you, let me know how you get on or if you found it useful.

Edit: I'm interested in this topic, so feel free to continue the discussion here.

Cheers

t4ytest.zip

Edited by fearless
Update to mention interest in discussion on the forums
1 person likes this

Share this post


Link to post
Share on other sites

Hi,

thanks for your interest fearless but as you can read above I am not looking for a WinInet solution and wanna have a WinSock solution only.So if its only working using WinSock + any SSL extra APIs etc then I would be interested to see any example you know.I cant find any example in MASM for this only some C or C++ codes like I did post before in this topic but I dont understand this whole C / C++ language thing to make any translation to MASM I could use later.Thats the problem.

greetz

Share this post


Link to post
Share on other sites

Hi again,

so I checked internet again and found some infos about schannel and I also found a schannel inc & lib for MASM on my HDD but I could not found any example code.So is this something I could maybe use too to handle sites like T4Y or google with location resolve?

greetz

Share this post


Link to post
Share on other sites

Here is the source with schannel web client sample code: ftp://linux.mikroklima.cz/MIDAM-CD/DIGI/samples/SSLClient/cpp/mssdk/WebClient.c
Here is compiled executable from which you can rip the relevant ASM code: ftp://linux.mikroklima.cz/MIDAM-CD/DIGI/samples/SSLClient/WebClient.exe

Attached is slightly patched executable that you can use to test again https://forum.tuts4you.com (added proper Host: header in request). Use command line like this: 

WebClient1.exe -sforum.tuts4you.com -p443 -findex.php >result.txt

 

Result.txt will look like:

...

Buffers[1].BufferType = SECBUFFER_DATA
Decrypted data: 444 bytes
0000  48 54 54 50 2f 31 2e 31:20 32 30 30 20 4f 4b 0d  HTTP/1.1 200 OK.
0010  0a 44 61 74 65 3a 20 4d:6f 6e 2c 20 32 30 20 46  .Date: Mon, 20 F
0020  65 62 20 32 30 31 37 20:31 32 3a 34 33 3a 32 30  eb 2017 12:43:20
0030  20 47 4d 54 0d 0a 53 65:72 76 65 72 3a 20 41 70   GMT..Server: Ap
0040  61 63 68 65 0d 0a 45 78:70 69 72 65 73 3a 20 54  ache..Expires: T
0050  68 75 2c 20 31 39 20 4e:6f 76 20 31 39 38 31 20  hu, 19 Nov 1981 
0060  30 38 3a 35 32 3a 30 30:20 47 4d 54 0d 0a 43 61  08:52:00 GMT..Ca
0070  63 68 65 2d 43 6f 6e 74:72 6f 6c 3a 20 6e 6f 2d  che-Control: no-
0080  73 74 6f 72 65 2c 20 6e:6f 2d 63 61 63 68 65 2c  store, no-cache,
0090  20 6d 75 73 74 2d 72 65:76 61 6c 69 64 61 74 65   must-revalidate
00a0  2c 20 70 6f 73 74 2d 63:68 65 63 6b 3d 30 2c 20  , post-check=0, 
00b0  70 72 65 2d 63 68 65 63:6b 3d 30 0d 0a 50 72 61  pre-check=0..Pra
00c0  67 6d 61 3a 20 6e 6f 2d:63 61 63 68 65 0d 0a 58  gma: no-cache..X
00d0  2d 58 53 53 2d 50 72 6f:74 65 63 74 69 6f 6e 3a  -XSS-Protection:
00e0  20 30 0d 0a 43 6f 6e 6e:65 63 74 69 6f 6e 3a 20   0..Connection: 
00f0  63 6c 6f 73 65 0d 0a 53:65 74 2d 43 6f 6f 6b 69  close..Set-Cooki
0100  65 3a 20 69 70 73 34 5f:49 50 53 53 65 73 73 69  e: ips4_IPSSessi
0110  6f 6e 46 72 6f 6e 74 3d:37 32 32 36 65 36 32 61  onFront=7226e62a
0120  61 37 34 62 61 38 62 39:39 36 30 34 61 63 35 62  a74ba8b99604ac5b
0130  64 33 39 31 33 30 65 36:3b 20 70 61 74 68 3d 2f  d39130e6; path=/
0140  3b 20 73 65 63 75 72 65:3b 20 48 74 74 70 4f 6e  ; secure; HttpOn
0150  6c 79 0d 0a 53 74 72 69:63 74 2d 54 72 61 6e 73  ly..Strict-Trans
0160  70 6f 72 74 2d 53 65 63:75 72 69 74 79 3a 20 6d  port-Security: m
0170  61 78 2d 61 67 65 3d 31:35 37 36 38 30 30 30 3b  ax-age=15768000;
0180  69 6e 63 6c 75 64 65 53:75 62 64 6f 6d 61 69 6e  includeSubdomain
0190  73 0d 0a 43 6f 6e 74 65:6e 74 2d 54 79 70 65 3a  s..Content-Type:
01a0  20 74 65 78 74 2f 68 74:6d 6c 3b 63 68 61 72 73   text/html;chars
01b0  65 74 3d 55 54 46 2d 38:0d 0a 0d 0a              et=UTF-8....

Buffers[1].BufferType = SECBUFFER_DATA
Decrypted data: 7689 bytes
0000  3c 21 44 4f 43 54 59 50:45 20 68 74 6d 6c 3e 0a  <!DOCTYPE html>.
0010  3c 68 74 6d 6c 20 6c 61:6e 67 3d 22 65 6e 2d 55  <html lang="en-U
0020  53 22 20 64 69 72 3d 22:6c 74 72 22 3e 0a 09 3c  S" dir="ltr">..<
0030  68 65 61 64 3e 0a 09 09:3c 74 69 74 6c 65 3e 46  head>...<title>F
0040  6f 72 75 6d 73 20 2d 20:54 75 74 73 20 34 20 59  orums - Tuts 4 Y
0050  6f 75 3c 2f 74 69 74 6c:65 3e 0a 09 09 3c 21 2d  ou</title>...<!-
0060  2d 5b 69 66 20 6c 74 20:49 45 20 39 5d 3e 0a 09  -[if lt IE 9]>..
0070  09 09 3c 6c 69 6e 6b 20:72 65 6c 3d 22 73 74 79  ..<link rel="sty
0080  6c 65 73 68 65 65 74 22:20 74 79 70 65 3d 22 74  lesheet" type="t
0090  65 78 74 2f 63 73 73 22:20 68 72 65 66 3d 22 68  ext/css" href="h
00a0  74 74 70 73 3a 2f 2f 66:6f 72 75 6d 2e 74 75 74  ttps://forum.tut
00b0  73 34 79 6f 75 2e 63 6f:6d 2f 75 70 6c 6f 61 64  s4you.com/upload
00c0  73 2f 63 73 73 5f 62 75:69 6c 74 5f 31 2f 35 65  s/css_built_1/5e
00d0  36 31 37 38 34 38 35 38:61 64 33 63 31 31 66 30  61784858ad3c11f0
00e0  30 62 35 37 30 36 64 31:32 61 66 65 35 32 5f 69  0b5706d12afe52_i
00f0  65 38 2e 63 73 73 2e 36:66 38 39 65 34 30 34 38  e8.css.6f89e4048
0100  66 39 32 30 34 65 32 63:35 63 64 64 30 32 64 33  f9204e2c5cdd02d3
0110  36 63 33 31 30 36 38 2e:63 73 73 22 3e 0a 09 09  6c31068.css">...
0120  20 20 20 20 3c 73 63 72:69 70 74 20 73 72 63 3d      <script src=
0130  22 2f 2f 66 6f 72 75 6d:2e 74 75 74 73 34 79 6f  "//forum.tuts4yo
0140  75 2e 63 6f 6d 2f 61 70:70 6c 69 63 61 74 69 6f  u.com/applicatio
0150  6e 73 2f 63 6f 72 65 2f:69 6e 74 65 72 66 61 63  ns/core/interfac
0160  65 2f 68 74 6d 6c 35 73:68 69 76 2f 68 74 6d 6c  e/html5shiv/html
0170  35 73 68 69 76 2e 6a 73:22 3e 3c 2f 73 63 72 69  5shiv.js"></scri
0180  70 74 3e 0a 09 09 3c 21:5b 65 6e 64 69 66 5d 2d  pt>...<![endif]-
0190  2d 3e 0a 09 09 0a 3c 6d:65 74 61 20 63 68 61 72  ->....<meta char
01a0  73 65 74 3d 22 75 74 66:2d 38 22 3e 0a 0a 09 3c  set="utf-8">...<

...

As you can see, it works just fine. :)

 

webclient1.rar

1 person likes this

Share this post


Link to post
Share on other sites

Hi kao,

thanks for your files so it seems to work (anyhow). :) But now the question is how I should handle the file to find all needed steps just debugging that file.There is a lot and this C or cpp source I cant really understand.Ok I will try to debug that file also if it will take a much time to not all needed steps etc.

greetz

Share this post


Link to post
Share on other sites
Quote

There is a lot and this C or cpp source I cant really understand

/Fa Listing Assembly code is your friend

Here is a WebClient debug version and Assembly listing

and a WebClient.pdb for easier debug this exe

 

webclient.rar

Edited by ragdog
1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now