tags:

views:

35

answers:

1
Q: 

Script to determine if an HTTP reponse is from intended domain.

I am trying to write a script that will send an HTTP "GET" to a URL then determine if the response came from the same domain or not.

I have been playing around with VBS and the WinHttp.WinHttpRequest.5.1 object. Sadly this does not give me any access to where exactly the response came from.

I tried parsing through the response headers but that only yields results if the web-server sets a cookie with the server's domain in it. For example (in my script below) "google.com" will pass but "avg.com" will fail.

I am not very attached to my current script and gladly will change if anyone knows a better way.

My current script:

  Dim objWinHttp
  Dim strContent, strURL
  Set objWinHttp = CreateObject("WinHttp.WinHttpRequest.5.1")
  objWinHttp.SetTimeouts 29000, 29000, 29000, 29000
  objWinHttp.Option(0) = "Website_monitor_light/1.0"
  objWinHttp.Option(6) = True
  If (InStr(WScript.Arguments.Item(0), "www.") = 1) Then
   URL = "http://" & WScript.Arguments.Item(0)
  Else
   URL = "http://www." & WScript.Arguments.Item(0)
  End If
  objWinHttp.Open "GET", URL
  On Error Resume Next
  objWinHttp.Send()
  If (objWinHttp.Status = 200) Then
   strContent = objWinHttp.GetAllResponseHeaders
  End If
  Wscript.Quit InStr(strContent, "domain=." & Mid(URL,12))

Thanks a million.

A: 

Sounds like you simply want the WinHttpRequest object to NOT follow redirect responses automatically. Check out the WinHttpRequestOption_EnableRedirects option. This is set to TRUE by default, you need to turn it off.

Paul Dixon  2010-06-22 20:57:52
But what if... (sorry for the "what if" question)... what if by some chance the DNS lookup gets messed with and my request gets a response from some strange server? That is what I want to be able to detect.
Brendan Salt  2010-06-22 21:05:53
There is nothing in the HTTP protocol which can mitigate that. If the remote server responds positively, you can't tell whether the response is "legitimate" (this is what https helps you with).If you want to perform some sort of check against a particular DNS server failure, then you could perform several DNS lookups, perhaps comparing with Google's DNS servers on 8.8.8.8 and 8.8.4.4
Paul Dixon  2010-06-22 21:24:47
At that level the only right thing to do is to use HTTPS for the original request.
Kevin Reid  2010-06-22 21:36:40
Then is there a way to tell what IP responded to a request?
Brendan Salt  2010-06-22 21:42:50
Don't use the IP, that's thoroughly spoofable. Make a HTTPS response, then check (ideally) the key fingerprint (I think; I'm not up on the details) of the certificate of the response. Less securely, you can check the domain name in the certificate is what you expect and check that the certificate is valid. (That's what normal web browsers do.)
Kevin Reid  2010-06-23 18:44:22

related questions

Fast SQL Server 2005 script generation
In Exchange (2003) how do I list the forms used in the public folder tree ?
Can Windows' built-in ZIP compression be scripted?
Set up PowerShell Script for Automatic Execution
Automated script to zip IIS logs?
Windows Mobile - What scripting platforms are available?
Best way to extract data from a FileMaker Pro database in a script?
which language you use for "throw away" programs?
Delete all but the most recent X files in bash
In SQL Server, how do I generate a CREATE TABLE statement for a given table?
Batch file to "Script" a Database
Is it OK to drop sql statistics?
How do I generate scripts that will rebuild my MS SQL Server 2005 database WITH data?
Which scripting language to support in an existing codebase?
quoting System.DirectoryServices.ResultPropertyCollection
Automate adding entries to a wiki
Can I copy files to a Network Place from a script or the command line?
How do you use PowerShell?
How to resolve symbolic links in a shell script
showing a message box from a bash script in linux
Date arithmetic in Unix shell scripts
Common Types of Subversion Hooks
MS-SQL: Drop all tables whose names begin with a certain string
What PHP framework would you choose for a new application and why?
Adding Scripting functionality to .NET applications