views:

35

answers:

1

I am trying to write a script that will send an HTTP "GET" to a URL then determine if the response came from the same domain or not.

I have been playing around with VBS and the WinHttp.WinHttpRequest.5.1 object. Sadly this does not give me any access to where exactly the response came from.

I tried parsing through the response headers but that only yields results if the web-server sets a cookie with the server's domain in it. For example (in my script below) "google.com" will pass but "avg.com" will fail.

I am not very attached to my current script and gladly will change if anyone knows a better way.

My current script:

  Dim objWinHttp
  Dim strContent, strURL
  Set objWinHttp = CreateObject("WinHttp.WinHttpRequest.5.1")
  objWinHttp.SetTimeouts 29000, 29000, 29000, 29000
  objWinHttp.Option(0) = "Website_monitor_light/1.0"
  objWinHttp.Option(6) = True
  If (InStr(WScript.Arguments.Item(0), "www.") = 1) Then
   URL = "http://" & WScript.Arguments.Item(0)
  Else
   URL = "http://www." & WScript.Arguments.Item(0)
  End If
  objWinHttp.Open "GET", URL
  On Error Resume Next
  objWinHttp.Send()
  If (objWinHttp.Status = 200) Then
   strContent = objWinHttp.GetAllResponseHeaders
  End If
  Wscript.Quit InStr(strContent, "domain=." & Mid(URL,12))

Thanks a million.

A: 

Sounds like you simply want the WinHttpRequest object to NOT follow redirect responses automatically. Check out the WinHttpRequestOption_EnableRedirects option. This is set to TRUE by default, you need to turn it off.

Paul Dixon
But what if... (sorry for the "what if" question)... what if by some chance the DNS lookup gets messed with and my request gets a response from some strange server? That is what I want to be able to detect.
Brendan Salt
There is nothing in the HTTP protocol which can mitigate that. If the remote server responds positively, you can't tell whether the response is "legitimate" (this is what https helps you with).If you want to perform some sort of check against a particular DNS server failure, then you could perform several DNS lookups, perhaps comparing with Google's DNS servers on 8.8.8.8 and 8.8.4.4
Paul Dixon
At that level the only right thing to do is to use HTTPS for the original request.
Kevin Reid
Then is there a way to tell what IP responded to a request?
Brendan Salt
Don't use the IP, that's thoroughly spoofable. Make a HTTPS response, then check (ideally) the key fingerprint (I think; I'm not up on the details) of the certificate of the response. Less securely, you can check the domain name in the certificate is what you expect and check that the certificate is valid. (That's what normal web browsers do.)
Kevin Reid