Announcement

Collapse
No announcement yet.

How to automate IE to download and store files from Internet?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    How to automate IE to download and store files from Internet?

    I try to write an autoupdate function for a .DLL (developed by me, written in PB).

    I could build a simple FTP downloader into this .DLL. What I download will be text files containing my securely encrypted stuff coded Base64. I'll be using a public key system in order to make sure the code is coming from me and only from me. The key length I uese is such, that hacking is in vain, I have plenty of time to encode and decode... So I'm completely confident about the security of my code.

    Now what I'm afraid of is, that I'll run into security problems on some of those PC's. I most often get granted administrative rights during installation (and for updates too). So I could allow a tunel through the software firewall on every system. But it is not always the case. The customers expect me to do updates. Today I use VPN clients - each running on a virtual machine of it's own - to build up connections to those PC's, log in as admin and update the software. I tell you this is cumbersome and tedious...

    At update time useres will usually not have administrative rights.

    The systems I install this software on belong to a wide variety of customers, so they are quite heterogenous. Administrators will clean out machines, replace OS and so on... It would definitfely be an advantage, if I do not need to have access to the settigns of the firewall. I know a lot of professional software is able to do such downloads.

    All my customers have a security concept with firewalls securing the internet access of the company. Some will prohibit FTP at this level, some not. But all will allow .TXT or .HTML downloads by means of IE.

    I somewhere read it is possible to download the files by automating IE. Thus the download will get the rights of IE, and IE is always allowed to download .TXT or .HTML (could put my stuff in HTML too). If I can store either format I'll be able to extract my information later with my .DLL.

    1) Does anyone have experience and/or codesamples how my idea with IE could be realized?

    2) Any other ideas how I can avoid dealing with the settings of the software firewalls on those machines and download my stuff.

    Thanks for your support
    Tags: None
  • #2
    I am curious since i don't think you can.
    I mean if there is a firewall installed, like zonealarm for example, you will get a message when you invoke the browser via com since the application is important for the firewall.

    There is a way though, run the browser but not via shellexecute() but via shell and open the webpage for your update.
    MSIE stores every page as download in its temp folder, you may enum these files for date and open it (copy) and extract the data.
    I think this is the best option.

    If first setup's are not a big deal you can explore hta files.
    These are html files without restrictions, the hta engine must have been granted access to internet once.
    I would not go that route.
    hellobasic

    Comment

    • #3
      Why go thru IE?

      The WinInet functions can do all that stuff.. and will work even if IE is not installed on target system

      But if you are married to IE, I know there is a COM interface into which you can tap.

      I am thinking, maybe you want to go thru IE *only* to take advantage of its seemingly "privileged" permissions and/or "pre-approved to go thru user's firewall?"

      Try looking at Socket Tools (some regular here markets this).

      I've never used it but it sure seems like "firewall stuff" would be something that suite should address.

      MCM
      Michael Mattias
      Tal Systems (retired)
      Port Washington WI USA
      [email protected]
      http://www.talsystems.com

      Comment

      • #4
        Michaels right, WinInet is the way to go. the IE Object Model (shdocvw.dll and mshtml.dll) are kind of wonky and you will have more problems attempting to use either COM object. Another is xmlhttp, you should have no problems using this to make the connections you want. It is a com object and doesnt have the flaws that shdocvw.dll has. This is all done over http/https and most companies allow those types of connections. If you have issues with the company blocking these ports I would sit down with the company and advise them that it can be either automated for a low price or you can come out and do it for a much larger expense. You can also talk to the company about installation privledges as well.
        Sr. Software Development Engineer and Sr. Information Security Analyst,
        CEH, Digital Forensic Examiner

        Comment

        • #5
          Been busy to obtain the files from the internet cache and it works.

          1)
          First i used MSIE to open my site and closed it.

          2)
          I tested in the code for "hellobasic", this gives me a htm and a cookie.

          3)
          I have used Jose's include files to add these api's.
          #Include "wininet.inc"
          #Include "oleauto.inc"

          4)
          I used PwrDev to process the dates, you don't need PwrDev of course.

          Code:
              
    Local hCacheDir             As Long
    Local lpFirstCacheEntryInfo As INTERNET_CACHE_ENTRY_INFO Ptr
    Local dwBufferSize          As Dword
    Local sBuffer               As String
    Local bValue                As Long
    Local ST                    As SYSTEMTIME
    Local FT                    As FILETIME
    Local T                     As String
    
    dwBufferSize = 10000
    sBuffer = String$( dwBufferSize, 0 )
    lpFirstCacheEntryInfo = StrPtr( sBuffer )

    hCacheDir = FindFirstUrlCacheEntry( ByVal 0&, @lpFirstCacheEntryInfo, dwBufferSize )
    bValue = hCacheDir <> 0
    
    Do While bValue
    
        If @lpFirstCacheEntryInfo.lpszLocalFileName > 0 And Len( @[email protected] ) > 0 Then
            If InStr( @[email protected], "hellobasic" ) Then
                Call FileTimeToLocalFileTime( @lpFirstCacheEntryInfo.LastAccessTime, FT )            
                Call FileTimeToSystemTime( FT, ST )
                T = Left$( VD_LoadFromFile( @[email protected] ), 100 )
                Replace $CrLf With " " In T
                VD_Debug_Print VD_DateTime_ToString( VD_DateTime_FromSystemTime( ST ) ) & ", " & @[email protected]
                VD_Debug_Print  T
            End If
        End If
        
        dwBufferSize = Len( sBuffer )
        bValue = FindNextUrlCacheEntry( hCacheDir, @lpFirstCacheEntryInfo, dwBufferSize )
        If bValue = 0 Then Exit Do
  
    Loop 
  
    Call FindCloseUrlCache( hCacheDir )
          Results in:
          Code:
          [2556] 2009-08-19  14:36:14, C:\Documents and Settings\EdwinK\Local Settings\Temporary Internet Files\Content.IE5\MTDMZ6TG\hellobasic[1].htm
[2556]   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/
[2556] 2009-08-19  14:36:14, C:\Documents and Settings\EdwinK\Cookies\[email protected][1].txt
[2556] __utma
[2556] 80141582.3922501511151678500.1250684555.1250684555.1250685375.2
[2556] hellobasic.com/
[2556] 1600
[2556] 25036193
          hellobasic

          Comment

          Previous template Next
          Working...
          X

          We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, and to analyze site activity. For additional details, refer to our Privacy Policy.

          By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

          I Agree