Announcement

Collapse
No announcement yet.

How to automate IE to download and store files from Internet?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to automate IE to download and store files from Internet?

    I try to write an autoupdate function for a .DLL (developed by me, written in PB).

    I could build a simple FTP downloader into this .DLL. What I download will be text files containing my securely encrypted stuff coded Base64. I'll be using a public key system in order to make sure the code is coming from me and only from me. The key length I uese is such, that hacking is in vain, I have plenty of time to encode and decode... So I'm completely confident about the security of my code.

    Now what I'm afraid of is, that I'll run into security problems on some of those PC's. I most often get granted administrative rights during installation (and for updates too). So I could allow a tunel through the software firewall on every system. But it is not always the case. The customers expect me to do updates. Today I use VPN clients - each running on a virtual machine of it's own - to build up connections to those PC's, log in as admin and update the software. I tell you this is cumbersome and tedious...

    At update time useres will usually not have administrative rights.

    The systems I install this software on belong to a wide variety of customers, so they are quite heterogenous. Administrators will clean out machines, replace OS and so on... It would definitfely be an advantage, if I do not need to have access to the settigns of the firewall. I know a lot of professional software is able to do such downloads.

    All my customers have a security concept with firewalls securing the internet access of the company. Some will prohibit FTP at this level, some not. But all will allow .TXT or .HTML downloads by means of IE.

    I somewhere read it is possible to download the files by automating IE. Thus the download will get the rights of IE, and IE is always allowed to download .TXT or .HTML (could put my stuff in HTML too). If I can store either format I'll be able to extract my information later with my .DLL.

    1) Does anyone have experience and/or codesamples how my idea with IE could be realized?

    2) Any other ideas how I can avoid dealing with the settings of the software firewalls on those machines and download my stuff.

    Thanks for your support

  • #2
    I am curious since i don't think you can.
    I mean if there is a firewall installed, like zonealarm for example, you will get a message when you invoke the browser via com since the application is important for the firewall.

    There is a way though, run the browser but not via shellexecute() but via shell and open the webpage for your update.
    MSIE stores every page as download in its temp folder, you may enum these files for date and open it (copy) and extract the data.
    I think this is the best option.

    If first setup's are not a big deal you can explore hta files.
    These are html files without restrictions, the hta engine must have been granted access to internet once.
    I would not go that route.
    hellobasic

    Comment


    • #3
      Why go thru IE?

      The WinInet functions can do all that stuff.. and will work even if IE is not installed on target system

      But if you are married to IE, I know there is a COM interface into which you can tap.

      I am thinking, maybe you want to go thru IE *only* to take advantage of its seemingly "privileged" permissions and/or "pre-approved to go thru user's firewall?"

      Try looking at Socket Tools (some regular here markets this).

      I've never used it but it sure seems like "firewall stuff" would be something that suite should address.

      MCM
      Michael Mattias
      Tal Systems (retired)
      Port Washington WI USA
      [email protected]
      http://www.talsystems.com

      Comment


      • #4
        Michaels right, WinInet is the way to go. the IE Object Model (shdocvw.dll and mshtml.dll) are kind of wonky and you will have more problems attempting to use either COM object. Another is xmlhttp, you should have no problems using this to make the connections you want. It is a com object and doesnt have the flaws that shdocvw.dll has. This is all done over http/https and most companies allow those types of connections. If you have issues with the company blocking these ports I would sit down with the company and advise them that it can be either automated for a low price or you can come out and do it for a much larger expense. You can also talk to the company about installation privledges as well.
        Sr. Software Development Engineer and Sr. Information Security Analyst,
        CEH, Digital Forensic Examiner

        Comment


        • #5
          Been busy to obtain the files from the internet cache and it works.

          1)
          First i used MSIE to open my site and closed it.

          2)
          I tested in the code for "hellobasic", this gives me a htm and a cookie.

          3)
          I have used Jose's include files to add these api's.
          #Include "wininet.inc"
          #Include "oleauto.inc"

          4)
          I used PwrDev to process the dates, you don't need PwrDev of course.

          Code:
              
              [color=#0000FF]Local[/color] hCacheDir             [color=#0000FF]As[/color] [color=#0000FF]Long[/color]
              [color=#0000FF]Local[/color] lpFirstCacheEntryInfo [color=#0000FF]As[/color] INTERNET_CACHE_ENTRY_INFO [color=#0000FF]Ptr[/color]
              [color=#0000FF]Local[/color] dwBufferSize          [color=#0000FF]As[/color] [color=#0000FF]Dword[/color]
              [color=#0000FF]Local[/color] sBuffer               [color=#0000FF]As[/color] [color=#0000FF]String[/color]
              [color=#0000FF]Local[/color] bValue                [color=#0000FF]As[/color] [color=#0000FF]Long[/color]
              [color=#0000FF]Local[/color] ST                    [color=#0000FF]As[/color] SYSTEMTIME
              [color=#0000FF]Local[/color] FT                    [color=#0000FF]As[/color] FILETIME
              [color=#0000FF]Local[/color] T                     [color=#0000FF]As[/color] [color=#0000FF]String[/color]
              
              dwBufferSize = 10000
              sBuffer = String$( dwBufferSize, 0 )
              lpFirstCacheEntryInfo = [color=#0000FF]StrPtr[/color]( sBuffer )
          
              hCacheDir = FindFirstUrlCacheEntry( [color=#0000FF]ByVal[/color] 0&, [color=#7F007F]@lpFirstCacheEntryInfo[/color], dwBufferSize )
              bValue = hCacheDir <> 0
              
              [color=#0000FF]Do[/color] [color=#0000FF]While[/color] bValue
              
                  [color=#0000FF]If[/color] [color=#7F007F]@lpFirstCacheEntryInfo.lpszLocalFileName[/color] > 0 [color=#0000FF]And[/color] [color=#0000FF]Len[/color]( [color=#7F007F]@[email protected][/color] ) > 0 [color=#0000FF]Then[/color]
                      [color=#0000FF]If[/color] [color=#0000FF]InStr[/color]( [color=#7F007F]@[email protected][/color], "hellobasic" ) [color=#0000FF]Then[/color]
                          [color=#0000FF]Call[/color] FileTimeToLocalFileTime( [color=#7F007F]@lpFirstCacheEntryInfo.LastAccessTime[/color], FT )            
                          [color=#0000FF]Call[/color] FileTimeToSystemTime( FT, ST )
                          T = [color=#0000FF]Left$[/color]( [color=#0000FF]VD_LoadFromFile[/color]( [color=#7F007F]@[email protected][/color] ), 100 )
                          [color=#0000FF]Replace[/color] [color=#0000FF]$CrLf[/color] [color=#0000FF]With[/color] " " [color=#0000FF]In[/color] T
                          [color=#0000FF]VD_Debug_Print[/color] [color=#0000FF]VD_DateTime_ToString[/color]( [color=#0000FF]VD_DateTime_FromSystemTime[/color]( ST ) ) & ", " & [color=#7F007F]@[email protected][/color]
                          [color=#0000FF]VD_Debug_Print[/color]  T
                      [color=#0000FF]End[/color] [color=#0000FF]If[/color]
                  [color=#0000FF]End[/color] [color=#0000FF]If[/color]
                  
                  dwBufferSize = [color=#0000FF]Len[/color]( sBuffer )
                  bValue = FindNextUrlCacheEntry( hCacheDir, [color=#7F007F]@lpFirstCacheEntryInfo[/color], dwBufferSize )
                  [color=#0000FF]If[/color] bValue = 0 [color=#0000FF]Then[/color] [color=#0000FF]Exit[/color] [color=#0000FF]Do[/color]
            
              [color=#0000FF]Loop[/color] 
            
              [color=#0000FF]Call[/color] FindCloseUrlCache( hCacheDir )
          Results in:
          Code:
          [2556] 2009-08-19  14:36:14, C:\Documents and Settings\EdwinK\Local Settings\Temporary Internet Files\Content.IE5\MTDMZ6TG\hellobasic[1].htm
          [2556]   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/
          [2556] 2009-08-19  14:36:14, C:\Documents and Settings\EdwinK\Cookies\[email protected][1].txt
          [2556] __utma
          [2556] 80141582.3922501511151678500.1250684555.1250684555.1250685375.2
          [2556] hellobasic.com/
          [2556] 1600
          [2556] 25036193
          hellobasic

          Comment

          Working...
          X