伪造IP与伪造referer

在http协议中伪造ip的可能性研究

 

些日子对自定义http协议的各个数据进行了研究，对于ip伪造的问题，我当时给的建议是使用代理服务器，不过后来发现，其实可以在http协议加入一个选项，来实现一个非伪造ip的伪造ip 。如何理解呢？理由如下：~

 

一、方法概述

在http协议数据头里面加入选项“x-forward-for”,例如：“x-forward-for:202.204.76.254”,这样发送出去 的包，就是一个特殊的包，在收包方看来，这个包的意思是，一个代理服务器发过来的数据包，而这个包的真是ip是“202.204.76.254”，其实还 是实现的是三次握手，但是只不过是在发包的同时，对收包方提到了一个第三者。

 

二、试用范围

因为现在的网站类的程序如果有IP限制的话，基本上都是会检测是不是代理服务器发送的数据的，如果是代理服务器发送的数据，那么他就把IP记为这个（透明）代理服务器发送的x-forward-for的IP。

以一段较为流行的php检测ip的代码为例：

function get_ip(){ if(getenv('HTTP_CLIENT_IP')) { $gb_ip = getenv('HTTP_CLIENT_IP'); } elseif(getenv('HTTP_X_FORWARDED_FOR')) { $gb_ip = getenv('HTTP_X_FORWARDED_FOR'); } elseif(getenv('REMOTE_ADDR')) { $gb_ip = getenv('REMOTE_ADDR'); } else { $gb_ip = $_SERVER['REMOTE_ADDR']; } return $gb_ip; }

那么大家可以看到这个IP是如何伪造的了。

 

三、应对方法

当然对于网站方面，这种伪造ip的情况虽然不是很多，但是如果在投票类的程序中，当然很需要这方面的检测了，呵呵。多多检测HTTP_CLIENT_IP吧。貌似这个还没有办法伪造？.............................

 

四、总体看法

这个办法之所以称之为非伪造ip的伪造ip，主要就是利用了现在大多数网站程序检测ip的一个漏洞。所以如果网站程序能够重新审视一下自己的ip检测办法，这个方法就会慢慢失效的。呵呵。

-------------------------

伪造 referer

首先说明，伪造访问来路不是什么光明正大的事情，目的就是为了欺骗服务器。原本以为给 XMLHTTP 对象增加一个 Referer 的header 就可以，结果却没有任何作用，改用 ServerXMLHTTP 也如此。

无意间发现公司内部项目使用的 paypal 扣款程序里面有 WinHttp.WinHttpRequest.5.1 对象，它负责把客户的信用卡信息提交到 paypal 的服务器，看来是一个核心的远程访问方法，google一下发现它居然用可以成功伪造所有 http 请求的 header 信息！下面的代码通过伪造 referer 的值，假装从百度首页提交一个表单到指定的 url 去：

    var url = "http://www.yourtarget.com"; 
    var param = "name=david&age=30"; 
    var obj = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); 
    obj.Open("POST", url, false); 
    obj.Option(4) = 13056; 
    obj.Option(6) = false; //false可以不自动跳转，截取服务端返回的302状态。 
    obj.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); 
    obj.setRequestHeader("Referer", "http://www.baidu.com"); 
    obj.Send(param); 
    WScript.Echo(obj.responseText); 

保存为 xxx.js 文件，在命令行中运行 cscript.exe xxx.js。

从msdn得知，WinHttp.WinHttpRequest.5.1 是 msxml 4.0 的底层对象，也就是说 XMLHTTP/ServerXMLHTTP 也是在它的基础上封装而来。用 WinHttpRequest 发的请求，连 Fiddler 也监测不到，看来确实是比较底层的东西。
---------------------------邪恶的分割线------------------------

既然可以用它来伪造所有 http 请求的 header，那 Cookies、Sessionid 自然也就可以得到并传递了。下面是实战代码，用命令行登录博客园，共三次请求，第一次请求获取表单的 VIEWSTATE 和 EVENTVALIDATION，第二次带账户登录，第三次带Cookie访问其首页：

    //封装成远程访问的函数 
    function RemoteCall(method, url, param, header){ 
        var obj = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); 
        obj.Open(method||"GET", url, false); 
        obj.Option(4) = 13056; 
        obj.Option(6) = false; 
        if(method=="POST"){ 
            obj.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); 
        } 
        if(header){ 
            for(var key in header){ 
                if(key=="Cookie"){//根据 MSDN 的建议，设置Cookie前，先设置一个无用的值 
                    obj.setRequestHeader("Cookie", "string"); 
                } 
                obj.setRequestHeader(key, header[key]); 
            } 
        } 
        obj.Send(param); 
        return obj; 
    } 
    //第一次远程访问博客园的登录入口 
    var url = "http://passport.cnblogs.com/login.aspx"; 
    var objFirst = RemoteCall("GET", url, null); 
     
    //取得 viewstate 与 eventvalidation 
    var viewstate = objFirst.responseText.match(/id="__VIEWSTATE" value="(.*?)" \/>/)[1]; 
    var eventvalidation = objFirst.responseText.match(/id="__EVENTVALIDATION" value="(.*?)" \/>/)[1]; 
     
    //输入自己的账户与密码 
    var username = ""; 
    var password = ""; 
    var param = "" 
    + "__VIEWSTATE="+encodeURIComponent(viewstate)  
    + "&__EVENTVALIDATION="+encodeURIComponent(eventvalidation)  
    + "&tbUserName="+username 
    + "&tbPassword="+password 
    + "&btnLogin="+encodeURIComponent("登  录"); 
     
    var objSecond = RemoteCall("POST", url, param); 
     
    //登录成功后服务器执行 Response.Redirect 跳转，即向客户端发送了 302 状态代码 
    WScript.Echo(objSecond.status); //302即登录成功， 如果是200，则登录失败，页面没有跳转 
     
    //带上登录成功后的cookie，再次访问其首页 
    var json = {"Cookie": objSecond.getResponseHeader("Set-Cookie")}; 
    var objThird = RemoteCall("GET", "http://www.cnblogs.com", null, json); 
    WScript.Echo(objThird.responseText); 

上面的代码其实已经有一定恶意，我只为证明使用 WinHttpRequest 确实可以模拟浏览器发送请求，服务端也无法区别是从浏览器来的，还是从命令行来的。这证明到一点，从客户端提交来的任何数据都不可信，因为发送的 http 数据包不但表单值可以修改，连数据包的header都可以随意修改。同时也说明，使用 VIEWSTATE 对表单的安全性无任何用处。

引用一张著名的漫画，在互联网上，没有人知道你是一条狗。在服务端，没有人知道你是从命令行发送出来的。

-------------- 评论

精彩的处理方式。是原创吗?
obj.Option(4) = 13056;
obj.Option(6) = false;
这两个难道是 WinHttp.WinHttpRequest.5.1 方法自带的吗 ？

WinHttpRequest是从paypal接口中发现的。谈不上原创。

WinHttpRequest.Option 的取值有（从0开始计算）：
WinHttpRequestOption_UserAgentString,
WinHttpRequestOption_URL,
WinHttpRequestOption_URLCodePage,
WinHttpRequestOption_EscapePercentInURL,
WinHttpRequestOption_SslErrorIgnoreFlags,
WinHttpRequestOption_SelectCertificate,
WinHttpRequestOption_EnableRedirects,
WinHttpRequestOption_UrlEscapeDisable,
WinHttpRequestOption_UrlEscapeDisableQuery,
WinHttpRequestOption_SecureProtocols,
WinHttpRequestOption_EnableTracing,
WinHttpRequestOption_RevertImpersonationOverSsl,
WinHttpRequestOption_EnableHttpsToHttpRedirects,
WinHttpRequestOption_EnablePassportAuthentication,
WinHttpRequestOption_MaxAutomaticRedirects,
WinHttpRequestOption_MaxResponseHeaderSize,
WinHttpRequestOption_MaxResponseDrainSize,
WinHttpRequestOption_EnableHttp1_1,
WinHttpRequestOption_EnableCertificateRevocationCheck

------------------- 附属文档

http://msdn.microsoft.com/en-us/library/aa383147%28v=vs.85%29.aspx

Authentication Using Script

This section demonstrates how to write script that uses the WinHttpRequest object to access data from a server that requires HTTP authentication.

    Prerequisites and Requirements
    Accessing a Web Site With Authentication
    Checking the Status Codes
    Related Topics

Prerequisites and Requirements

In addition to a working knowledge of Microsoft JScript, this example requires the following:

    The current version of the Microsoft Windows Software Development Kit (SDK).
    The proxy configuration tool to establish the proxy settings for Microsoft Windows HTTP Services (WinHTTP), if your connection to the Internet is through a proxy server. See Proxycfg.exe, a Proxy Configuration Tool for more information.
    A familiarity with network terminology and concepts.

Accessing a Web Site With Authentication

Aa383147.wedge(en-us,VS.85).gifTo create a script that demonstrates authentication, do the following:

    Open a text editor such as Microsoft Notepad.

    Copy the following code into the text editor after replacing "[authenticationSite]" with the appropriate text to specify the URL of a site that requires HTTP authentication.


    // Load the WinHttpRequest object.
    var WinHttpReq =
              new ActiveXObject("WinHttp.WinHttpRequest.5.1");

    function getText1( )
    {
      // Specify the target resource.
      WinHttpReq.open( "GET",
                       "http://[authenticationSite]",
                       false;

      // Send a request to the server and wait for a response.
      WinHttpReq.send( );

      // Display the results of the request.
      WScript.Echo( "No Credentials: " );
      WScript.Echo( WinHttpReq.Status + "   " + WinHttpReq.StatusText);
      WScript.Echo( WinHttpReq.GetAllResponseHeaders);
      WScript.Echo( );
    };

    function getText2( )
    {
      // HttpRequest SetCredentials flags
      HTTPREQUEST_SETCREDENTIALS_FOR_SERVER = 0;

      // Specify the target resource.
      WinHttpReq.open( "GET",
                       "http://[authenticationSite]",
                       false );

      // Set credentials for server.
      WinHttpReq.SetCredentials( "User Name",
                                 "Password",
                                 HTTPREQUEST_SETCREDENTIALS_FOR_SERVER);

      // It might also be necessary to supply credentials
      // to the proxy if you connect to the Internet
      // through a proxy that requires authentication.

      // Send a request to the server and wait for
      // a response.
      WinHttpReq.send( );

      // Display the results of the request.
      WScript.Echo( "Credentials: " );
      WScript.Echo( WinHttpReq.Status + "   " + WinHttpReq.StatusText );
      WScript.Echo( WinHttpReq.GetAllResponseHeaders( ) );
      WScript.Echo( );
    };

    getText1( );
    getText2( );



    Save the file as "Auth.js".
    From a command prompt, type "cscript Auth.js" and press ENTER.

You now have a program that requests a resource two different ways. The first method requests the resource without supplying credentials. A 401 status code is returned to indicate that the server requires authentication. The response headers are also displayed and should look similar to the following:

Connection: Keep-Alive
Content-Length: 0
Date: Fri, 27 Apr 2001 01:47:18 GMT
Content-Type: text/html
Server: Microsoft-IIS/5.0
WWW-Authenticate: NTLM
WWW-Authenticate: Negotiate
Cache-control: private

Although the response indicates that access to the resource was denied, it still returns several headers that provide some information about the resource. The header named "WWW-Authenticate" indicates that the server requires authentication for this resource. If there was a header named "Proxy-Authenticate", it would indicate that the proxy server requires authentication. Each authenticate header contains an available authentication scheme and sometimes a realm. The realm value is case-sensitive and defines a set of servers or proxies for which the same credentials should be accepted.

There are two headers named "WWW-Authenticate", which indicate that multiple authentication schemes are supported. If you call the GetResponseHeader method to find "WWW-Authenticate" headers, the method only returns the contents of the first header of that name. In this case, it returns a value of "NTLM". To ensure that all occurrences of a header are processed, use the GetAllResponseHeaders method instead.

The second method call requests the same resource, but first supplies authentication credentials by calling the SetCredentials method. The following section of code shows how this method is used.

WinHttpReq.SetCredentials( "User Name", "Password",
                               HTTPREQUEST_SETCREDENTIALS_FOR_SERVER);



This method sets the user name to "UserName", the password to "Password", and indicates that the authorization credentials apply to the resource server. Authentication credentials can also be sent to a proxy.

When credentials are supplied, the server returns a 200 status code that indicates that the document can be retrieved.
Checking the Status Codes

The previous example is instructional, but it requires that the user explicitly supply credentials. An application that supplies credentials when it is necessary and does not supply credentials when it is not necessary is more useful. To implement a feature that does this, you must modify your example to examine the status code returned with the response.

For a complete list of possible status codes, along with descriptions, see HTTP Status Codes. For this example, however, you should encounter only one of three codes. A status code of 200 indicates that a resource is available and is being sent with the response. A status code of 401 indicates that the server requires authentication. A status code of 407 indicates that the proxy requires authentication.

Modify the example you created in the last section by replacing the "getText2" function with the following code (replace "[authenticationSite]" with your own text to specifies the URL of a site that requires HTTP authentication):

function getText2() {
  WScript.Echo( "Credentials: " );

  // HttpRequest SetCredentials flags.
  HTTPREQUEST_SETCREDENTIALS_FOR_SERVER = 0;
  HTTPREQUEST_SETCREDENTIALS_FOR_PROXY = 1;

  // Specify the target resource.
  var targURL = "http://[authenticationSite]";
  WinHttpReq.open( "GET", targURL, false );

  var Done = false;
  var Attempts = 0;
  do
  {
    // Keep track of the number of request attempts.
    Attempts++;

    // Send a request to the server and wait for a response.
    WinHttpReq.send( );

    // Obtain the status code from the response.
    var Status = WinHttpReq.Status;

    switch (Status)
    {
      // A 200 status indicates that the resource was retrieved.
      case 200:
        Done = true;
        break;

      // A 401 status indicates that the server
      // requires authentication.
      case 401:
        WScript.Echo( "Requires Server UserName and Password." );

        // Specify the target resource.
        WinHttpReq.open( "GET", targURL, false );

        // Set credentials for the server.
        WinHttpReq.SetCredentials( "User Name",
                             "Password",
                              HTTPREQUEST_SETCREDENTIALS_FOR_SERVER);
        break;

      // A 407 status indicates that the proxy
      // requires authentication.
      case 407:
        WScript.Echo( "Requires Proxy UserName and Password." );

        // Specify the target resource.
        WinHttpReq.open( "GET", targURL, false );

        // Set credentials for the proxy.
        WinHttpReq.SetCredentials( "User Name",
                              "Password",
                              HTTPREQUEST_SETCREDENTIALS_FOR_PROXY );
        break;
    }
  } while( ( !Done ) && ( Attempts < 3 ) );

  // Display the results of the request.
  WScript.Echo( WinHttpReq.Status + "   " + WinHttpReq.StatusText );
  WScript.Echo( WinHttpReq.GetAllResponseHeaders( ) );
  WScript.Echo( );
};



Again, save and run the file. The second method still retrieves the document, but it only provides credentials when required. The "getText2" function executes the Open and Send methods as if authentication was not required. The status is retrieved with the Status property and a switch statement responds to the resulting status code. If the status is 401 (server requires authentication) or 407 (proxy requires authentication), the Open method is executed again. This is followed by the SetCredentials method, which sets the user name and password. The code then loops back to the Send method. If, after three attempts, the resource cannot be successfully retrieved, then the function stops execution.
Related Topics

Authentication in WinHTTP
WinHttpRequest
SetCredentials
HTTP/1.1 Request for Comments (RFC 2616)

Send comments about this topic to Microsoft

Build date: 7/14/2011

---
http://www.neilstuff.com/winhttp/

I got tired of waiting for MSDN as a reference to using the WinHttp ActiveXObject, so I'm transcribing things here. Visit MSDN's WinHttpRequest Object Reference for the original content.
WinHttp.WinHttpRequest.5.1
Methods of WinHttp

    Abort: Aborts a WinHTTP Send method.
    GetAllResponseHeaders: Retrieves all HTTP response headers.
    GetResponseHeader: Retrieves the HTTP response headers.
    Open: Opens an HTTP connection to an HTTP resource.
    Send: Sends an HTTP request to an HTTP server.
    SetAutoLogonPolicy: Sets the current Automatic Logon Policy.
    SetClientCertificate: Selects a client certificate to send to a Secure Hypertext Transfer Protocol (HTTPS) server.
    SetCredentials: Sets credentials to be used with an HTTP server梕ither an origin or a proxy server.
    SetProxy: Sets proxy server information.
    SetRequestHeader: Adds, changes, or deletes an HTTP request header.
    SetTimeouts: Specifies, in milliseconds, the individual time-out components of a send/receive operation.
    WaitForResponse: Specifies the wait time, in seconds, for an asynchronous Send method to complete, with optional time-out value.

Properties of WinHttp

    Option: Sets or retrieves a WinHTTP option value.
    ResponseBody: Retrieves the response entity body as an array of unsigned bytes.
    ResponseStream: Retrieves the response entity body as an IStream.
    ResponseText: Retrieves the response entity body as a string.
    Status: Retrieves the HTTP status code from the last response.
    StatusText: Retrieves HTTP status text.

Events of WinHttp

    OnError: Occurs when there is a run-time error in the application.
    OnResponseDataAvailable: Occurs when data is available from the response.
    OnResponseFinished: Occurs when the response data is complete.
    OnResponseStart: Occurs when the response data starts to be received.

WinHttp Methods
GetResponseHeader
The GetResponseHeader method gets the HTTP response headers.

    Return Value = GetResponseHeader( *bstrHeader )

* = Required
Syntax

    sHeader: A value of type string that specifies the case-insensitive header name.
    Return Value: This method returns the value of the response header named in bstrHeader.

Remarks
Invoke this method only after the Send method has been called.
Example
The following code example shows how to open an HTTP connection, send an HTTP request, and get the date header from the response.

     // Instantiate a WinHttpRequest object.
    var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");

    // Initialize an HTTP request.
    WinHttpReq.Open("GET",
                    "http://www.microsoft.com",
                     false);

    // Send the HTTP request.
    WinHttpReq.Send();

    // Display the date header.
    WScript.Echo( WinHttpReq.GetResponseHeader("Date"));

Open
The Open method opens an HTTP connection to an HTTP resource.
Syntax

    Open( *bstrMethod, *bstrUrl, varAsync = false )

* = Required.

    bstrMethod: A value of type string that specifies the HTTP verb used for the Open method, such as "GET" or "PUT". Always use uppercase as some servers ignore lowercase HTTP verbs.
    bstrUrl: A value of type string that contains the name of the resource. This must be an absolute URL.
    varAsync: A value of type Boolean that specifies whether to open in asynchronous mode. True=Opens the HTTP connection in asynchronous mode.

Remarks
This method opens a connection to the resource identified in bstrUrl using the HTTP verb given in bstrMethod.
Example Code
The following code example shows how to open an HTTP connection, send an HTTP request, and read the response text.

    // Instantiate a WinHttpRequest object.
    var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");

    // Initialize an HTTP request.
    WinHttpReq.Open("GET", "http://www.microsoft.com", false);

    // Send the HTTP request.
    WinHttpReq.Send();

    // Display the response text.
    WScript.Echo( WinHttpReq.ResponseText);

Send()
Syntax
The Send method sends an HTTP request to an HTTP server.

    Send( varBody )

    varBody: Data to be sent to the server.

Remarks
The request to be sent was defined in a prior call to the Open method. The calling application can provide data to be sent to the server through the varBody parameter. If the HTTP verb of the object's Open is "GET", this method sends the request without varBody, even if it is provided by the calling application.
Example Code
The following example shows how to open an HTTP connection, send an HTTP request, and read the response text.

    // Instantiate a WinHttpRequest object.
    var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");

    // Initialize an HTTP request.
    WinHttpReq.Open("GET", "http://www.microsoft.com", false);

    // Send the HTTP request.
    WinHttpReq.Send();

    // Display the response text.
    WScript.Echo( WinHttpReq.ResponseText);

    The following example shows how to post data to an HTTP server.

     // Instantiate a WinHttpRequest object.
    var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");

    // Initialize an HTTP request.
    WinHttpReq.Open("PUT", "http://postserver/newdoc.htm", false);

    // Post data to the HTTP server.
    WinHttpReq.Send("Post data");

SetTimeouts
The SetTimeouts method specifies the individual time-out components of a send/receive operation, in milliseconds.
Syntax

    SetTimeouts( ResolveTimeout, ConnectTimeout, SendTimeout, ReceiveTimeout )

    ResolveTimeout: Value of type Integer integer. Time-out value applied when resolving a host name (such as www.microsoft.com) to an IP address (such as 192.168.131.199), in milliseconds. The default value is zero, meaning no time-out (infinite). If DNS timeout is specified using NAME_RESOLUTION_TIMEOUT, there is an overhead of one thread per request.
    ConnectTimeout: Value of type Integer integer. Time-out value applied when establishing a communication socket with the target server, in milliseconds. The default value is 60,000 (60 seconds).
    SendTimeout: Value of type Integer integer. Time-out value applied when sending an individual packet of request data on the communication socket to the target server, in milliseconds. A large request sent to an HTTP server are normally be broken up into multiple packets; the send time-out applies to sending each packet individually. The default value is 30,000 (30 seconds).
    ReceiveTimeout: Value of type Integer integer. Time-out value applied when receiving a packet of response data from the target server, in milliseconds. Large responses are be broken up into multiple packets; the receive time-out applies to fetching each packet of data off the socket. The default value is 30,000 (30 seconds).

Remarks
All parameters are required. A value of 0 or -1 sets a time-out to wait infinitely. A value greater than 0 sets the time-out value in milliseconds. For example, 30,000 would set the time-out to 30 seconds. All negative values other than -1 cause this method to fail.

Time-out values are applied at the Winsock layer.

Example
The following example shows how to set all WinHTTP time-outs to 30 seconds, open an HTTP connection, and send an HTTP request.

    // Instantiate a WinHttpRequest object.
    var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");

    // Set time-outs. If time-outs are set, they must
    // be set before open.
    WinHttpReq.SetTimeouts(30000, 30000, 30000, 30000);

    // Initialize an HTTP request.
    WinHttpReq.Open("GET", "http://www.microsoft.com", false);

    // Send the HTTP request.
    WinHttpReq.Send();

WaitForResponse()
The WaitForResponse method waits for an asynchronous Send method to complete, with optional time-out value, in seconds.
Syntax

    Return Value = WaitForResponse( Timeout = -1)

    Timeout: Time-out value, in seconds. Default time-out is infinite. To explicitly set time-out to infinite, use the value -1.
    Return Value: True=A response has been received. False=A time-out error occurred.

Remarks
This method suspends execution while waiting for a response to an asynchronous request. This method should be called after a Send. Calling applications can specify an optional Timeout value, in seconds. If this method times out, the request is not aborted. This way, the calling application can continue to wait for the request, if desired, in a subsequent call to this method.

Calling this property after a synchronous Send method returns immediately and has no effect.

Example Code
This example shows how to open an asynchronous HTTP connection, send an HTTP request, wait for a response, and read the response text.

     // Instantiate a WinHttpRequest object.
    var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");

    // Initialize an HTTP request.
    WinHttpReq.Open("GET", "http://www.microsoft.com", true);

    // Send the HTTP request.
    WinHttpReq.Send();

    // Wait for the response.
    WinHttpReq.WaitForResponse();

    // Display the response text.
    WScript.Echo( WinHttpReq.ResponseText);

WinHttp Properties
WinHttp Events


----
http://msdn.microsoft.com/en-us/library/aa384106.aspx#events

WinHttpRequest Object

This topic provides information about using the WinHTTP WinHttpRequest COM object with scripting languages.
Members

The WinHttpRequest object has the following types of members:

    Events
    Methods
    Properties

Events

The WinHttpRequest object has the following events.
Event    Description
OnError   

Occurs when there is a run-time error in the application.
OnResponseDataAvailable   

Occurs when data is available from the response.
OnResponseFinished   

Occurs when the response data is complete.
OnResponseStart   

Occurs when the response data starts to be received.

 
Methods

The WinHttpRequest object has the following methods.
Method    Description
Abort   

Aborts a WinHTTP Send method.
GetAllResponseHeaders   

Retrieves all HTTP response headers.
GetResponseHeader   

Retrieves the HTTP response headers.
Open   

Opens an HTTP connection to an HTTP resource.
Send   

Sends an HTTP request to an HTTP server.
SetAutoLogonPolicy   

Sets the current Automatic Logon Policy.
SetClientCertificate   

Selects a client certificate to send to a Secure Hypertext Transfer Protocol (HTTPS) server.
SetCredentials   

Sets credentials to be used with an HTTP server—either an origin or a proxy server.
SetProxy   

Sets proxy server information.
SetRequestHeader   

Adds, changes, or deletes an HTTP request header.
SetTimeouts   

Specifies, in milliseconds, the individual time-out components of a send/receive operation.
WaitForResponse   

Specifies the wait time, in seconds, for an asynchronous Send method to complete, with optional time-out value.

 
Properties

The WinHttpRequest object has the following properties.
Property    Access type    Description

Option
    Read/write   

Sets or retrieves a WinHTTP option value.

ResponseBody
    Read-only   

Retrieves the response entity body as an array of unsigned bytes.

ResponseStream
    Read-only   

Retrieves the response entity body as an IStream.

ResponseText
    Read-only   

Retrieves the response entity body as text.

Status
    Read-only   

Retrieves the HTTP status code from the last response.

StatusText
    Read-only   

Retrieves HTTP status text.

 
Remarks

The WinHttpRequest object uses the IErrorInfo interface to provide error data. A description and numerical error value can be obtained with the Err object in Microsoft Visual Basic Scripting Edition (VBScript), and the Error object in Microsoft JScript. The lower 16 bits of an error number correspond to the values found in Error Messages.

Note  For Windows XP and Windows 2000, see Run-Time Requirements.
Requirements

Minimum supported client
    Windows XP, Windows 2000 Professional with SP3

Minimum supported server
    Windows Server 2003, Windows 2000 Server with SP3

Redistributable
    WinHTTP 5.0 and Internet Explorer 5.01 or later on Windows XP and Windows 2000.

IDL
   

HttpRequest.idl

Library
   

Winhttp.lib

DLL
   

Winhttp