0

I've searched everywhere on how to make this happen but with no results. First I need to make a request to a website then send a hash (which I already have) and get a response with some data. I was able to connect but I'm not able to use the hash key to get the data. Can anyone help me how to do this using android? Thanks.

I tried to follow this:Make an HTTP request with android using a host

The solution:

    final HttpClient client = new DefaultHttpClient();
    final HttpPost postMethod = new HttpPost(URL);
    postMethod.setEntity(new StringEntity(postData, "utf-8"));
    String responseData = "";
    try {
        final HttpResponse response = client.execute(postMethod);
        responseData = EntityUtils.toString(response.getEntity(), "utf-8");
    } catch(final Exception e) {
        // handle exception here
    }
Community
  • 1
  • 1
Lucas Jeronimo
  • 13
  • 6

2 Answers2

0

It depends on which kind of hash you are using (SHA-N, MD5, etc) and the kind of framework you are using to build the server. Try to search on the documentation of your framework which kind of cryptographic hash function is used. Then search on internet an API that implements this cryptographic hash function on your code (e.g., Django uses PBKDF2). After that, you need to define the parameters of this function (salt, number of iterations, password (or hash)). The algorithm calculates the hash (password) using the salt and number of iterations values. So when you are trying to access a server you have to send via HTTP the hash that was generated. If this hash is the same hash generated on the server side, then the authentication is successful.

  • Exactly, I just don't know how to send the hash to authenticate with the server. I know I have the right hash because I was able to implement this with C#, but I'm having trouble to do this in android. – Lucas Jeronimo Jul 09 '15 at 14:40
  • Ok, you can send your hash via URL query parameters. –  Jul 09 '15 at 14:42
  • Can you give me some feedback? –  Jul 09 '15 at 15:00
0

This is an example of what you can do:

    final String URL = "http://192.168.0.100:8000/myHistory/mobile/?user=";
    HttpClient client;
    StringBuilder url = new StringBuilder(URL);
    url.append(user);
    url.append("&pwd=");
    url.append(hash);
    client = new DefaultHttpClient();
    HttpGet get = new HttpGet(url.toString());
    HttpResponse response = null;
    try {
        response = client.execute(get);
    } catch (IOException e) {
        e.printStackTrace();
    }

    int status = 0;
    status = response.getStatusLine().getStatusCode();
    if (status == 200) {
        HttpEntity entity = response.getEntity();
        String data = "";
        try {
            data = EntityUtils.toString(entity);
        } catch (IOException e) {
            e.printStackTrace();
        }

       //Here you manipulate the 'data' variable, which is in HTML format.
  • I try to use like you sugest, but with no sucess. response.getStatusLine().getStatusCode() = 404. In this case the website don't use user or pwd so I just use the hash(url.append(hash)). But I think we're in the right direction. Thanks by the way :D – Lucas Jeronimo Jul 09 '15 at 16:50
  • I'm trying to implement this in android, so you did right. With your help I think I'm very close to my answer. – Lucas Jeronimo Jul 09 '15 at 17:24
  • So, the query string might be encrypted (HTTPS). HTTP, on the other hand, if used, it does not encrypt the query string. HTTPS is more secure. But I don't know how HTTPS works, sorry. –  Jul 09 '15 at 17:31