4

With normal HTTP I can download upload and navigate to routers but I can't find any code to do any of that when the routers are on HTTPS.

To download I use this:

Try
    My.Computer.Network.DownloadFile("http://" & "180.29.74.70" & "/cgi-bin/log.cgi", "C:\Users\ssb\Desktop\randomword.txt", "username", "password")
    WebBrowser1.Refresh()
Catch ex As Exception
    MessageBox.Show("Router not sufficient for operation Return for Inspection cannot download log file")
End Try

To upload a file I use this:

  My.Computer.Network.UploadFile("C:\Users\ssb\Desktop\tomtn.txt", "http://" & "180.29.74.70" & "/cgi-bin/updateconfig.cgi", "username", "password")

To navigate to a web page on HTTP I use this:

WebBrowser1.Navigate("https://username:password@180.29.74.70 ")

But when I use HTTPS:

WebBrowser1.Navigate("https://username:password@180.29.74.70 ")

I get this security alert:

Certificate Error

Then I click on yes and it goes to the page—but I need the code to bypass any security questions like these.

InteXX
  • 6,135
  • 6
  • 43
  • 80
Nikki
  • 85
  • 16
  • Why do you have two asterisks before http and two after it in your code? What is the content of ex (the exception that you catch)? How is WebBrowser1 related to the download (it is not the same as My.Computer.Network)? – z32a7ul Apr 09 '17 at 15:57
  • @z32a7ul—My guess is that it was an error related to SO markdown syntax. – InteXX Apr 11 '17 at 02:07
  • Yea but that makes it more of a chalenge being https and not just http if the certificate is untrusted i dont think you should be able to programatically bypass security mesures but as it turns out you can. also when using a username or password that is more secure like p@ssword or using you email eg something@somewere.com passing them whith a header to navigate to a webpage, special caracters should be encoded instead of @ you should use %40 eg p%40wword while if you were going to download using My.Computer.Network.DownloadFile the normal password should work – Nikki Apr 13 '17 at 04:27

3 Answers3

1

Even though they're loosely related, you've presented two separate questions here.

  1. Why is the call failing when I use the WebBrowser control to load a page via HTTPS?
  2. Why is the call failing when I use the DownloadFile() method to download a file via HTTPS?

First, you need to eliminate the possibility that your code is failing. Try both of the tasks above using public HTTPS URLs that are known to work correctly.

If you discover that the source of the problem is your private URL, you may want to consider whether you want to ignore SSL errors in your WebBrowser control.

You can do so using the (untested, translated to VB) code from this blog post:

Partial Public Class Form1
  Inherits Form

  Private WithEvents WebBrowser As New WebBrowser

  Private Sub WebBrowser_DocumentCompleted(Sender As Object, e As WebBrowserDocumentCompletedEventArgs) Handles WebBrowser.DocumentCompleted
    If e.Url.ToString() = "about:blank" Then
      'create a certificate mismatch
      WebBrowser.Navigate("https://74.125.225.229/")
    End If
  End Sub
End Class



<Guid("6D5140C1-7436-11CE-8034-00AA006009FA")>
<InterfaceType(ComInterfaceType.InterfaceIsIUnknown)>
<ComImport>
Public Interface UCOMIServiceProvider
  <PreserveSig>
  Function QueryService(<[In]> ByRef guidService As Guid, <[In]> ByRef riid As Guid, <Out> ByRef ppvObject As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
End Interface



<ComImport>
<ComVisible(True)>
<Guid("79eac9d5-bafa-11ce-8c82-00aa004ba90b")>
<InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)>
Public Interface IWindowForBindingUI
  <PreserveSig>
  Function GetWindow(<[In]> ByRef rguidReason As Guid, <[In], Out> ByRef phwnd As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
End Interface



<ComImport>
<ComVisible(True)>
<Guid("79eac9d7-bafa-11ce-8c82-00aa004ba90b")>
<InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)>
Public Interface IHttpSecurity
  'derived from IWindowForBindingUI
  <PreserveSig>
  Function GetWindow(<[In]> ByRef rguidReason As Guid, <[In], Out> ByRef phwnd As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
  <PreserveSig>
  Function OnSecurityProblem(<[In], MarshalAs(UnmanagedType.U4)> dwProblem As UInteger) As Integer
End Interface



Public Class MyWebBrowser
  Inherits WebBrowser
  Public Shared IID_IHttpSecurity As New Guid("79eac9d7-bafa-11ce-8c82-00aa004ba90b")
  Public Shared IID_IWindowForBindingUI As New Guid("79eac9d5-bafa-11ce-8c82-00aa004ba90b")
  Public Const S_OK As Integer = 0
  Public Const S_FALSE As Integer = 1
  Public Const E_NOINTERFACE As Integer = &H80004002
  Public Const RPC_E_RETRY As Integer = &H80010109



  Protected Overrides Function CreateWebBrowserSiteBase() As WebBrowserSiteBase
    Return New MyWebBrowserSite(Me)
  End Function



  Private Class MyWebBrowserSite
    Inherits WebBrowserSite

    Implements UCOMIServiceProvider
    Implements IHttpSecurity
    Implements IWindowForBindingUI

    Private myWebBrowser As MyWebBrowser



    Public Sub New(myWebBrowser As MyWebBrowser)
      MyBase.New(myWebBrowser)
      Me.myWebBrowser = myWebBrowser
    End Sub



    Public Function QueryService(ByRef guidService As Guid, ByRef riid As Guid, ByRef ppvObject As IntPtr) As Integer Implements UCOMIServiceProvider.QueryService
      If riid = IID_IHttpSecurity Then
        ppvObject = Marshal.GetComInterfaceForObject(Me, GetType(IHttpSecurity))
        Return S_OK
      End If
      If riid = IID_IWindowForBindingUI Then
        ppvObject = Marshal.GetComInterfaceForObject(Me, GetType(IWindowForBindingUI))
        Return S_OK
      End If
      ppvObject = IntPtr.Zero
      Return E_NOINTERFACE
    End Function



    Public Function GetWindow(ByRef rguidReason As Guid, ByRef phwnd As IntPtr) As Integer Implements IHttpSecurity.GetWindow, IWindowForBindingUI.GetWindow
      If rguidReason = IID_IHttpSecurity OrElse rguidReason = IID_IWindowForBindingUI Then
        phwnd = myWebBrowser.Handle
        Return S_OK
      Else
        phwnd = IntPtr.Zero
        Return S_FALSE
      End If
    End Function



    Public Function OnSecurityProblem(dwProblem As UInteger) As Integer Implements IHttpSecurity.OnSecurityProblem
      'ignore errors
      'undocumented return code, does not work on IE6
      Return S_OK
    End Function
  End Class
End Class

Regarding problem #2: It appears you may be confusing WebBrowser and DownloadFile(). As you've probably already discovered, the WebBrowser control doesn't download files. However, you can simulate the behavior using this technique:

Partial Public Class Form2
  Inherits Form

  Private Sub WebBrowser_Navigating(Sender As Object, e As WebBrowserNavigatingEventArgs) Handles WebBrowser.Navigating
    Dim sFilePath As String
    Dim oClient As Net.WebClient

    ' This can be any conditional criteria you wish '
    If (e.Url.Segments(e.Url.Segments.Length - 1).EndsWith(".pdf")) Then
      SaveFileDialog.FileName = e.Url.Segments(e.Url.Segments.Length - 1)
      e.Cancel = True

      If SaveFileDialog.ShowDialog() = DialogResult.OK Then
        sFilePath = SaveFileDialog.FileName
        oClient = New Net.WebClient

        AddHandler oClient.DownloadFileCompleted, New AsyncCompletedEventHandler(AddressOf DownloadFileCompleted)

        oClient.DownloadFileAsync(e.Url, sFilePath)
      End If
    End If
  End Sub



  Private Sub DownloadFileCompleted(Sender As Object, e As AsyncCompletedEventArgs)
    MessageBox.Show("File downloaded")
  End Sub



  Private WithEvents SaveFileDialog As New SaveFileDialog
  Private WithEvents WebBrowser As New WebBrowser
End Class

In any event, the first step in solving this is to figure out whether it's your code or the private URL that's causing your issue.

Community
  • 1
  • 1
InteXX
  • 6,135
  • 6
  • 43
  • 80
  • @Nikki—You're probably going to be better off addressing the security issues flagged by IE (the `WebBrowser` control uses IE). After all, security should come first; workarounds to bypass security measures should be your last resort. For the first error, you have two options: 1] Install the Root CA in your certificate store or 2] Switch to a trusted CA for the server certificate in IIS (see [Let's Encrypt](https://letsencrypt.org/) for a free domain-validated certificate). For the second error, modify your URL to use the hostname as indicated in the certificate instead of the IP address. – InteXX Apr 10 '17 at 18:12
  • each router has a diffrent ipaddress all in the same range there are hundrets of routers that need to be reached the main goal is for the application to login to the router download its configurations and check that they are correct the application has to be as simple as possible because the people who are going to be doing the testing probable dont know anything il do some research on sertificates but all my code works on the http im basically finished if i can just get by that security check – Nikki Apr 11 '17 at 04:26
  • @Nikki—I see. Then it seems you're stuck with bypassing the security check, using the code above (assuming it works—again, I haven't tested it). What problems are you having integrating it? You should just be able to save the code to a new *.vb file in your project. Rename the `Form1` and `Form2` classes to be the same as your existing form class. – InteXX Apr 11 '17 at 08:28
0

The main thing needed here is to programatically download a file from a https url while using a username and password blocked by the security certificate issue

and the solution after searching for 2 weeks is

To Download a file you can disable the security cerificate request temporaraly with the following code then after the code ran it enables the security certicate again

First code you dont even need a browser it automatically saves the file to you desktop

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        'check if a simular file doesnt exists so you can create a new file and deletes the file if it exists
        If File.Exists("C:\pathtoyourfile\yourfilename.txt") Then
            File.Delete("C:\pathtoyourfile\yourfilename.txt")
        End If

        'Type this before your download or hhtps request
        'ByPass SSL Certificate Validation Checking
        System.Net.ServicePointManager.ServerCertificateValidationCallback =
  Function(se As Object,
  cert As System.Security.Cryptography.X509Certificates.X509Certificate,
  chain As System.Security.Cryptography.X509Certificates.X509Chain,
  sslerror As System.Net.Security.SslPolicyErrors) True

        'Call web application/web service with HTTPS URL here
        '=========================================================================================
        'ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications
        Try
            My.Computer.Network.DownloadFile("https://176.53.78.22/filenameonserveryouwanttodownload", "C:\pathtoyourfile\yourfilename.txt", "Yourusername", "yourpassword")
            WebBrowser1.Refresh()
        Catch ex As Exception
            MessageBox.Show("message saying something didnt work")
            'exit sub if it worked
            Exit Sub
        End Try
        MessageBox.Show(" message saying it worked")
        '=========================================================================================
        'Restore SSL Certificate Validation Checking
        System.Net.ServicePointManager.ServerCertificateValidationCallback = Nothing
    End Sub

then to browse to a webaddress the following code will popup and the security popup will popup but just select yes browsing on the webpage works normally

WebBrowser1.Navigate("https://username:password@180.29.74.70 ")
Nikki
  • 85
  • 16
  • from you image on the main post, it looks like your ssl certificate has two issues. 1. You got your certificate from an provider that isn't trusted by windows. 2. You are accessing the host machine via an ip address. http://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name – Paul Totzke Apr 12 '17 at 21:37
0

As you said:

[...] I need the code to bypass any security questions like these.

In other word, you need to "automatically accept self signed SSL certificate", so in my opinion it is a duplicate question with : VB .net Accept Self-Signed SSL certificate, which may fit your needs.

and most especially slaks answer:

In VB.Net, you need to write:

ServicePointManager.ServerCertificateValidationCallback = AddressOf AcceptAllCertifications

Community
  • 1
  • 1
A. STEFANI
  • 6,707
  • 1
  • 23
  • 48