1

sorry for my English)))

I have been trying to solve my problem for a long time, but unfortunately so far without success (((( I have a POST request of a certain type, I need to change it and send it to another address, and the original request should go further to its address. I'm trying to work with the exchange. More to the point, I have a request like this :

https://api.binance.com/api/v3/order?symbol=CELRBTC&orderId=73902412&recvWindow=55000&timestamp=1635266807744&signature=556b9c4121eb819d96a440b54661181e75ab2324a9d3b5fe0a73dd793626cb96

I need to send this request after the original one

https://fapi/binance.com/fapi/v1/order?symbol=KEEPUSDT&side=BUY&type=MARKET&quantity=100&timeInForce=GTC&recvWindow=5000&timestamp=1591702613943&signature= 3c661234138461fcc7a7d8746c6558c9842d4e10870d2ecbedf7777cad694af

In addition, the public API is passed in the header

Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/plain; q=0.9, text/html;q=0.8,
Accept-Charset: UTF-8, *;q=0.8
Accept-Encoding: gzip, deflate
X-MBX-APIKEY: YIGXAtXbQg0790CnIvKzo3oIQPmEPwiySjdQj28h0H3g87D2rwcun0kRWvh4m9J6
Host: api.binance.com

I tried to do all this work in the onBeforeRequest method

static function OnBeforeRequest(oSession: Session) {
   
    
if (oSession.RequestMethod == "POST" &&  oSession.uriContains("order") ) {
   
     oSession.utilDecodeResponse()
    var strBody=oSession.GetRequestBodyAsString();


       // timestamp, time ms
        
        var timestampSTART= oSession.url.IndexOf("timestamp=") + 10; 
        
        var timestampEND= oSession.url.IndexOf("&", timestampSTART);   
       
        var timestamp = oSession.url.Substring(timestampSTART, 13);
        
       
        // SYMBOL
        
        var symbolStart = oSession.url.IndexOf("symbol=")+7;
       
        var symbolend = oSession.url.IndexOf("BTC", symbolStart)+3;
   
        var symbol = oSession.url.Substring(symbolStart, symbolend-symbolStart);
        
        
       //  Signature (timestamp+SecretAPIKey=Hmac Sha256)   theoretically, it can be taken from the original request, but it is more reliable to make your own 
       var signStart = oSession.url.IndexOf("signature=")+10;
                     
       var sign = oSession.url.Substring(signStart);
        
       
        //PRICE
        
     var PriceStart = oSession.url.IndexOf("price=")+6;
     var PriceEND = oSession.url.IndexOf("&", PriceStart);
     var priceStr = oSession.url.Substring(PriceStart, PriceEND-PriceStart);
     var price = parseFloat(priceStr);
        
                                
        // Quantity
        
        var quantity = 50/ price*63000;
  
        var apiBIN =  "https://fapi.binance.com/fapi/v1/order?" ;
      
       
     //    var result = apiBIN+"symbol="+symbol+"&side=BUY&type=MARKET&quantity="+ quantity+"&timeInForce=GTC&recvWindow=5000&timestamp="+timestamp+"&signature="+sign;
            
     //    oSession.utilSetRequestBody(result)
  
     //   FiddlerApplication.oProxy.SendRequest(oSession.RequestHeaders, oSession.requestBodyBytes, null);

have selected the necessary parameters from the request, but I do not understand how to send it in any way, and I also lose the header with the API key. Separately, I want to note the "Signature" parameter, which is created using the Hmac Sha256 algorithm from the secret API key and time, which I also can't figure out how to describe it in the code.

I would be very grateful for any help, with the possibility of some payment for substantial help.

Max
  • 11
  • 2
  • FiddlerScript bases on .Net technology and thus all the .Net classes are available, for HMACSHA256 you can use https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.hmacsha256 `new System.Security.Cryptography.HMACSHA256(secretKey);` – Robert Oct 27 '21 at 15:51
  • thank you so much for your help, it was very important!!! it remains only to figure out how to send a separate request after sending the main one. currently, I can't run the "static function After Session Complete(session) : Session" method, it doesn't run((( in which place should I write it correctly? – Max Oct 27 '21 at 16:38
  • If you want to make the second request **after** the main request you should consider sending it in `OnBeforeResponse`. Via session object the request should be still accessible to generate the modified second request. – Robert Oct 27 '21 at 16:51
  • after many attempts, I almost succeeded! and I still have 1 main question. How to encrypt a query string with a key. I found a description of the specified System.Security class.Cryptography.HMAC SHA256(), but due to my weak skills, I don't understand how I can use it correctly. I need to encrypt the request body using my secret key, how do I do this? In the examples I found, I saw how the key is still translated into byte code, and then hashed twice, and then I got completely confused. Could you give an example of how to encrypt a parameter with a key on for FiddlerScript? – Max Oct 28 '21 at 11:32
  • Using an HMAC can can not encrypt anything. An HMAC generates an Message Authentication Code (MAC), a symmetric signature (in difference to an asymmetric signature like RSA). An HMAC is a hash function plus a secret key. – Robert Oct 28 '21 at 11:40
  • dear Robert, I may be a little confused in terminology, but in general I understand what is at stake. please tell me with a specific task, how do I get a signature with the parameter of the existing query string and my key. How to use System.Security correctly.Cryptography.HMACSHA256(secretKey)? I roughly imagine it like this var sign = System.Security.Cryptography.HMACSHA256(queryStr, SecretKey), but this is incorrect. true examples for js.net I have not found (((( here is an example, but how to use it on js.net To do, I do not know(( – Max Oct 28 '21 at 12:27
  • https://stackoverflow.com/questions/50304411/binance-api-hmac-signature – Max Oct 28 '21 at 12:27
  • Searching for examples of js.net is a waste of time as nobody uses it. Search for C# examples and then change them to FiddlerScript. See e.g. here: https://dotnetcodr.com/2016/10/14/using-hmacs-to-authenticate-a-hash-in-net/ Alternatively you can try the methods that are documented for HMACSHA256 class (see my first link and then -> methods). – Robert Oct 29 '21 at 13:54

1 Answers1

0

I used C# to solve the problem. I didn't know Fiddler could choose the language. Technically, I have achieved my goal, but currently finance is writing an incorrect request. I will deal with this separately. Special thanks to Robert for his help.

    public static void OnBeforeResponse(Session oSession)
    {
       
    
        if (oSession.HTTPMethodIs("POST") && oSession.uriContains("order")) 
        { 


              String strBody =  oSession.GetRequestBodyAsString(); 


                 //Price 

               int PriceStart = strBody.IndexOf("price=")+6;

               int PriceEND = strBody.IndexOf("&", PriceStart);

               string priceStr = strBody.Substring(PriceStart, PriceEND-PriceStart);

               float priceF = float.Parse(priceStr, System.Globalization.CultureInfo.InvariantCulture);
 

                 // SYMBOL
        
               int symbolStart = strBody.IndexOf("symbol=")+7;
       
               int symbolend = strBody.IndexOf("BTC", symbolStart);
   
               string symbol = strBody.Substring(symbolStart, symbolend-symbolStart);
        


                // Quantity
        
                int quantStart = strBody.IndexOf("quantity=")+9;
                   
                int quantend = strBody.IndexOf("&price", quantStart); 

                string quant = strBody.Substring(quantStart, quantend-quantStart);

                float quantity = float.Parse(quant, System.Globalization.CultureInfo.InvariantCulture)*2;
    

                // timestamp

                decimal timestamp = Math.Round(Convert.ToDecimal(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds), 0);

       

                //Sign

                Encoding ascii = Encoding.ASCII;

                string secretKey = "lfaeGkjitNwvyG2lqDueMhSAOzRFlzL73w5pKRCAvSy7YrxyTkvwKCcHBHj...";


                HMACSHA256 hmac = new HMACSHA256(ascii.GetBytes(secretKey));


                //   string query_string_LIMIT = "symbol="+symbol+"USDT&side=BUY&type=LIMIT&timeInForce=GTC&quantity="+quantity+"&price="+priceF+"&recvWindow=5000&timestamp="+timestamp+"&signature=";

                string result = "symbol="+symbol+"USDT&side=BUY&type=MARKET&quantity="+ quantity+"&recvWindow=5000&timestamp="+timestamp+"&signature=";
        

                String signature = BitConverter.ToString(hmac.ComputeHash(ascii.GetBytes(result))).Replace("-","");

    
   



                oSession.host="fapi.binance.com";
  
                string resultRequest = "symbol="+symbol+"USDT&side=BUY&type=MARKET&quantity="+ quantity+"&recvWindow=5000&timestamp="+timestamp+"&signature="+signature;


                

                byte[] resulByte =   System.Text.Encoding.ASCII.GetBytes(resultRequest);


                //oSession.utilReplaceInRequest("api/v3/order","fapi/v1/order?"+resultFin);

                oSession.url = oSession.url.Replace("api/v3/order", "fapi/v1/order?"+resultRequest);      


                FiddlerApplication.oProxy.SendRequest (oSession.RequestHeaders, resulByte, null);            

           }
Max
  • 11
  • 2