Easy way to login to a web site over secure connection (SSL, https)?

Question

I am trying to login to a web site over secure connection using Borland Builder 6 and Indy 10.6 and I'm losing the fight. The web site sends me back a different page than I expect, because probably the data I post is incorrect or maybe some cookies are missing. Is there a way to see the actual data I am posting? Alternatively, I could use SharpDevelop and all the .Net functions. Is there an easy way to deal with all the cookies and javascript variables that are generated by the server and scripts? What I am thinking is if there is any browser component or something to download the login page and have all the required data prepared (hidden inputs, etc) and allow me to just enter my data (username/password) and get permission to the web site pages. Or maybe download the login page, edit the source code to fill in the username/password and then post back all of it (as if I press the submit button).

Thanks, Nick

Answer 1

You can assign a TIdLog... component, such as TIdLogFile or TIdLogEvent, to the TIdHTTP.Intercept property. That will show you the raw HTTP data that TIdHTTP is exchanging with the server. Messages are logged before encryption and after decryption, so you will see the unencrypted HTTP messages even if SSL is used. You can use Fiddler to see how a real web browser converses with the server, then compare that to the TIdHTTP conversation.

Typically, when you need to automate a web login with TIdHTTP, you have to mimic what a user in a web browser would do. Visit the opening page, let the server redirect you if needed, let the server send whatever cookies it needs, then you can parse the login form HTML to get any field values that are needed and then submit them using a TStringList or a TIdMultipartFormDataStream, depending on settings of the web form itself. And so on.

Something else to keep in mind is that some servers are sensitive to the User-Agent request header, sending different responses that are custom-tailored to particular web browsers. So you might try setting the TIdHTTP.Request.UserAgent property to a different value that mimics one of the major web browsers.