{Script}

{CSS}

Reverse Engineering on Blogger (Atom/HTTP)


Well, I wanted to create an Error Report feature to use within my tools.
Which would send me the data of any exception/crash my applications might cause.


To implement such feature I was thinking on, since I don't own any website, to make Error Report being actually sent as an usual comment on a special page I make on Blogger.

You can find Blogger APIs for .NET to study more about Atoms (RSS) and how they implemented it.
But I don't want to import such thing as this would require me to provide my own login information.
Even encrypted, anyone with enough knowledge can reverse-engineer it to get.
If one's willing, one does.

After some struggling I found to be better to send POST data using System.Net.WebRequest from C#.

Blogger requires some POST data to be sent such as:
(When Comment-Form is used as an iFrame)
Variable Type Description
securityToken string Token Hash to verify Autenticity
blogID unique int Blog UID (Unique Identifier
[pageID | postID] unique int [Page | Post] UID (Unique Identifier)
encodedIds string Cached Author IDs. (Encoded with UTF-8)
encodedSelectedId string Current Author IDs. (Encoded with UTF-8)
showPreview bool false to submit.
true to return to Comment-Form with Preview Data.
photourl string URL of Photo
photowidth int Width in Pixels of Photo
photoheight string URL of Photo
openIdUri string if OpenID, it's URI
anonName string Anomymous ? "Anonymous" : Custom Name
anonURL string Anomymous ? "" : Custom URL
commentBody string Message as HTML (Encoded with UTF-8)
identityMenu string Identity Chosen.
"CURRENT" | "NONE" | "OPENID" | "NAMEURL" | "ANON"

Using the following C# written functions I am able to send POST data.
WebResponse HTTP_Send(string URi, string QueryParams, string Method)
{
  WebRequest httpRequest = WebRequest.Create(URi);
  httpRequest.ContentType = "application/x-www-form-urlencoded";
  httpRequest.Method = Method;
  byte[] bytesParams = Encoding.ASCII.GetBytes(QueryParams);
  Stream os = null;

  try
  {
    httpRequest.ContentLength = bytesParams.Length;
    os = httpRequest.GetRequestStream();
    os.Write(bytesParams, 0, bytesParams.Length);
  }
  catch (WebException ex)
  {
    MessageBox.Show(ex.ToString(), "HTTP Request Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
    return null;
  }
  finally
  {
    if (os != null)
      os.Close();
  }

  return httpRequest.GetResponse();
}

string HTTP_Response(WebResponse httpResponse)
{
  try
  {
    if (httpResponse == null) 
      return null;
    StreamReader sr = new StreamReader(httpResponse.GetResponseStream());
    return sr.ReadToEnd().Trim();
  }
  catch (WebException ex)
  {
    MessageBox.Show(ex.ToString(), "HTTP Response Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
    return null;
  }
}
However, seems like, either some specific key is missing, or blogger know the data is being sent by an application.
Even with the request of the POST data running fine, Blogger does not create the comment as it should.

This code may serve for many purposes, allowing you to send GET/POST data to other websites.
(Examples)
// Send 'param1=Value&Param2=Value' via GET method to 'http://www.domain.com/'
WebResponse sendData = HTTP_Send("http://www.domain.com/", "param1=Value&Param2=Value", "GET");
// Gets the response in HTML
string responseData = HTTP_Response(sendData);

More info at comments.

19 comments :

Anonymous said...

Where you able to extract the data from the "Get" request that google makes to get the above information? It changes every time, or at least most of it does.

#MK said...

The data itself was gathered through the POST request by the comment page itself.
Did so by building a custom PHP page elsewhere and making the form submit the information there.

You won't be able to send comments through HTTP requests this way.
For each visit you do in a page a security key has is generated.
To be able to send all this data you need the updated securityToken hash;
And you can't get it by the usual means, that is, to browse through the DOM values.

There is a possibility, however you can do a quick RegExp expression search on the plain-text source for the token hash.
However, each key is connected to each connection.
This could mean that a stable connection between them would be necessary to do so.

Anonymous said...

cheapest ambien buy ambien sleeping pills online - ambien youtube

Anonymous said...

ativan anxiety ativan and alcohol side effects - ativan dosage canada

Anonymous said...

zolpidem buy side effects of zolpidem 10mg - ambien side effects in women

Anonymous said...

xanax antidepressant cover xanax drug test - xanax side effects depression

Anonymous said...

ativan sale buy ativan online no prescription needed - side effects getting off ativan

Anonymous said...

diazepam 5mg 75 mg valium - is valium or xanax better for anxiety

Anonymous said...

diazepam without prescription buy diazepam online - effects of snorting valium diazepam

Anonymous said...

cheap lorazepam buy ativan online uk - ativan withdrawal hair loss

Anonymous said...

buy xanax cheap alprazolam er 0.5 mg tablet - buy xanax online from canada

Anonymous said...

xanax 1mg 1mg xanax fear flying - xanax side effects headache

Anonymous said...

ambien zolpidem ambien 6.5 cr - ambien cr 12.5

Anonymous said...

soma online soma urine drug screen - buy soma online yahoo answers

Anonymous said...

soma without prescription carisoprodol risks - legal order soma online

Anonymous said...

order zolpidem buy ambien argentina - ambien cr ( zolpidem tartrate)

Anonymous said...

valium depression how will 5mg valium affect me - valium online holland

Anonymous said...

buy ambien online ambien side effects bad taste mouth - ambien overdose 20 mg

Anonymous said...

buy cheap soma somanabolic muscle maximizer complaints - carisoprodol 350 mg dose