Because the certificate is required when you log on to https, an exception occurs during login: system. net. sockets. socketexception,
Message = "unable to connect because the target machine is actively rejected. ", This may be because the certificate name does not match, if you cannot configure
To remotely process the client with the public certificate name, you can use the following settings in the client application configuration file to override this mismatch.
.
<System.net>
<Settings>
<Servicepointmanager
Checkcertificatename = "true"
/>
</Settings>
</System.net>
To make the client ignore Certificate Name Mismatch programmatically, the client must create an instance of a specific class.
The certificateproblem value is 0x800c010f, which implements the icertificatepolicy interface and
The checkvalidationresult method returns true. Then, you must register the object
System. net. servicepointmanager object by passing the object
Servicepointmanager. certificatepolicy attribute ."
To make checkvalidationresult return true unconditionally, we declare a trustallcertificatepolicy class:
Public class trustallcertificatepolicy: system. net. icertificatepolicy
{
Public trustallcertificatepolicy ()
{
}
Public bool checkvalidationresult (servicepoint
SP, system. Security. cryptography. x509certificates. x509certificate cert,
Webrequest req, int problem)
{
Return true;
}
}
Then, add
System. net. servicepointmanager. certificatepolicy = new trustallcertificatepolicy ();
You can.
In this way, the code can smoothly establish an SSL channel with the https server.
[The content above comes from the Internet and has forgotten the author's blog]
Next, we only need to use tools to capture packets for analysis. I am using httpanalyzerstdv3. Of course there are other tools, but I am not
I feel that this tool is sufficient for the job. Use this work packet capture to analyze the data flow and the actual
Jump address. Then, you only need httpwebrequest to post the data and use httpwebreponse to obtain the returned data.
Personal summary:
1. Analyze the web page of the system to be automatically logged on, view the HTML code in the browser by viewing the source file, and analyze the result.
Structure, because some pages may be composed of multiple IFRAME, and we only focus on one IFRAME.
The HTML code of IFRAME is determined by our requirements.
2. If you need to process dynamically generated data, we should also analyze the page where the corresponding dynamic data is located. In reality, there may be too many
Steps to enter a dynamic data page, but during our simulation operation, we do not need to simulate all the steps,
If the URL address is not encrypted, we can try to create a new
Page, enter the URL address. If data can also be directly obtained, it will make the work much easier, because we simulate Login
You can directly go to this page. If you cannot directly access the file, you need to capture packets for analysis.
3. When packet capture analysis is performed using httpanalyzerstd, targeted analysis can be performed, and some unwanted packages can be skipped.
The analysis is troublesome. It only captures the packet data when an action occurs.
4. You should also pay attention to the cookie issue. If the system redirects to multiple servers, you may need to rewrite the cookie value.
5. Because JavaScript may be used to redirect a page when an action occurs in the system, after the simulated action is executed
Getresponsestream is a prompt that cannot jump to a certain page. At this time, we need to extract the URL address from the stream.
And then get the URL.