How to write a proper .ini file
===============================
Introduction
------------
As many people don't seem to know, how to generate custom .ini files,
I'll try to explain the process a bit by the example of coke.at SMS gateway.
Hopefully you'll then understand the basics and will be able to write
your own .ini files.
Getting started - How to use Proxomitron
----------------------------------------
First of all you need to know what your browser is doing while you
are using your SMS-gateway. As most browser don't have a feature to
log their transactions with the webserver, we need to have a program that
is between the browser and the target host. This thing is called a "Proxy".
So we have to install a local Proxy server that is able to log your
transactions. I decided to use Proxomitron, as it's easy to install and
configure.
So, first of all download Proxomitron from www.proxomitron.info:
http://www.proxomitron.info/files/download/ProxN45j.zip
After downloading, extract the files contained in the archive to a
local directory (no need to install anything into your Windows\System32
folder, that's another thing I loke about Proxomitron).
Now start Proxomitron.exe
Next thing to do is to find out, wether you need to have a remote-proxy
where the data is passed through. If you are behind a company's Firewall,
you may be required to use a proxy. Please check the Internet connection
settings of your Browser and look if there is a proxy entry.
--------------------------------------------------------------------------
If so, write down Proxy hostname and Port, click on "Proxy" in Proxomitron
and enter your.proxy.hopstname:Port, for example proxy.chello.at:3128
Click on "Test" and see if it is able to connect. You may get a
"HTTP/1.0 403 Forbidden" - never mind, it's working anyways.
Now tick [X] Use Remote Proxy in Proxomitron.
If everything is fine, click OK and we've configured your remote-Proxy
--------------------------------------------------------------------------
Now you have to replace the Proxy-entry in your web-browser with:
Host: localhost Port: 8080
Try to surf around a bit with your browser and see, if it's still working.
If not, you did something wrong. Just restore your old browser settings
and try again,until you get it working, otherwise you won't be able to
continue.
Next step is to start logging your communication. To do this, Click
"Log Window" in PRoxomitron.
You get a blak window where your communication will be logged.
Now we have to configure it properly:
Click on "Edit" and check the following Entries:
* View Posted data
* HTTP headers
Ok, log is set up now. Now we can start exploring the SMS-gateway in
the next step
Exploring the gateway
---------------------
In this example, we will explore the www.coke.at SMS-gateway.
So type www.coke.at in your browser's URL-bar and we get to the
starting page. We click on "coke.at Starten" and see "coke.at Community"
on the right. So here we have to login. If you haven't done so far, sign
up for a new account. We have 10 free SMS available per month.
If you look at your log file now, you see that there is quite a lot
of stuff in there, so we do a log-Reset (Click on Edit/Reset) and have
a blank log again. Now we log in using our username and password.
No we're logged in and see "SMS & E-MAIL" on the right.
We click there and see "SMS senden" in the submenu.
We click on it and are at the SMS sending-Form.
Now it's time to start creating the new .ini file.
We open our preferred editor (Notepad for example) and start writing
the following lines:
--------------------------------------------------------------------------
[Gateway]
Name=coke.at
--------------------------------------------------------------------------
We know that the gateway is coke.at, so it gets this name.
Now we look at the SMS-sending form and see that there are 143 characters
left. So we add the following line in our Editore:
--------------------------------------------------------------------------
MaxChars=143
--------------------------------------------------------------------------
We also know that this Gateway requires a login, so we add our Username
and password to the .ini:
--------------------------------------------------------------------------
Username=YourUserName
Password=YourPassword
--------------------------------------------------------------------------
of course, enter your username and password in the example above.
Now look on the SMS-form from coke.at again. click on the "GSM-Netz" list
and see which gateways are supported.
Then write down the list of gateways to your .ini file. It's important
to write down the Prefix of the Provider including the country code.
So if there is a leading Zero in the list, replace it by the country code.
For example in this gateway you have: 0664 --> This will become 43664
Use the format: Prefix;Name
So in our example, write:
--------------------------------------------------------------------------
Prefix1=43676;T-Mobile
Prefix2=43664;A1
Prefix3=43699;One
Prefix4=43650;tele.ring
Prefix5=43660;Drei
--------------------------------------------------------------------------
Now send a SMS-message to your cellphone
You see a message, that your SMS was successfullly sent. At coke.at this is:
"Nachricht wurde gesendet."
so "wurde gesendet" is only whoen if sending the SMS was successful.
Therefore write the following entry to your file:
--------------------------------------------------------------------------
Success=wurde gesendet
--------------------------------------------------------------------------
Now go to your log window and Click Edit/Pause so that any further Requests
are not logged, as we don't need them any longer.
Now we can start to explore the log:
Exploring your logfile
----------------------
You see that every Request to the server is numbered and that there
is a Response to every Request. The Request is Green, the Reply is yellow.
So we first have to find the first POST-Request where we log in to
our gateway:
+++GET 962+++
POST /start.cfm HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://community.coke.at/community.cfm?nick=dummy&password=dummy
Accept-Language: de-at
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: community.coke.at
Content-Length: 25
Pragma: no-cache
Connection: keep-alive
+++GET 963+++
GET /S154419/button6.asp?tagver=6&si=154419&offset=100&fw=1&server=&order=&Group=&invoice=&cartview=&cartadd=&cartremove=&checkout=&cartbuy=&adcampaign=&tz=-60&ch=9&cl=51A9n5G5&ti=Community&url=http%3A//www3.coke.at/community/community.asp&rf=http%3A//www3.coke.at/community/community.asp&js=Yes&ul=de-at&sr=1024x768&cd=32&jo=Yes HTTP/1.0
Accept: */*
Referer: http://www3.coke.at/community/community.asp
Accept-Language: de-at
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: statse.webtrendslive.com
Cookie: WEBTRENDS_ID=195.245.225.31-1165881440.29685485; wtl154419=7&51A9J0G5&http://www3.coke.at/opener.asp&&51A9n0G5&http://www3.coke.at/community/community.asp&http://www3.coke.at/community/community.asp&http://www3.coke.at/home/default.asp&http://www3.coke.at/opener.asp&http://www3.coke.at/opener.asp&&1&5&7&0&&0&&0&&0000000&&&&
Connection: keep-alive
Browser reload detected...
Posting 25 bytes...
nick=YourUserName
password=YourPassword
So as you can see, that your login data is posted to /start.cfm
on the host community.coke.at
The get that you see before the Postdata is just a get to a webtracker
that counts visits, so we can ignore it.
As there is no Cookie posted to the login server (indicated by a line
starting with "Cookie:"), we can ignore all requests before this point,
there doesn't seem to be a check for session cookies by the login-page.
The referer is http://community.coke.at/community.cfm?nick=YourUserName&password=YourPassWord
It's always a good idea to supply the Referer, you never know if it
is checked by the server to find out wether your request is valid or not.
So let's form our first Request to the server:
--------------------------------------------------------------------------
[Request1]
; Get cftoken and cfid
Type=POST
URL=http://community.coke.at/start.cfm
Referer=http://community.coke.at/community.cfm?nick=$User&password=$Pass
PostString=nick=$User&password=$Pass
--------------------------------------------------------------------------
$User and $Pass are tokens. They are replaced by your username and Password
by the plugin. Note the format of a PostString:
The entries are all seperated by & characters.
Now we continue looking at the log.
The next requests we see are:
+++GET 964+++
GET /modules/login/hidden_login.cfm?cfid=3883288&cftoken=95259904&nick=YourUserName&password=YourPassword HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://community.coke.at/start.cfm
Accept-Language: de-at
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: community.coke.at
Connection: keep-alive
+++GET 965+++
GET /modules/pictarea/pictarea.cfm?cfid=3883288&cftoken=95259904&picture=common/px_transparent.gif HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://community.coke.at/start.cfm
Accept-Language: de-at
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: community.coke.at
Connection: keep-alive
So obviously there are some Tokens we get after logging in. Now we have to
find out how to get these tokens. They must be hidden somewhere in the
HTML-Output of the login-page. The easiest way to dump the HTML-output
is to use our sms-plugin.
So create a directory "Gateway_testing" in your Miranda-Folder and move our
nowly created .ini there.
Then we go to the options-Dialog of the WebsMS-Plugin in Miranda.
Under "General", "Path to gateway configuration files" we enter:
.\Gateway_testing and click Rescan.
There should be the message "1 Gateways found".
Check the butons [X] Turn logging on and [X] Also log HTML output.
Enter path and filename where the logfile should be generated.
Click OK and open the "Send SMS.." dialog via the main menu.
Enter some stuff there and click send.
Open the logfile and search for "cfid", you find:
pictarea.cfm?cfid=3860071&cftoken=35100743&picture=common
ok, so we have to extract cfid and cftoken from this string. The CustomVar
statements are used for this. You have to put the string to extract in
brackets. for strings that are not fixed you can put a * as a joker
character. So we add the following lines to our file so that the
IDs are extracted from the output of Request 1:
--------------------------------------------------------------------------
CustomVar1=pictarea.cfm?cfid=(*)&cftoken
CustomVar2=&cftoken=(*)&picture=
--------------------------------------------------------------------------
Ok, now we have cfid in CustomVar1 and cftoken in CustomVar2.
Now we would insert the next GETs from the server from above.
We should write requests for hidden_login.cfm and pictarea.cfm.
This was what I initially did when I created the gateway configfile.
Initially I had 9 Requests or something like that, but I then
reduced them step by step and looked if it still works. So I found
out that the hidden_login.cfm was not necessary to log in successfully.
However if you intentionally make gateway configfiles, you will add a
request for it too. It's done the similar way like pictarea.cfm, which
I will describe here now:
We see that it GETs /modules/pictarea/pictarea.cfm?cfid=3883288&cftoken=95259904&picture=common/px_transparent.gif
from host community.coke.at
Now this is a common trick used by many SMS-gateways. The make a transparent
pixel which cannot be seen in browser but when this pixel is not being
requested the Gateway won't let you use it.
If you don't make this request, you will get a message that your username/
password is inalid in the next step.
So let's form the next request in they same way we already know:
--------------------------------------------------------------------------
[Request2]
Type=GET
URL=http://community.coke.at/modules/pictarea/pictarea.cfm?cfid=$CustomVar1&cftoken=$CustomVar2&picture=common/px_transparent.gif
Referer=http://community.coke.at/start.cfm
--------------------------------------------------------------------------
As you see, we take cfid and cftoken from the CustomVars we extracted before.
Now let's continue in the log.
There are a lot of GETs until the next POST. They could be important to
do the real login, but during testing it turned out that they aren't
however, if you could not log in to your gateway properly, you may
add them one by one and see if it works then. After it works you can reduce
them again to find out which GETs are really necessary, as I already mentioned
before. It requires quite some time to find out which Requests are
necessary and which aren't.
Now let's go onwards to the next POST:
+++GET 974+++
POST /cassiopeia/NetCommunity?hidden:CFID=3883288&hidden:CFTOKEN=95259904&hidden:WEBROOT=http://community.coke.at/&storeHiddenParams=yes HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://community.coke.at/modules/login/hidden_login.cfm?cfid=3883288&cftoken=95259904&nick=dummy&password=dummy
Accept-Language: de-at
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: community.coke.at
Content-Length: 70
Pragma: no-cache
Connection: keep-alive
Browser reload detected...
Posting 70 bytes...
service=login
try=3
nh=0
module=
frameset=no
nick=YourUserName
password=YourPassword
Now it seems that the gateway does a second login itself to log you in to
the cassiopeia Websystem. In fact, it does this automatically.
POSTs are generally required to complete our task successfully, so let's
see what it does:
It gets /cassiopeia/NetCommunity?hidden:CFID=3883288&hidden:CFTOKEN=95259904&hidden:WEBROOT=http://community.coke.at/&storeHiddenParams=yes
from host community.coke.at and posts the lines listed above to the server.
Now, the same procedure as every year ;)
Let's form the request and put it to our file:
--------------------------------------------------------------------------
[Request3]
Type=POST
URL=http://community.coke.at/cassiopeia/NetCommunity?hidden:CFID=$CustomVar1&hidden:CFTOKEN=$CustomVar2&hidden:WEBROOT=http://community.coke.at/&storeHiddenParams=yes
PostString=service=login&try=3&nh=0&module=&frameset=no&nick=$User&password=$Pass
Referer=http://community.coke.at/modules/login/hidden_login.cfm?cfid=$CustomVar1&cftoken=$CustomVar2&nick=$User&password=$Pass
--------------------------------------------------------------------------
Now there are lots of GETs until the next POST (the sending of our SMS)
A few GETs include a Session ID. They could be important.
There is one with notification, one with toolbox and one with KeepOnline
in it. So the KeepOnline-requests don't seem to be so necessary as the
plugin ususally does it's job quite quickly. It seems to be a url
that is periodically fetches by the browser in order so the session
doesn't time out. Skip it.
Now the notification could be important. So we might add it. However my
later reduction efforts showed that it was not necessary too.
However the toolbox-thingy was required, otherwise we are user "false"
for the SMS-gateway and have 0 SMS messages left.
So where to get the session id? Same procedure as last time. It is contained
in the result of the POST from the last Request. Let's use the WebSMS-
Plugin with logging turned on to find out the HTML-output. We see that the
programmer helped us by putting all required data as comment in the
POST-result. We find the following line in the code:
ok, so let's parse it using our well-known CustomVar thingy. However
we cannot guarantee that these comments are not removed in the future so
better look for the next pace the session id is in the file.
We see, it's there:
window.open("http://community.coke.at/cassiopeia/NetCommunityMemberguestbook?service=index&nick=YourUsername&sessionid=2511553662121022242&host=YourUsername&nh=0","","toolbar=no,location=no,directories=no,scrollbars=yes,status=no,menubar=no,resizable=yes,width=550,height=480");
We add the following to our configfile to parse the Sessid:
--------------------------------------------------------------------------
CustomVar3=&sessionid=(*)&host=
--------------------------------------------------------------------------
Ok, now we have the ID in CustomVar3. We are able to form our toolbox
request now:
--------------------------------------------------------------------------
[Request4]
; Needed so that gateway knows us (otherwise we're user "false")
Type=GET
URL=http://community.coke.at/modules/toolbox/toolbox.cfm?cfid=$CustomVar1&cftoken=$CustomVar2&nick=$User&sessionid=$CustomVar3&area=4_1&id_topic=&id_posting=
--------------------------------------------------------------------------
Now let's look at the POST where we send the SMS:
+++GET 1023+++
POST /modules/sms_senden/sms_senden_tr.cfm?cfid=3883288&cftoken=95259904 HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://community.coke.at/modules/sms_senden/sms_senden.cfm?cfid=3883288&cftoken=95259904
Accept-Language: de-at
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: community.coke.at
Content-Length: 117
Pragma: no-cache
Connection: keep-alive
Browser reload detected...
Posting 117 bytes...
transaction=Gc5vfb3bSB
adressen=
netzvorwahl=4
nummer=1234567
friends=
nickname=
message=+dummy%21
count=142
x=41
y=8
Ok, so there seems to be a transaction key as an extra safeguard against
users who want to abuse the gateway.
This token is usually find on the HTML page where you can send the
request to the server. Let's see, which page that could be (if in doubt,
just go there with your browser and go to the properties of the frame,
the browxser tells you the URL too):
+++GET 1017+++
GET /modules/sms_senden/sms_senden.cfm?cfid=3883288&cftoken=95259904 HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://community.coke.at/modules/toolbox/toolbox.cfm?cfid=3883288&cftoken=95259904&area=2_0
Accept-Language: de-at
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: community.coke.at
Connection: keep-alive
+++CLOSE 1015+++
This one looks good. So let's implement it in our .ini:
--------------------------------------------------------------------------
[Request5]
; Get SMS-Token
Type=GET
URL=http://community.coke.at/modules/sms_senden/sms_senden.cfm?cfid=$CustomVar1&cftoken=$CustomVar2
Referer=http://community.coke.at/modules/toolbox/toolbox.cfm?cfid=$CustomVar1&cftoken=$CustomVar2&area=2_0
--------------------------------------------------------------------------
Now either you can use the "View page source" feature of your browser
or use the standard procedure using the WebSMS-plugin to get the HTML-
output.
We find the following key in the HTML output:
Now we can use the Key - Statement to extract this. The advantage of
Key agains CustomVar is, that you don't neet a Parsestring to extract it.
You just have to give the plugin the name of the key. The plugin
automatically POSTs the extracted key in every POST-request you do,
so you don't have to care about it any more as soon at it's extracted.
Not that Key only works for input-fields ()
So let's add the following line:
--------------------------------------------------------------------------
Key1=transaction
--------------------------------------------------------------------------
Now we have the token and finally POST the request for sending the SMS
to the server. Phew, it'S our finaly request. We form it the usual way...
But wait! Let's analyse the Postdata... Damn, the Prefix (netwvorwahl) is the
number of the selected entry in the