-1

Overview

I wish to collect the contents of a browser's address bar opened by a function in a program in C / C++. There are a few threads here which discuss the matter. However, none seems to be helpful to me.

My environment

OS : Windows 7, Windows 10.
Development language : C / C++

My project

I am writing an app in which I need to collect data from a server. The server requires the client to authenticate itself and uses the 2-step OAuth 2.0 protocol for that. I need to make use of a web API developed by a third party.

The following page describes the whole process.

https://apidocs.getresponse.com/v3/case-study/oauth2-authorization-code

However, I only have a problem with the first step : obtain an authorization code from the server.

A highlight from this page explains the process for the first step, the only one that matters here :

image

Want to see by yourself ? Try this.

I have created an account and registered a bogus app on getresponse.com for testing purpose.

After redirection to the example.com site, the next screen shows the following in the address bar :

http://example.com/receiver?code=<code>&state=xyz

This code in the address bar is precisely what I need to continue with the second step of the authentication when this page is displayed in the browser. Hence the necessity to collect the data contained in the address bar.

  • You can repeat the operation and navigate again to the same URL: you will not have to login again, and you will obtain another authorization code.

(Note : To test the Oauth 2.0 protocol on getresponse.com, I created an app on 9 July 2020. This account has a validity of 30 days. Therefore, the login credentials mentioned above are likely to expire a month after the date of creation.)

What I have tried so far

I won't go in details or this post may get too long. But I did try numerous 'curl GET' requests with various parameters. No luck : I never get the browser's address bar data with the code in return.

Can someone help ?

Remy Lebeau
  • 454,445
  • 28
  • 366
  • 620
Morbius
  • 7
  • 3
  • "I wish to collect the contents of a browser's address bar" - this is non-trivial. Chrome? Internet Explorer? Opera? My own custom web-browser I wrote myself? – Dai Jul 09 '20 at 21:08
  • 1
    This is an X/Y problem - you say you need to authenticate using OAuth2 (or OIDC, I assume). **You don't need to hijack a user's web-browser to do that**. There are dedicated OAuth2 client libraries that provide simulated web-browsers to work-around the browser-centric nature of OAuth2/OIDC. – Dai Jul 09 '20 at 21:09
  • 1
    But for your application you should be using an OAuth2 `device` or `client-credentials` authentication mode instead of the human-oriented `code` (authentication-code), `hybrid`, or `implicit` OAuth flows. – Dai Jul 09 '20 at 21:10
  • Which browser? Many browsers don't like other programs invading their space. – Thomas Matthews Jul 09 '20 at 21:19
  • @Dai I am a complete newbie with OAuth2 and I had no idea that client libraries were available. You pointed me towards the right direction. I checked and I found several OAuth2 libraries for C / C++. Could you recommend one that has proven to be functional and efficient ? – Morbius Jul 10 '20 at 06:58
  • @Morbius No, I cannot make any recommendation, because whatever would work best for you depends entirely on your application. – Dai Jul 10 '20 at 07:43

1 Answers1

0

Here is a list of ways you could use to accomplish your task:

  • Hook a function that changes the address bar text in the browser. This can be achieved using remote dll/code injection and have the injected code send back the results to your main process by using shared memory or other interprocess communications methods

  • Get the memory address of the buffer holding the address bar text (memory scanners such as CE) then actively scan for changes in that address for your desired text which in this case is code=

  • Create a browser extension that listens for url change events in tabs and have it send the results back to your process using sockets preferably

FluidLight
  • 426
  • 1
  • 10