Friday, 16 September 2011

SSL Testing with VBS (winhttprequest)

I have a bit of a love/hate relationship with VBS, perhaps because not all of our boxes have PowerShell installed and I'm forced to use VBS a lot of the time for testing web services and an other assorted things.

We have been testing a website that uses client certificate mapping in IIS, see step 8 on this post, with the added twist that we have no other way of authentication, it's client certificates or bust. We are  sort of forced to POST a soap request, as the main method that we are testing, has way too many parameters for a GET request.
In my example script, see below, I'm using a client certificate installed in the user's store, this is more common than a client certificate installed in the Local Computer's store. If this is the case change line 17 to "LOCAL_MACHINE\Personal\1234" or whatever your certificates's name is.

   1 Dim objwinhttp, strURL, strStatus, soap
   3 soap = "<soap:Envelope xmlns:soap='' xmlns:xsd='' xmlns:xsi='' xmlns:SOAP-ENC='' xmlns:SOAP-ENV=''>"
   4 soap =  soap + "<soap:Body>"
   5 soap = soap + "<MyMethod xmlns=''><Centre>string</Centre>....manymoreparemetershere</MyMethod>
   6 soap = soap + "</soap:Body></soap:Envelope>"            
   8 strURL = "" 
  10 set objwinhttp = CreateObject("WinHttp.WinHttpRequest.5.1")
  12 objwinhttp.Open "POST", strURL
  13 objwinhttp.setRequestHeader "Content-type","text/xml; charset=utf-8"
  14 objwinhttp.setRequestHeader "SOAPAction",""
  15 objwinhttp.setRequestHeader "Content-Length",Len(soap)
  17 objwinhttp.SetClientCertificate "CURRENT_USER\MY\1234"
  19 objwinhttp.Send(soap)
  21 wscript.Echo("Response Code: " & objwinhttp.Status & " Response: " & objwinhttp.ResponseText)

No comments:

Post a Comment