search

C++: Sendin HTTP GET Request

hashtag
Objective

Sending HTTP request in order to communicate with C2 and/or dowloading additional malicious content like shellcode.

hashtag
Non technical to do list

  • Send a get request with custom headers.

  • Get the result of http request as string.

hashtag
Technical to do list

  • Initialize wininet.

  • Open http protocol for given address.

  • Create a http request handle.

  • Send request.

  • Push result bytes into a string variable.

hashtag
Functions

  • InternetOpenW: Initilaze WinInet usage.

    • Header: wininet.h

    • Definition: void InternetOpenW(LPCWSTR lpszAgent,DWORD dwAccessType, LPCWSTR lpszProxy, LPCWSTR lpszProxyBypass,DWORD dwFlags);

      • lpszAgent: User-agent.

      • dwAccessType: Type of access. INTERNETOPEN_TYPE_DIRECT for resolving all hostnames locally. Check references for other options.

      • lpszProxy: Proxy address. Use null if no proxy needed. Check references for other options.

      • lpszProxyBypass: List of hostnames to not to use proxy. Use null if no proxy needed. Check references for other options.

      • dwFlags: 0 as default.

  • InternetConnectW: Opens http protocol for given site.

    • Header: wininet.h

    • Definition: void InternetConnectW(HINTERNET hInternet,LPCWSTR lpszServerName,INTERNET_PORT nServerPort,LPCWSTR lpszUserName,LPCWSTR lpszPassword,DWORD dwService,DWORD dwFlags,DWORD_PTR dwContext);

      • hInternet: Handle comes from InternetOpenW.

      • lpszServerName: Server hostname.

      • nServerPort: Port number.

      • lpszUserName: Username for ftp protocol. Null for HTTP.

      • lpszPassword: Password for ftp protocol. Null for HTTP.

      • dwService: Service name to use INTERNETSERVICE_HTTP for http.

      • dwFlags: 0 as default.

      • dwContext: 0 as default.

  • HttpOpenRequestW: Creates a HTTP request handle.

    • Header: wininet.h

    • Definition: void HttpOpenRequestW(HINTERNET hConnect,LPCWSTR lpszVerb,LPCWSTR lpszObjectName,LPCWSTR lpszVersion,LPCWSTR lpszReferrer,LPCWSTR *lplpszAcceptTypes,DWORD dwFlags,DWORD_PTR dwContext);

      • hConnect: Handle from InternetConnectW.

      • lpszVerb: Request type. L"GET".

      • lpszObjectName: Request path. L"/path".

      • lpszVersion: HTTP version. L"HTTP/1.1".

      • *lplpszAcceptTypes: Accept-types as array. For ex: text/*

      • dwFlags: 0 as default.

      • dwContext: 0 as default.

  • HttpSendRequestW: Sends HTTP request to destination.

    • Header: wininet.h

    • Definition: BOOLAPI HttpSendRequestW(HINTERNET hRequest,LPCWSTR lpszHeaders,DWORD dwHeadersLength,LPVOID lpOptional,DWORD dwOptionalLength);

      • hRequest: Handle comes from HttpOpenRequestW.

      • lpszHeaders: HTTP Headers to use. L"Host: abc.com".

      • dwHeaderLength: Length of headers. 0 can be used wihtout any problem.

      • lpOptional: NULL as default.

      • dwOptionalLength: 0 as default.

Application (http-request.cpp)

circle-info

Compile: g++ http-request.cpp -o http-request.exe -l wininet

hashtag
References

  1. Microsoft, InternetOpenW function, https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetopenwarrow-up-right

  2. Microsoft, InternetConnectW function, https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetconnectwarrow-up-right

  3. Microsoft, HttpOpenRequestw function, https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-httpopenrequestwarrow-up-right

  4. Microsoft, HttpSendRequestW function, https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-httpsendrequestwarrow-up-right

  5. Stackoverflow

PreviousC++: Dynamic DLL UsageNextC++: Sandbox Detection via Registry

Last updated