C++: Sendin HTTP GET Request

Objective

Sending HTTP request in order to communicate with C2 and/or dowloading additional malicious content like shellcode.

Non technical to do list

  • Send a get request with custom headers.

  • Get the result of http request as string.

Technical to do list

  • Initialize wininet.

  • Open http protocol for given address.

  • Create a http request handle.

  • Send request.

  • Push result bytes into a string variable.

Functions

  • InternetOpenW: Initilaze WinInet usage.

    • Header: wininet.h

    • Definition: void InternetOpenW(LPCWSTR lpszAgent,DWORD dwAccessType, LPCWSTR lpszProxy, LPCWSTR lpszProxyBypass,DWORD dwFlags);

      • lpszAgent: User-agent.

      • dwAccessType: Type of access. INTERNETOPEN_TYPE_DIRECT for resolving all hostnames locally. Check references for other options.

      • lpszProxy: Proxy address. Use null if no proxy needed. Check references for other options.

      • lpszProxyBypass: List of hostnames to not to use proxy. Use null if no proxy needed. Check references for other options.

      • dwFlags: 0 as default.

  • InternetConnectW: Opens http protocol for given site.

    • Header: wininet.h

    • Definition: void InternetConnectW(HINTERNET hInternet,LPCWSTR lpszServerName,INTERNET_PORT nServerPort,LPCWSTR lpszUserName,LPCWSTR lpszPassword,DWORD dwService,DWORD dwFlags,DWORD_PTR dwContext);

      • hInternet: Handle comes from InternetOpenW.

      • lpszServerName: Server hostname.

      • nServerPort: Port number.

      • lpszUserName: Username for ftp protocol. Null for HTTP.

      • lpszPassword: Password for ftp protocol. Null for HTTP.

      • dwService: Service name to use INTERNETSERVICE_HTTP for http.

      • dwFlags: 0 as default.

      • dwContext: 0 as default.

  • HttpOpenRequestW: Creates a HTTP request handle.

    • Header: wininet.h

    • Definition: void HttpOpenRequestW(HINTERNET hConnect,LPCWSTR lpszVerb,LPCWSTR lpszObjectName,LPCWSTR lpszVersion,LPCWSTR lpszReferrer,LPCWSTR *lplpszAcceptTypes,DWORD dwFlags,DWORD_PTR dwContext);

      • hConnect: Handle from InternetConnectW.

      • lpszVerb: Request type. L"GET".

      • lpszObjectName: Request path. L"/path".

      • lpszVersion: HTTP version. L"HTTP/1.1".

      • *lplpszAcceptTypes: Accept-types as array. For ex: text/*

      • dwFlags: 0 as default.

      • dwContext: 0 as default.

  • HttpSendRequestW: Sends HTTP request to destination.

    • Header: wininet.h

    • Definition: BOOLAPI HttpSendRequestW(HINTERNET hRequest,LPCWSTR lpszHeaders,DWORD dwHeadersLength,LPVOID lpOptional,DWORD dwOptionalLength);

      • hRequest: Handle comes from HttpOpenRequestW.

      • lpszHeaders: HTTP Headers to use. L"Host: abc.com".

      • dwHeaderLength: Length of headers. 0 can be used wihtout any problem.

      • lpOptional: NULL as default.

      • dwOptionalLength: 0 as default.

Application (http-request.cpp)

#include <windows.h>
#include <WinInet.h>
#include <iostream>
#include <string>

int main(){

LPWSTR headers=L"Host: "; //edit this value manually. For multiple headers use \n\r
const wchar_t* parrAcceptTypes[] = { L"text/*", NULL };
	
	//initialize wininet
    HINTERNET hInternet = InternetOpenW(L"Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
   
   //open http protocol
     HINTERNET hConnect = InternetConnectW(hInternet, L"url", 80, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
  
    
    //create http request handle
    HINTERNET hRequest = HttpOpenRequestW(hConnect, L"GET", L"path", L"HTTP/1.1", NULL, parrAcceptTypes, 0, 0);
    
    //send http request
    
    BOOL bRequestSent = HttpSendRequestW(hRequest, headers, 0, NULL, 0);
 	std::string strResponse;
    const int nBuffSize = 1024;
    char buff[nBuffSize];
 
          BOOL bKeepReading = true;
          DWORD dwBytesRead = -1;
 
 //get result as string
          while(bKeepReading && dwBytesRead!=0)
          {
            bKeepReading = InternetReadFile( hRequest, buff, nBuffSize, &dwBytesRead );
            strResponse.append(buff, dwBytesRead);
          }
 
        InternetCloseHandle(hRequest);
      InternetCloseHandle(hConnect);
    InternetCloseHandle(hInternet);
    
  //print the result
cout << strResponse;

return 0;

}

Compile: g++ http-request.cpp -o http-request.exe -l wininet

References

  1. Microsoft, InternetOpenW function, https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetopenw

  2. Microsoft, InternetConnectW function, https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-internetconnectw

  3. Microsoft, HttpOpenRequestw function, https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-httpopenrequestw

  4. Microsoft, HttpSendRequestW function, https://docs.microsoft.com/en-us/windows/win32/api/wininet/nf-wininet-httpsendrequestw

  5. Stackoverflow

PreviousC++: Dynamic DLL UsageNextC++: Sandbox Detection via Registry

Last updated

Was this helpful?