B4J Question Intercepting POST request

[shakeshuck]

I have only found old posts on this subject, so thought I would ask again in case anything has changed...

I am looking to access the Betfair API with B4J, but their recommended login method involves loading a web-based login page, and intercepting the POST data when a redirect to the main site is performed. The POST data contains session keys required to access the API.

Whilst I can login to the site via WebView, I haven't seen a method to get the POST data.

Is there a way to do this?

 

[billzhan]

You plan to use a b4j webview to login in a web page (then redirect to another page), the session keys is returned from server and you want to get session key(s).

How are the session keys stored, cookies?

If these cookies are available in the redirected page, you can try to read cookies(except that those are httponly) with javascript injection.
https://www.b4x.com/android/forum/threads/jscriptengine.35781/#post-290630

Or you can try to mock the log in request with httpclient (without webview) and the get session keys.
https://www.b4x.com/android/forum/threads/okhttputils2.62105/

They may work or not, and no easy way to do it.

 

[shakeshuck]

Thanks for the response.

It isn't something I've done before, but the instructions say:

The POST request body will contain two URL encoded parameters (which you will need to URL Decode)

The idea behind using the web-based login is that it stops login details being handled by my application, and it also does checks for location, and changes to T&Cs, etc. that I would otherwise have to do myself (which I may end up having to do!).

 

[shakeshuck]

I've had a bit more of a dig about and if I read things right, WebView is using the Safari engine? This has a BeforeNavigate Event, which is what I presume (rightly or wrongly) B4J uses for LocationChanged?
But I haven't been able to find out if BeforeNavigate has more URL info than just the path?

 

[Erel]

WebView is not based on Safari.

WebView will never receive a POST request. It only sends POST requests.

 

[shakeshuck]

Hi Erel, perhaps I did not explain it well enough...

The Betfair site loads a login page, which you log into.
Once a successful login is achieved, it redirects you to the main Betfair page, but there is encoded information (apparently) in the POST request that is sent to Betfair.
It is this request, from WebView to the server that we are expected to retrieve.

I only thought it might be Safari based as that's what the user agent says (and Mozilla, too!)

 

[Erel]

Can you post the link to the login page?

 

[shakeshuck]

I can't post the complete url for application login purposes (at least not publically) as it would contain my application key.

The page describing the login procedure can be found going to:
https://developer.betfair.com/
Exchange API (tab)
Documentation
Getting Started
Login & Session Management
Interactive Login - Desktop Application

(The direct link to this page appears to be generated)

Thanks!

 

[Erel]

You can try to inject JavaScript and get the required data. Whether it is possible or not depends on the page source.

Another option is to open a socket with ServerSocket and set the redirect url to: http://127.0.0.1:<port>
You will then read the POST message with AsyncStreams.

 

[shakeshuck]

The redirect url is listed as being mandatory as www.betfair.com; I just tried it as loopback and it refuses to log me on.

Thanks for looking. I'll just have to do it the long way round.

 

[fixit30]

It would probably be easier to implement the Non-Interactive (bot) login

https://api.developer.betfair.com/s...4v3lu3yomq5qye0ni/Non-Interactive+(bot)+login

 

[shakeshuck]

Hi Fixit,

Yes, if I was writing this just for myself I would've looked into doing it that way.
Unfortunately I have grandiose ideas as to where this might lead.