Reputation: 41
VBA - https response text decryption
In VBA, I need to request http message and parse the response text. I've succeeded to get the response text with http status '200', but the body is encrypted. (headers are not) So I have been trying to decrypt the message, but with poor knowledge of SSL concepts and programming skills, I've got stuck.
With oRequest
.Open "GET", sUrl, False
.SetRequestHeader "Accept", "*/*"
.SetRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
.SetRequestHeader "Connection", "Keep -Alive"
'.SetClientCertificate ("HKEY_LOCAL_MACHINE/Software/Microsoft/SystemCertificates/CA/Certificates")
.Send
sResult = .GetAllResponseHeaders
Debug.Print sResult
sResult = .ResponseText
Debug.Print sResult
The script above is what I've written. With this, I have some questions.
1. 'SetClientCertificate()' is necessary? How could I get the response text successfully?
- As I've searched, 'SetClientCertificate()' is the method to send ssl message to server. However, I've sent (and gotten the response) a message successfully without the method. I can't understand how this works.
2. In VBA, how to use certificate to decode the response body
- I really have no idea about how to decrypt response text. I know that there's a proper certificate in my local computer and the key in the certificate can be used to decrypt the message, but how can I do this in VBA? I really could not find any helpful articles about this.
Please let me know what I misunderstand and give me any clues to solve the problem.
[+ Editing]
in the script, there was a line :
.SetRequestHeader "Accept-Encoding", "gzip , deflate"
I've omitted this line in the question. Because I had thought the issue is about SSL, so I intentionally removed some lines that are not really necessary as I guessed. (this was perfectly wrong)
With removing the line, it works.
Upvotes: 0
Views: 393
Answers (1)
Reputation: 123270
I've succeeded to get the response text with http status '200', but the body is encrypted.
This does not make sense. In HTTPS everything is encrypted: request header and body and also response header and body. I rather expect that you get both the decrypted response header and body back but that the body is maybe compressed or in a format you don't recognize so that it looks like encryption for you.
'SetClientCertificate()' is necessary? How could I get the response text successfully?
This is needed if the server requires the client to authenticate itself with a client certificates. Most sites don't need this.
In VBA, how to use certificate to decode the response body
You can't. And the body you've got is probably not encrypted or at least not encrypted with anything relating to the TLS (HTTPS) connection (see above).
Upvotes: 2
Related Questions
- call a https REST service from VBA
- HTTPS POST request using VBA for Excel
- VBA ServerXMLHTTP https request with self signed certificate
- string encryption/decryption
- How to get Response body (not response text) from webpage using VBA
- Bypassing a website's Security Certificate warning using VBA
- Log in to secured https website with VBA
- Visual Basic https get request - Accept SSL
- POST request from Excel vba on ssl enabled url
- Encrypt string in VBA, decrypt in C#