Twitter Api And Http Post Plugin - Help Please

[ILoveUBot 10]

Hi,

 

I'm trying to connect to the Twitter API using Aymen's HTTP Post plugin.

 

I've created a Developer account and created a new app at https://apps.twitter.com/, which gave me the:

 

Consumer Key

Consumer Secret

Access Token
Access Token Secret

define set credentials {
    set(#postURL, "https://api.twitter.com/1.1/friendships/create.json", "Global")
    set(#Twit_UN, "username", "Global")
    set(#Twit_Pass, "password", "Global")
    set(#secret, "Consumer Secret", "Global")
    set(#oauth_consumer_key, "Consumer Key", "Global")
    set(#oauth_signature_method, "HMAC-SHA1", "Global")
    comment("Using UBOTDEV DateTime Plugin to create oauth_timestamp")
    set(#oauth_timestamp, $plugin function("DateTime Manipulation.dll", "$datetime manipulation", $date, "UBOT", "UNIX", "en-US", "en-US"), "Global")
    set(#oauth_token, "Access Token", "Global")
    set(#oauth_version, 1.0, "Global")
    comment(" to generate the OAuth nonce:
- Generate a random alphanumeric string (like aAbBcC123 but longer) with 32 characters
- Convert the string to UTF8 data 
- Base64 encode the UTF8 data")
    set(#oauth_nonce, $plugin function("HTTP post.dll", "$http text encoder", "base64 encode", $substring($random text(64), $rand(0, 30), 32)), "Global")
}

I then Login to Twitter via the browser, navigate to the signature generator within my dev account and scrape the signature key using regex:

define generate signature {
    navigate("https://dev.twitter.com/oauth/tools/signature-generator/12356509", "Wait")
    wait(7)
    click(<id="edit-request-type-1">, "Left Click", "No")
    wait(1)
    change attribute(<name="request_uri">, "value", #postURL)
    wait(1)
    click(<name="op">, "Left Click", "No")
    wait for element(<innertext="OAuth Signing Results">, "", "Appear")
    set(#sigBaseString, $scrape attribute($element offset(<tagname="code">, 0), "innertext"), "Global")
    set(#authHeader, $scrape attribute($element offset(<tagname="code">, 1), "innertext"), "Global")
    set(#curlCommand, $scrape attribute($element offset(<tagname="code">, 2), "innertext"), "Global")
    wait(1)
    set(#oauth_signature, $plugin function("HTTP post.dll", "$http text encoder", "url decode", $find regular expression(#authHeader, "(?<=oauth_signature=\").+(?=\", oauth_signature_method)")), "Global")
    wait(1)
}

define Twitter Login {
    navigate("https://twitter.com/login", "Wait")
    change attribute($element offset(<email field>, 1), "value", #Twit_UN)
    change attribute($element offset(<password field>, 1), "value", #Twit_Pass)
    wait(1)
    click($element offset(<login button>, 1), "Left Click", "No")
    wait(1)
}

So now I have the signature and all the access information, I think I can just send an http-post request to login with my twitter account and then loop through another post request to follow a list of screen names. Is this correct?

I've been running into the 400 error - Bad Authentication data - so I'm not sure if my parameters are in the correct order (I think they are because they match the order Twitter provides in the signature generator), encoded correctly, or if something is missing or if I am sending to the wrong #postURL variable:

 

define Twitter API Login {
        set(#apiLogin, $plugin function("HTTP post.dll", "$http post", #postURL, $plugin function("HTTP post.dll", "$http text encoder", "url encode", "include_entities=true&oauth_consumer_key={#oauth_consumer_key}&oauth_nonce={#oauth_nonce}&oauth_signature={#oauth_signature}&oauth_signature_method={#oauth_signature_method}&oauth_timestamp={#oauth_timestamp}&oauth_token={#oauth_token}&oauth_version={#oauth_version}&screen_name={#screen_name}&follow=true"), $plugin function("HTTP post.dll", "$http useragent string", "Firefox 27.0 Win7 64-bit"), "", "", ""), "Global")
}

The #postURL I have tried are:

 

https://api.twitter.com/1.1/friendships/create.json
https://api.twitter.com/1.1/statuses/update.json
https://api.twitter.com/oauth/authorize

 

 

Can I use $http useragent string for the referrer or should it be: OAuth gem v0.4.4

 

 

I've been trying to make this work for a couple of days now and feel like I'm almost there, but clearly not quite getting it!

 

Code to follow a user:

define create friendship {
    set(#post, $plugin function("HTTP post.dll", "$http post", "https://api.twitter.com/1.1/friendships/create.json", $plugin function("HTTP post.dll", "$http text encoder", "html encode", "screen_name={#screen_name}&follow=true"), "OAuth gem v0.4.4", "", "", ""), "Global")
}

[Bot-Factory 602]

Hi.

 

You should first test your post request here:

https://www.hurl.it/

 

It's been a while that I worked with oauth and http plugin, but I had some issues creating the correct oauth signature. And the main issues was the base64 encryption.

 

In my case it had something to do with how the base64 conversion was excecuted. Hint:hex

Take a look here:

https://conv.darkbyte.ru/

 

Compare the encoding result of hurl.it with the  one you create.

 

You probably know this site:

https://dev.twitter.com/oauth/overview/creating-signatures

 

At the end is an example string:

The output of the HMAC signing function is a binary string. This needs to be base64 encoded to produce the signature string. For example, the output given the base string and signing key given on this page is B6 79 C0 AF 18 F4 E9 C5 87 AB 8E 20 0A CD 4E 48 A9 3F 8C B6. That value, when converted to base64, is the OAuth signature for this request:

OAuth signature

tnnArxj06cWHq44gCs1OSKk/jLY=

Try that one with your base64 encoder. And check if it generates the correct signature.

 

Hope that helps a bit

Dan

[ILoveUBot 10]

Thank you Dan,

 

This site https://www.hurl.it/was useful for testing my post request so I was able to check that my parameters were correct.

 

One thing that was wrong was the oauth_nonce. 

 

When I used $plugin function("HTTP post.dll", "$http text encoder", "base64 encode", #substring) the base64 encoding does not match the results I get at https://conv.darkbyte.ru/

 

but when I used $plugin function("StringManagementPlugin.dll", "$SMP EncodeBase64", #substring) it produced the correct base64 encoding that matched the results I get from https://conv.darkbyte.ru/

 

 

I also had a couple of errors generating the Signature Base String - this post is helpful: https://nullinfo.wordpress.com/oauth-twitter/

 

To create the the Signature Base String, the parameters have to be Lexicographically sorted:

follow

oauth_consumer_key

oauth_nonce

oauth_signature_method

oauth_timestamp

oauth_token

oauth_version

screen_name

I've greatly reduced my code but I'm still getting a 401 error. I've checked it in Fiddler and everything looks correct. I've also tried both UBot 4 and UBot 5. 

I'm bored of this now. I've spent far too long trying to work this out and am going round in circles, so I'm going to find an alternative way of achieving this, but I appreciate the links you've given me and hope this code will help someone in the future. 

 
 

set credentials()
create signature()
set(#authorizationHeader, "oauth_consumer_key={#oauth_consumer_key}&oauth_nonce={#oauth_nonce}&oauth_signature={$plugin function("HTTP post.dll", "$http text encoder", "url encode", #HMACbs64)}&oauth_signature_method={#oauth_signature_method}&oauth_timestamp={#oauth_timestamp}&oauth_token={#oauth_token}&oauth_version={#oauth_version}", "Global")
set(#post, $plugin function("HTTP post.dll", "$http post", "https://api.twitter.com/1.1/statuses/home_timeline.json", #authorizationHeader, $plugin function("HTTP post.dll", "$http useragent string", "Firefox 27.0 Win7 64-bit"), "", "", ""), "Global")



define create signature {
    set(#baseSigstring, "oauth_consumer_key={#oauth_consumer_key}&oauth_nonce={#oauth_nonce}&oauth_signature_method={#oauth_signature_method}&oauth_timestamp={#oauth_timestamp}&oauth_token={#oauth_token}&oauth_version={#oauth_version}", "Global")
    set(#baseSigstring, "POST&https://api.twitter.com/1.1/statuses/home_timeline.json&{$plugin function("HTTP post.dll", "$http text encoder", "url encode", #baseSigstring)}", "Global")
    loop(1) {
        
        set(#peCsecret, $plugin function("HTTP post.dll", "$http text encoder", "url encode", #secret), "Global")
        set(#peTsecret, $plugin function("HTTP post.dll", "$http text encoder", "url encode", #tokenSecret), "Global")
        set(#signingKey, "{#peCsecret}&{#peTsecret}", "Global")
    }
    set(#HMAC, $plugin function("HMAC-SHA11.dll", "HMAC SHA1", #baseSigstring, #signingKey), "Global")
    set(#HMACbs64, $plugin function("HMAC-SHA11.dll", "HMAC SHA1 base64 hex", #baseSigstring, #signingKey), "Global")
}


define set credentials {

    set(#secret, "XXXXXXXXXXXXXXXXXXXXXXXXXX", "Global")
    set(#tokenSecret, "XXXXXXXXXXXXXXXXXXXXXXXXXX", "Global")
    set(#oauth_consumer_key, "XXXXXXXXXXXXXXXXXXXXXXXXXX", "Global")
    set(#oauth_signature_method, "HMAC-SHA1", "Global")
    comment("Using UBOTDEV DateTime Plugin to create oauth_timestamp")
    set(#oauth_timestamp, $plugin function("DateTime Manipulation.dll", "$datetime manipulation", $date, "UBOT", "UNIX", "en-US", "en-US"), "Global")
    set(#oauth_token, "XXXXXXXXXXXXXXXXXXXXXXXXXX", "Global")
    set(#oauth_version, 1.0, "Global")
    comment(" to generate the OAuth nonce:
- Generate a random alphanumeric string (like aAbBcC123 but longer) with 32 characters
- Convert the string to UTF8 data 
- Base64 encode the UTF8 data")
    set(#substring, $substring($random text(64), $rand(0, 30), 32), "Global")
    set(#oauth_nonce, $plugin function("StringManagementPlugin.dll", "$SMP EncodeBase64", #substring), "Global")
}