How Do I Set Password Via Webbrowser To "Create Account"?

Question

0.00/5 (No votes)

See more:

I'm Currently working on an application in C#, trying to get a textbox to send the textBox.Text to HTML tag value... which works for everything else (ex. Username/email, D.O.B., Captcha), BUT won't work for the password on the site. Trust me, i have been researching this, and nothing works. But i have noticed if i go into the WebBrowser an start typing in the password textbox manually rather than through a button click/code, it works and it's password protected like so:
http://prntscr.com/4aorj1[^]

C#

WebBrowser.Document.GetElementById("account_password").SetAttribute("value", password.Text);
           WebBrowser.Document.GetElementById("confirmPasswordField").SetAttribute("value", password.Text);

http://prntscr.com/4aor1h[^]

The above code works for "confirmPasswordField" but not account_password. :/ It puts the "account_password" in PLAIN TEXT rather than password protected which is the problem.

http://prntscr.com/4aoqss[^]

If anyone could help, it would be greatly appreciated, any feedback would be helpful. Thank you for your time. :)

Posted 7-Aug-14 18:09pm

BaSs_HaXoR

Updated 7-Aug-14 18:11pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2014-08-07T19:29:00

Forget plain text. Password can be sent in the form of cryptographic hash function; and only the hash should be stored and later used in authentication.

But even this would be unsafe, unless the connection itself is properly encrypted; it should use HTTPS, not HTTP:
http://en.wikipedia.org/wiki/HTTPS[^].

The idea behind this vulnerability is: at the moment when the password is first set up, the hash value can be eavesdropped by spying in the HTTP packages in transition. The person who captured the hash value won't know the original password, as well as anyone else except the person who knows it, but such person (the spy) can use this hash value later to impersonate the legitimate user, log in and access all the personal data. HTTPS can prevent this trick.

About the use of cryptographic hash function, please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^],
TCP Connection with username and password[^].

[EDIT — to answer OP's follow-up question on how on implementation of the function]

Everything is already implemented for you:

Client side: http://code.google.com/p/crypto-js[^].

Server side: http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm%28v=vs.110%29.aspx[^].

Also, see my past answers I referenced above and Wikipedia articles to understand my warning against using MD5 or SHA-1. You can use the algorithm from SHA-2 family.

—SA