WIP PGW api
Posted on October 2, 2012
Tags: hacksoft
An attempt at creating an api for PGW.
const getCSRF = async () => {
const response = await fetch('https://myaccount.pgworks.com/Portal/', {
method: 'GET',
headers: {
'Accept': 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Encoding': 'gzip, deflate, br, zstd',
'Accept-Language': 'en-US,en;q=0.9',
'Connection': 'keep-alive',
'Content-Type': 'application/json; charset=UTF-8',
'DNT': '1',
'Host': 'myaccount.pgworks.com',
'Origin': 'https://myaccount.pgworks.com',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
'isajax': '1',
'sec-ch-ua': '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Chrome OS"'
}
})
const txtresponse = await response.text()
const search1index = txtresponse.search("hdnCSRFToken");
const narrowedtxt = txtresponse.substring(search1index,search1index+300);
console.log(narrowedtxt);
const csrftoken = narrowedtxt.split(' ')[2].slice(7,-1)
return csrftoken
}
const curl = async (csrftoken,arg_username,arg_password) => {
const rez = await fetch('https://myaccount.pgworks.com/Portal/Default.aspx/validateLogin', {
method: 'POST',
headers: {
'Accept': 'application/json, text/javascript, */*; q=0.01',
'Accept-Encoding': 'gzip, deflate, br, zstd',
'Accept-Language': 'en-US,en;q=0.9',
'Connection': 'keep-alive',
'Content-Type': 'application/json; charset=UTF-8',
'DNT': '1',
'Host': 'myaccount.pgworks.com',
'Origin': 'https://myaccount.pgworks.com',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
'csrftoken': csrftoken,
'isajax': '1',
'sec-ch-ua': '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Chrome OS"'
},
body: JSON.stringify({
username: arg_username,
password: arg_password,
rememberme: false
})
})
return rez
}
const getbilling = async (csrftoken,cookies) => {
const url = 'https://myaccount.pgworks.com/portal/BillDashboard.aspx/LoadBilling';
const headers = new Headers();
headers.append('Accept', 'application/json, text/javascript, */*; q=0.01');
headers.append('Accept-Encoding', 'gzip, deflate, br, zstd');
headers.append('Accept-Language', 'en-US,en;q=0.9');
headers.append('Connection', 'keep-alive');
headers.append('Content-Type', 'application/json; charset=utf-8');
headers.append('DNT', '1');
headers.append('Host', 'myaccount.pgworks.com');
headers.append('Origin', 'https://myaccount.pgworks.com');
headers.append('Sec-Fetch-Dest', 'empty');
headers.append('Sec-Fetch-Mode', 'cors');
headers.append('Sec-Fetch-Site', 'same-origin');
headers.append('User-Agent', 'Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36');
headers.append('X-Requested-With', 'XMLHttpRequest');
headers.append('csrftoken', csrftoken);
headers.append('isajax', '1');
headers.append('sec-ch-ua', '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"');
headers.append('sec-ch-ua-mobile', '?0');
headers.append('sec-ch-ua-platform', '"Chrome OS"');
headers.append('Cookie', cookies);
const init = {
method: 'POST',
headers: headers,
body: JSON.stringify({}),
};
const response = await fetch(url, init);
return response;
}
export default {
async fetch(request, env, ctx) {
const myusername=""
const mypassword=""
const csrfToken = await getCSRF()
console.log("CSRF",csrfToken);
const responded = (await curl(csrfToken,myusername,mypassword));
console.log(await responded.json())
const cookiestr = responded.headers.get("set-cookie")
const AppGatewayCORS = cookiestr.match("ApplicationGatewayAffinityCORS=([^;]+);")[1]
const AppGatewayAff = cookiestr.match("ApplicationGatewayAffinity=([^;]+);")[1]
const ASP = cookiestr.match("ASP.NET_SessionId=([^;]+);")[1]
const SCP = cookiestr.match("SCP=([^;]+);")[1]
const ClientTimeZone = cookiestr.match("ClientTimeZone=([^;]+);")[1]
const ClientTimeid = cookiestr.match("ClientTimeId=([^;]+);")[1]
const UName = cookiestr.match("UName=([^;]+);")[1]
const newcookies = `ApplicationGatewayAffinityCORS=${AppGatewayCORS}; ApplicationGatewayAffinity=${AppGatewayAff}; ASP.NET_SessionId=${ASP}; ClientTimeZone=${ClientTimeZone}; ClientTimeId=${ClientTimeid}; HomeInfoStatus=true; Language_code=EN; IsModernStyle=False; SCP=${SCP}; UName=${UName};`
console.log('newck',newcookies);
console.log("1",responded.headers.get("set-cookie"))
const r2 = await getbilling(csrfToken,newcookies)
console.log("2",await r2.json())
// console.log("2",responded.headers.get("Cookie"))
// console.log("3",responded.headers.get("cookie"))
// console.log("4",responded.cookie)
return new Response(responded);
},
};first get csrftoken from source code in homepage
curl -X GET https://myaccount.pgworks.com/Portal/ \
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" \
-H "Accept-Encoding: gzip, deflate, br, zstd" \
-H "Accept-Language: en-US,en;q=0.9" \
-H "Connection: keep-alive" \
-H "Content-Type: application/json; charset=utf-8" \
-H "DNT: 1" \
-H "Host: myaccount.pgworks.com" \
-H "Origin: https://myaccount.pgworks.com" \
-H "Sec-Fetch-Dest: empty" \
-H "Sec-Fetch-Mode: cors" \
-H "Sec-Fetch-Site: same-origin" \
-H "User-Agent: Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" \
-H "X-Requested-With: XMLHttpRequest" \
-H "isajax: 1" \
-H 'sec-ch-ua: "Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"' \
-H "sec-ch-ua-mobile: ?0" \
-H 'sec-ch-ua-platform: "Chrome OS"' \
--compressedThis part sorta works. Gets your basic account info(doesnt include billing)
curl -c cookies.txt -X POST 'https://myaccount.pgworks.com/Portal/Default.aspx/validateLogin' \
-H 'Accept: application/json, text/javascript, */*; q=0.01' \
-H 'Accept-Encoding: gzip, deflate, br, zstd' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/json; charset=UTF-8' \
-H 'DNT: 1' \
-H 'Host: myaccount.pgworks.com' \
-H 'Origin: https://myaccount.pgworks.com' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'User-Agent: Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36' \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'csrftoken: IuXL+u3llvCd/kqPPmOS0mc1UqH11H3HAanpNNxuaX7rgO+pkG8tzx1ejYToZ+es' \
-H 'isajax: 1' \
-H 'sec-ch-ua: "Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "Chrome OS"' \
-d '{"username":"example@gmail.com","password":"example", "rememberme":false}' \
--compressedThis part doesnt work.
curl -X POST https://myaccount.pgworks.com/portal/BillDashboard.aspx/LoadBilling \
-H "Accept: application/json, text/javascript, */*; q=0.01" \
-H "Accept-Encoding: gzip, deflate, br, zstd" \
-H "Accept-Language: en-US,en;q=0.9" \
-H "Connection: keep-alive" \
-H "Content-Type: application/json; charset=utf-8" \
-H "DNT: 1" \
-H "Host: myaccount.pgworks.com" \
-H "Origin: https://myaccount.pgworks.com" \
-H "Sec-Fetch-Dest: empty" \
-H "Sec-Fetch-Mode: cors" \
-H "Sec-Fetch-Site: same-origin" \
-H "User-Agent: Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" \
-H "X-Requested-With: XMLHttpRequest" \
-H 'csrftoken: IuXL+u3llvCd/kqPPmOS0mc1UqH11H3HAanpNNxuaX7rgO+pkG8tzx1ejYToZ+es' \
-H "isajax: 1" \
-H 'sec-ch-ua: "Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"' \
-H "sec-ch-ua-mobile: ?0" \
-H 'sec-ch-ua-platform: "Chrome OS"' \
-H "Cookie: ApplicationGatewayAffinityCORS=XXXXX; ApplicationGatewayAffinity=XXXXX; ASP.NET_SessionId=CCCCC; " \
--data "{}" \
--compressed
