cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: login issues

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Wed, 12 Apr 2006 13:31:06 -0700

On Wed, Apr 12, 2006 at 02:39:14PM -0400, Blurry wrote:
> I am really toiling, 2 websites are kicking my a**. One I can login,
> but get no further, and then they turned on SSL so I can't see what is
> getting passed. Now I am on another that has login, but fails to

You can still see what's being passed if you have the browser do the logging,
not a proxy. Try LiveHttpHeaders for Mozilla/Firefox, for example.

> respond to any of the authentication methods that curl has. My
> proxomitron log shows the URL it sends from the browser
>
> /webapps/login?action=login&remote-user=&new_loc=&auth_type=&one_time_token=90A6AC477138BDCE54D4EE339449606A&encoded_pw=F0BCB3C473AFAF275DA3D8AAC5A7C81C&user_id=somenut&password=&Login.x=47&Login.y=8
>
> so I tried to capture the one time token when I pull up the page with
> the login button, but I notice the encode of the password differs
> everytime, so I am at a loss. Can I use curl to login into this site ?
> It is killing me.

I'm speculating here, but there's a chance that the "encoded_pw=" value
is generated within the browser with some JavaScript code. I've seen some
sites doing RC4 in JavaScript to encrypt a password before sending it to the
server on an unencrypted channel. You need to log the entire login sequence
from start to finish and study it to see what data is being passed at what
stage.

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved
Received on 2006-04-12