Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: can't login with curl in forum

From: mierdatutis mi via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 13 May 2020 13:49:42 +0200

Wooo many thanks Daniel.
Is too much difficult for me. If you have reason, many security measures to
enter in a simple forum

I've modified timestamp and the html response gives me a :
"An error has occurred"
About hash, x-signature and others I copied headers from curl of the
chrome web development.
I've made some developments with other forums and there is more simply than
these.

Thanks!

El mié., 13 may. 2020 a las 13:35, Dan Fandrich via curl-users (<
curl-users_at_cool.haxx.se>) escribió:

> On Wed, May 13, 2020 at 01:04:06PM +0200, mierdatutis mi via curl-users
> wrote:
> > Thanks Daniel,
> > I've modified the command:
> >
> > curl -vvv 'http://labsk.net/index.php?action=login2' \
> > -H 'Connection: keep-alive' \
> > -H 'Cache-Control: max-age=0' \
> > -H 'Upgrade-Insecure-Requests: 1' \
> > -H 'Origin: http://labsk.net' \
> > -H 'Content-Type: application/x-www-form-urlencoded' \
> > -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
> AppleWebKit/
> > 537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36' \
> > -H 'Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/
> > webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
> > -H 'Referer: http://labsk.net/index.php?action=login' \
> > -H 'Accept-Language:
> en-US,en;q=0.9,es;q=0.8,pt;q=0.7,zh-CN;q=0.6,zh;q=
> > 0.5,de;q=0.4,fr;q=0.3' \
> > -H 'x-signature: oyQbrF4XBHg40wQdzJytES6thC9z2z+rvs+KQpcIn8M=' \
>
> What is this signature? It sounds like something created in Javascript to
> prevent people from doing what you're trying to do.
>
> > -H 'timestamp: 1589063737703' \
>
> This timestamp is from 3 days ago. This header is probably in the same
> category
> as the last one.
>
> > --data 'user=USER%40gmail.com
> &passwrd=PASSSSS&cookieneverexp=on&c13a08a29
> > =bd8cf50879be944ee415b1319081f6dd&hash_passwrd=' \
>
> hash_passwrd= is blank; should it be? Also, the hex numbers in there may
> also be some kind of security code.
>
> > --compressed \
> > -c cookies.txt
> >
> > I can save cookies. But the result of these command returns me url like
> I'm not
> > logged in. I can't understand :-(
>
> Probably because the server doesn't like some of the headers or data
> you're sending.
>
> > Any help please?
>
> Be sure to read
> https://curl.haxx.se/docs/httpscripting.html#Some_login_tricks
> This kind of thing can sometimes be really difficult to perform.
>
> Dan
> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
>

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-05-13