Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: can't login with curl in forum

From: mierdatutis mi via curl-users <curl-users_at_cool.haxx.se>
Date: Thu, 14 May 2020 09:32:15 +0200

Thanks Bruce, good idea!
If I disable javascript I can login without problems. So the hash function
not works or is not necessary

El mié., 13 may. 2020 a las 14:52, bruce via curl-users (<
curl-users_at_cool.haxx.se>) escribió:

> Hey.
>
> Late to the conversation. If I understand the part of the thread I've
> seen, you're trying to use curl to login to a site. If this is
> correct. Use the browser (Firefox/Chrome) and disable the javascript,
> and see if you can login with javascript not working. If you can
> successfully get in, then you know you should be able to craft a curl
> process to statically login to the site.
>
> If the disabled attempt doesn't work, then you still might be able to
> login, but it would mean you have to "replicate" the logic performed
> by the javascript process.
>
> Making sure the browser/javascript is enabled, and that you can login.
> There should be a "create curl" function somewhere in/on the browser.
> This would essentially replicate what the browser has done, using a
> curl statement to generate the curl action url+headers etc. Keep in
> mind, some login processes are multi step processes. As for the
> browser/curl function, google might need to help show you where this
> function is. I can't recall at the moment!
>
> And, if you've already done the above steps, my bad!
>
> good luck!
>
> On Wed, May 13, 2020 at 8:25 AM mierdatutis mi via curl-users
> <curl-users_at_cool.haxx.se> wrote:
> >
> > Thanks David,
> > What do you men with duplicate headers? I only see a post call in chrome
> network tool.
> >
> > About the data part, I only have to fill in form username and password
> that I put in the curl command, the rest of command that I put is get of
> chrome network tool.
> >
> >
> >
> > El mié., 13 may. 2020 a las 13:58, David Colter via curl-users (<
> curl-users_at_cool.haxx.se>) escribió:
> >>
> >> Hi,
> >>
> >> curl -vvv 'http://labsk.net/index.php?action=login2' \
> >> -H 'Connection: keep-alive' \
> >> -H 'Cache-Control: max-age=0' \
> >> -H 'Upgrade-Insecure-Requests: 1' \
> >> -H 'Origin: http://labsk.net' \
> >> -H 'Content-Type: application/x-www-form-urlencoded' \
> >> -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36' \
> >> -H 'Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
> \
> >> -H 'Referer: http://labsk.net/index.php?action=login' \
> >> -H 'Accept-Language:
> en-US,en;q=0.9,es;q=0.8,pt;q=0.7,zh-CN;q=0.6,zh;q=0.5,de;q=0.4,fr;q=0.3' \
> >> -H 'x-signature: oyQbrF4XBHg40wQdzJytES6thC9z2z+rvs+KQpcIn8M=' \
> >> -H 'timestamp: 1589063737703' \
> >> --data 'user=USER%40gmail.com&passwrd=PASSSSS&cookieneverexp=on&c13a08a29=bd8cf50879be944ee415b1319081f6dd&hash_passwrd='
> \
> >> --compressed \
> >> -c cookies.txt
> >>
> >>
> >> A couple ideas to try. In my experience with login scripts, the trick
> to make them work was to exactly duplicate the headers sent, as seen in the
> network tool. In this way, my scripts never the first 4 -H headers you use.
> Secondly, the x-signature and timestamp might be different for each post.
> Third, The 3rd piece of your --data might also be dynamic. You may have to
> parse the original login page for these values.
> >>
> >> David
> >> -----------------------------------------------------------
> >> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> >> Etiquette: https://curl.haxx.se/mail/etiquette.html
> >
> > -----------------------------------------------------------
> > Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> > Etiquette: https://curl.haxx.se/mail/etiquette.html
>
> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
>

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-05-14