cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curling password protected website with hidden dynamic variable on the login page

From: Maximilian Rausch <maxrausch_at_gmail.com>
Date: Thu, 4 Feb 2010 00:03:24 -0500

From: William Betts <william.betts_at_gmail.com>
Date: Wed, 3 Feb 2010 19:14:44 -0800

On Wed, Feb 3, 2010 at 11:10 AM, Maximilian Rausch
<maxrausch_at_gmail.com>wrote:

> I need to curl data that is on a password protected site and I am
> first trying to get by the login page so that I can store the cookies
> which will allow me to get to the password protected data with a
> second call to curl. The login webpage is
>
> https://secure.ngx.com/sso/login
>
> However when the submit button is clicked on the login page it posts a
> hidden variable "lt" which changes every time the page reloads (so you
> can't curl the login page once and parse it to find the value and then
> post it the next time). You can see this by taking a look at the
> source code of the page. I have tried a live HTTP replay ( a function
> of the live http headers plugin for firefox) but the replay does not
> successfully login because I think that the the new page has a
> different value for "lt" while the replay is posting the old value.
>
> I can not figure out how to get the value of 'lt' the first time I
> curl the page so that I can post it along with the username, password,
> and other necessary variables.
>
> Max

>
>Hello,
>
>After looking at the login page I assume you're talking about "<input
>type="hidden" name="lt"
>value="_cDA353F3E-64C2-4DF8-A7C6-6478B2BAC095_k3808E2D5-62BA-0552-1E53-C2AC9C4E71AE"/>".
>
>First you'll want to fetch the login page and store it in some variable.
>Then run the regex below on it. The example is in PHP, but the regex should
>work for other languages as well. The regular expression works, but could
>probably be made better.
>
>preg_match_all('<input\s*type="hidden"\s*name="lt"\s*value="(.*?)"\s*\/>',
>$html, $matches);
>
>Best of Luck,
>William

That is correct I am looking for that value and this idea is what I
had originally thought of as a solution but there is a problem with
it.

I curl the page and use a regex to find the value of 'it', but then
how do I submit the form with this value in the same call to curl?

If you reload the page (or call curl again with the value of 'lt' from
which I found previously) then the login will not work. This is
because when you reload the page the value of 'lt' changes every time.

I tried saving the session ID cookie but the value of 'lt' still
changes every time the page is reloaded.

Does anyone know of another way to accomplish a login to this website
using curl?

Thanks,

Max
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-02-04

This message: [ Message body ]
Next message: Ralph Mitchell: "Re: curling password protected website with hidden dynamic variable on the login page"
Previous message: Ralph Mitchell: "Re: curling password protected website with hidden dynamic variable on the login page"
Maybe in reply to: Ralph Mitchell: "Re: curling password protected website with hidden dynamic variable on the login page"
Next in thread: Ralph Mitchell: "Re: curling password protected website with hidden dynamic variable on the login page"
Reply: Ralph Mitchell: "Re: curling password protected website with hidden dynamic variable on the login page"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]