Thanks Jeff, I have not use packet analyzers for such purpose before. Using NET portion of Firebug, I can clearly see all headers, responses, cookies, etc. I will try wireshark, any pointers on what to look for? And mainly - do I need manually follow redirects or should HttpClient follow these, especially 302?
Bob On Wed, Feb 25, 2009 at 11:09 PM, Jeff Davis <[email protected]> wrote: > Hi, > > Scripted logins are generally purposely hard to crack. There is quite > possibly hidden vars along with the user and pass, sometimes javascript > modifies a post field before it's sent and also cookies are set that must be > duplicated. > > I have always found a packet analyzer helpful such as wireshark to get a > clear understanding of how the login process looks when using a browser, > then comparing that to what the packets look like with the httpclient app. > > That should get you started in the right direction, if you look a little > deeper. > > Jeff > > > > > > bo wrote: > >> Hi >> >> I'm trying to do form-based authentication. Here's what happens according >> to >> the Firebug >> >> 1. Hit the URL (GET http://foo.com) >> 2. That gets response code 302 and gets redirected (GET >> http://foo.com/session/new) which brings a login form >> 3. Login form is POST with action="https://foo.com/session"; and two >> fields >> uname and passwd >> 4. Submitting the form gets 302 (POST https://foo.com/session) and then >> GET >> http://foo.com/session/new which brings index page content >> >> I'm not clear if I need to follow both redirects and what is the best way >> to >> do it. Test code that I have follows >> >> DefaultHttpClient client = new DefaultHttpClient(); >> HttpGet get = new HttpGet("http://foo.com/";); >> HttpResponse response = client.execute(get); >> System.out.println(response.getStatusLine()); >> response.getEntity().consumeContent(); >> // do the form post, retain all the cookies >> HttpPost post = new HttpPost("https://foo.com/session/new";); >> List <NameValuePair> nvps = new ArrayList <NameValuePair>(); >> nvps.add(new BasicNameValuePair("login", "[email protected]")); >> nvps.add(new BasicNameValuePair("password", "Foo")); >> nvps.add(new BasicNameValuePair("commit", "Sign In")); // this is >> actually a submit button >> post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); >> HttpResponse postresponse = client.execute(post); >> ResponseHandler<String> handler = new BasicResponseHandler(); >> String body = handler.handleResponse(postresponse); >> System.out.println(body); >> // still prints out login form >> >> Thanks, >> >> Bob S. >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- _________________________ "Jump right ahead in my web" The Rolling Stones. "Out of Our Heads" 1965
