sebb - in my original post I'm referring to Firebug - would you recommend a better tool?
On Thu, Feb 26, 2009 at 5:34 AM, sebb <[email protected]> wrote: > Or you can use one of the browser add-ons that show you the requests > and responses. > > On 26/02/2009, Jeff Davis <[email protected]> wrote: > > Hi, > > > > Scripted logins are generally purposely hard to crack. There is quite > > possibly hidden vars along with the user and pass, sometimes javascript > > modifies a post field before it's sent and also cookies are set that must > be > > duplicated. > > > > I have always found a packet analyzer helpful such as wireshark to get a > > clear understanding of how the login process looks when using a browser, > > then comparing that to what the packets look like with the httpclient > app. > > > > That should get you started in the right direction, if you look a little > > deeper. > > > > Jeff > > > > > > > > > > > > bo wrote: > > > > > Hi > > > > > > I'm trying to do form-based authentication. Here's what happens > according > > to > > > the Firebug > > > > > > 1. Hit the URL (GET http://foo.com) > > > 2. That gets response code 302 and gets redirected (GET > > > http://foo.com/session/new) which brings a login form > > > 3. Login form is POST with > > action="https://foo.com/session"; and two fields > > > uname and passwd > > > 4. Submitting the form gets 302 (POST https://foo.com/session) and > then > > GET > > > http://foo.com/session/new which brings index page content > > > > > > I'm not clear if I need to follow both redirects and what is the best > way > > to > > > do it. Test code that I have follows > > > > > > DefaultHttpClient client = new DefaultHttpClient(); > > > HttpGet get = new HttpGet("http://foo.com/";); > > > HttpResponse response = client.execute(get); > > > System.out.println(response.getStatusLine()); > > > response.getEntity().consumeContent(); > > > // do the form post, retain all the cookies > > > HttpPost post = new > > HttpPost("https://foo.com/session/new";); > > > List <NameValuePair> nvps = new ArrayList <NameValuePair>(); > > > nvps.add(new BasicNameValuePair("login", "[email protected]")); > > > nvps.add(new BasicNameValuePair("password", "Foo")); > > > nvps.add(new BasicNameValuePair("commit", "Sign In")); // this > is > > > actually a submit button > > > post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); > > > HttpResponse postresponse = client.execute(post); > > > ResponseHandler<String> handler = new BasicResponseHandler(); > > > String body = > > handler.handleResponse(postresponse); > > > System.out.println(body); > > > // still prints out login form > > > > > > Thanks, > > > > > > Bob S. > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [email protected] > > For additional commands, e-mail: > > [email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- _________________________ "Jump right ahead in my web" The Rolling Stones. "Out of Our Heads" 1965
