Actually I discovered something called HttpFox - it's awesome, for example I can see that requests are going to twate.com for the cert, etc.
On Thu, Feb 26, 2009 at 9:46 AM, sebb <[email protected]> wrote: > On 26/02/2009, bo <[email protected]> wrote: > > sebb - in my original post I'm referring to Firebug - would you recommend > a > > better tool? > > As it happens, I use Live HTTP Headers with Firefox which works OK for me. > > I've never used Firebug, so cannot comment if it is better or worse. > > If you are happy with Firebug then there's no point switching. > > All you need is to be able to see the HTTP traffic. > > > > > On Thu, Feb 26, 2009 at 5:34 AM, sebb <[email protected]> wrote: > > > > > Or you can use one of the browser add-ons that show you the requests > > > and responses. > > > > > > On 26/02/2009, Jeff Davis <[email protected]> wrote: > > > > Hi, > > > > > > > > Scripted logins are generally purposely hard to crack. There is > quite > > > > possibly hidden vars along with the user and pass, sometimes > javascript > > > > modifies a post field before it's sent and also cookies are set that > must > > > be > > > > duplicated. > > > > > > > > I have always found a packet analyzer helpful such as wireshark to > get a > > > > clear understanding of how the login process looks when using a > browser, > > > > then comparing that to what the packets look like with the > httpclient > > > app. > > > > > > > > That should get you started in the right direction, if you look a > little > > > > deeper. > > > > > > > > Jeff > > > > > > > > > > > > > > > > > > > > > > > > bo wrote: > > > > > > > > > Hi > > > > > > > > > > I'm trying to do form-based authentication. Here's what happens > > > according > > > > to > > > > > the Firebug > > > > > > > > > > 1. Hit the URL (GET http://foo.com) > > > > > 2. That gets response code 302 and gets redirected (GET > > > > > http://foo.com/session/new) which brings a login form > > > > > 3. Login form is POST with > > > > action="https://foo.com/session"; and two fields > > > > > uname and passwd > > > > > 4. Submitting the form gets 302 (POST https://foo.com/session) > and > > > then > > > > GET > > > > > http://foo.com/session/new which brings index page content > > > > > > > > > > I'm not clear if I need to follow both redirects and what is the > best > > > way > > > > to > > > > > do it. Test code that I have follows > > > > > > > > > > DefaultHttpClient client = new DefaultHttpClient(); > > > > > HttpGet get = new HttpGet("http://foo.com/";); > > > > > HttpResponse response = client.execute(get); > > > > > System.out.println(response.getStatusLine()); > > > > > response.getEntity().consumeContent(); > > > > > // do the form post, retain all the cookies > > > > > HttpPost post = new > > > > HttpPost("https://foo.com/session/new";); > > > > > List <NameValuePair> nvps = new ArrayList > <NameValuePair>(); > > > > > nvps.add(new BasicNameValuePair("login", "[email protected] > ")); > > > > > nvps.add(new BasicNameValuePair("password", "Foo")); > > > > > nvps.add(new BasicNameValuePair("commit", "Sign In")); // > this > > > is > > > > > actually a submit button > > > > > post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); > > > > > HttpResponse postresponse = client.execute(post); > > > > > ResponseHandler<String> handler = new > BasicResponseHandler(); > > > > > String body = > > > > handler.handleResponse(postresponse); > > > > > System.out.println(body); > > > > > // still prints out login form > > > > > > > > > > Thanks, > > > > > > > > > > Bob S. > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > > > > [email protected] > > > > For additional commands, e-mail: > > > > [email protected] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > -- > > _________________________ > > "Jump right ahead in my web" > > The Rolling Stones. > > "Out of Our Heads" 1965 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- _________________________ "Jump right ahead in my web" The Rolling Stones. "Out of Our Heads" 1965
