On Thu, 2009-02-26 at 07:26 -0800, bo wrote: > sebb - in my original post I'm referring to Firebug - would you recommend a > better tool?
I like Wireshark, saves me a lot of time when I do things similar to what you are doing. I use it a lot. Christine > > On Thu, Feb 26, 2009 at 5:34 AM, sebb <[email protected]> wrote: > > > Or you can use one of the browser add-ons that show you the requests > > and responses. > > > > On 26/02/2009, Jeff Davis <[email protected]> wrote: > > > Hi, > > > > > > Scripted logins are generally purposely hard to crack. There is quite > > > possibly hidden vars along with the user and pass, sometimes javascript > > > modifies a post field before it's sent and also cookies are set that must > > be > > > duplicated. > > > > > > I have always found a packet analyzer helpful such as wireshark to get a > > > clear understanding of how the login process looks when using a browser, > > > then comparing that to what the packets look like with the httpclient > > app. > > > > > > That should get you started in the right direction, if you look a little > > > deeper. > > > > > > Jeff > > > > > > > > > > > > > > > > > > bo wrote: > > > > > > > Hi > > > > > > > > I'm trying to do form-based authentication. Here's what happens > > according > > > to > > > > the Firebug > > > > > > > > 1. Hit the URL (GET http://foo.com) > > > > 2. That gets response code 302 and gets redirected (GET > > > > http://foo.com/session/new) which brings a login form > > > > 3. Login form is POST with > > > action="https://foo.com/session"; and two fields > > > > uname and passwd > > > > 4. Submitting the form gets 302 (POST https://foo.com/session) and > > then > > > GET > > > > http://foo.com/session/new which brings index page content > > > > > > > > I'm not clear if I need to follow both redirects and what is the best > > way > > > to > > > > do it. Test code that I have follows > > > > > > > > DefaultHttpClient client = new DefaultHttpClient(); > > > > HttpGet get = new HttpGet("http://foo.com/";); > > > > HttpResponse response = client.execute(get); > > > > System.out.println(response.getStatusLine()); > > > > response.getEntity().consumeContent(); > > > > // do the form post, retain all the cookies > > > > HttpPost post = new > > > HttpPost("https://foo.com/session/new";); > > > > List <NameValuePair> nvps = new ArrayList <NameValuePair>(); > > > > nvps.add(new BasicNameValuePair("login", "[email protected]")); > > > > nvps.add(new BasicNameValuePair("password", "Foo")); > > > > nvps.add(new BasicNameValuePair("commit", "Sign In")); // this > > is > > > > actually a submit button > > > > post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); > > > > HttpResponse postresponse = client.execute(post); > > > > ResponseHandler<String> handler = new BasicResponseHandler(); > > > > String body = > > > handler.handleResponse(postresponse); > > > > System.out.println(body); > > > > // still prints out login form > > > > > > > > Thanks, > > > > > > > > Bob S. > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > > [email protected] > > > For additional commands, e-mail: > > > [email protected] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- dagdag is just a two-character rotation of byebye...
smime.p7s
Description: S/MIME Cryptographic Signature
