On 05/05/2010, lsacco <occ...@gmail.com> wrote: > > > olegk wrote: > > > > Yahoo as well as other high profile sites intentionally make it very > > difficult to script their login process. > > > > > Yeah, no kidding! Here's my code...I basically combed there form and create > new NameValuePairs for them. They also have hash function onSubmit to MD5 > the password and challenge phrase and so I just do that in Java. Still > after all my efforts, I can't get passed the login form. Anything you see > below that I might be missing? Thanks!
Try comparing the HTTP traffic for a successful session from a browser with what your application is sending, and then tweak the code as needed. A protocol analyser such as Wireshark can help with this. > String url = "https://login.yahoo.com";; > int port = 443; > > HttpClient _client = new HttpClient(); > _client.getHostConfiguration().setHost(url, port, "https"); > > _client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY); > > GetMethod authget = new GetMethod(url); > > try { > _client.executeMethod(authget); > } catch (IOException i) { > i.printStackTrace(); > } > > // Read the response body. > byte[] responseBody = authget.getResponseBody(); > String _strGetRspBody = authget.getResponseBodyAsString(); > _logger.debug("GetRspBody: " + _strGetRspBody); > > // release any connection resources used by the method > authget.releaseConnection(); > > // Get the .u value > int intUStart = _strGetRspBody > .indexOf("<input type=\"hidden\" > name=\".u\""); > intUStart = intUStart + 38; > String strU = _strGetRspBody.substring(intUStart, intUStart + > 13); > _logger.debug("U value from Get: " + strU); > > // Get the .challenge value > int intChallengeStart = _strGetRspBody > .indexOf("<input type=\"hidden\" > name=\".challenge\""); > intChallengeStart = intChallengeStart + 46; > String strChallenge = > _strGetRspBody.substring(intChallengeStart, > intChallengeStart + 28); > _logger.debug("Challenge value from Get: " + strChallenge); > > //JS Function in Yahoo! form to hash password onSubmit > // function hash2(form){var passwd=form.passwd.value > // if(!form.passwd.value){return false;} > // if(ok_password(passwd)){return true;} > // var challenge=form[".challenge"].value; > // var fullhash=MD5(MD5(passwd)+challenge); > // form.passwd.value=fullhash; > // > form[".md5"].value=1;form[".hash"].value=1;form[".js"].value=1; > // return true;} > String hashPwd = MD5(MD5(password) + strChallenge); > _logger.debug("hashPwd value from Get: " + hashPwd); > > NameValuePair[] nvPairs = new NameValuePair[24]; > nvPairs[0] = new NameValuePair("username", user); > nvPairs[1] = new NameValuePair("passwd", hashPwd); > nvPairs[2] = new NameValuePair(".tries","1"); > nvPairs[3] = new NameValuePair(".src","flickr"); > nvPairs[4] = new NameValuePair(".md5","1"); > nvPairs[5] = new NameValuePair(".hash","1"); > nvPairs[6] = new NameValuePair(".js","1"); > nvPairs[7] = new NameValuePair(".last",""); > nvPairs[8] = new NameValuePair("promo",""); > nvPairs[9] = new NameValuePair(".intl","us"); > nvPairs[10] = new NameValuePair(".bypass",""); > nvPairs[11] = new NameValuePair(".partner",""); > nvPairs[12] = new NameValuePair(".u",strU); > nvPairs[13] = new NameValuePair(".v","0"); > nvPairs[14] = new NameValuePair(".challenge",strChallenge); > nvPairs[15] = new NameValuePair(".yplus",""); > nvPairs[16] = new NameValuePair(".emailCode",""); > nvPairs[17] = new NameValuePair("pkg",""); > nvPairs[18] = new NameValuePair("stepid",""); > nvPairs[19] = new NameValuePair(".ev",""); > nvPairs[20] = new NameValuePair("hasMsgr","0"); > nvPairs[21] = new NameValuePair(".chkP","Y"); > nvPairs[22] = new > NameValuePair(".done","http://www.flickr.com/services/api/tos/";); > nvPairs[23] = new NameValuePair(".pd","_ver=0&c=&ivt=&sg="); > > String strLogonUrl = "https://login.yahoo.com/config/login?";; > PostMethod authpost = new PostMethod(strLogonUrl); > > // Prepare login parameters > authpost.setRequestBody(nvPairs); > > try { > _client.executeMethod(authpost); > } catch (IOException i) { > i.printStackTrace(); > } > > String strStatusLine = authpost.getStatusLine().toString(); > System.out.println("Login form post: " + strStatusLine); > > String _strPostRspBody = authpost.getResponseBodyAsString(); > _logger.debug("Response Body from Post: \n" + > _strPostRspBody); > > // release any connection resources used by the method > authpost.releaseConnection(); > > > -- > View this message in context: > http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28466685.html > > Sent from the HttpClient-User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
