sebb wrote:
On 05/05/2010, lsacco <occ...@gmail.com> wrote:
olegk wrote:
>
> Yahoo as well as other high profile sites intentionally make it very
> difficult to script their login process.
>
Yeah, no kidding! Here's my code...I basically combed there form and create
new NameValuePairs for them. They also have hash function onSubmit to MD5
the password and challenge phrase and so I just do that in Java. Still
after all my efforts, I can't get passed the login form. Anything you see
below that I might be missing? Thanks!
Try comparing the HTTP traffic for a successful session from a browser
with what your application is sending, and then tweak the code as
needed.
A protocol analyser such as Wireshark can help with this.
Perfect advice, the only thing I have to add is that Wireshark isn't
much help for https - if you can also log in on http then that will
work great.
Otherwise you'll need a browser plugin to sniff the packets before they
get encrypted. Here is a few options:
http://http-sniffer-plugin.qarchive.org/
String url = "https://login.yahoo.com";
int port = 443;
HttpClient _client = new HttpClient();
_client.getHostConfiguration().setHost(url, port, "https");
_client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
GetMethod authget = new GetMethod(url);
try {
_client.executeMethod(authget);
} catch (IOException i) {
i.printStackTrace();
}
// Read the response body.
byte[] responseBody = authget.getResponseBody();
String _strGetRspBody = authget.getResponseBodyAsString();
_logger.debug("GetRspBody: " + _strGetRspBody);
// release any connection resources used by the method
authget.releaseConnection();
// Get the .u value
int intUStart = _strGetRspBody
.indexOf("<input type=\"hidden\" name=\".u\"");
intUStart = intUStart + 38;
String strU = _strGetRspBody.substring(intUStart, intUStart +
13);
_logger.debug("U value from Get: " + strU);
// Get the .challenge value
int intChallengeStart = _strGetRspBody
.indexOf("<input type=\"hidden\"
name=\".challenge\"");
intChallengeStart = intChallengeStart + 46;
String strChallenge =
_strGetRspBody.substring(intChallengeStart,
intChallengeStart + 28);
_logger.debug("Challenge value from Get: " + strChallenge);
//JS Function in Yahoo! form to hash password onSubmit
// function hash2(form){var passwd=form.passwd.value
// if(!form.passwd.value){return false;}
// if(ok_password(passwd)){return true;}
// var challenge=form[".challenge"].value;
// var fullhash=MD5(MD5(passwd)+challenge);
// form.passwd.value=fullhash;
// form[".md5"].value=1;form[".hash"].value=1;form[".js"].value=1;
// return true;}
String hashPwd = MD5(MD5(password) + strChallenge);
_logger.debug("hashPwd value from Get: " + hashPwd);
NameValuePair[] nvPairs = new NameValuePair[24];
nvPairs[0] = new NameValuePair("username", user);
nvPairs[1] = new NameValuePair("passwd", hashPwd);
nvPairs[2] = new NameValuePair(".tries","1");
nvPairs[3] = new NameValuePair(".src","flickr");
nvPairs[4] = new NameValuePair(".md5","1");
nvPairs[5] = new NameValuePair(".hash","1");
nvPairs[6] = new NameValuePair(".js","1");
nvPairs[7] = new NameValuePair(".last","");
nvPairs[8] = new NameValuePair("promo","");
nvPairs[9] = new NameValuePair(".intl","us");
nvPairs[10] = new NameValuePair(".bypass","");
nvPairs[11] = new NameValuePair(".partner","");
nvPairs[12] = new NameValuePair(".u",strU);
nvPairs[13] = new NameValuePair(".v","0");
nvPairs[14] = new NameValuePair(".challenge",strChallenge);
nvPairs[15] = new NameValuePair(".yplus","");
nvPairs[16] = new NameValuePair(".emailCode","");
nvPairs[17] = new NameValuePair("pkg","");
nvPairs[18] = new NameValuePair("stepid","");
nvPairs[19] = new NameValuePair(".ev","");
nvPairs[20] = new NameValuePair("hasMsgr","0");
nvPairs[21] = new NameValuePair(".chkP","Y");
nvPairs[22] = new
NameValuePair(".done","http://www.flickr.com/services/api/tos/");
nvPairs[23] = new NameValuePair(".pd","_ver=0&c=&ivt=&sg=");
String strLogonUrl = "https://login.yahoo.com/config/login?";
PostMethod authpost = new PostMethod(strLogonUrl);
// Prepare login parameters
authpost.setRequestBody(nvPairs);
try {
_client.executeMethod(authpost);
} catch (IOException i) {
i.printStackTrace();
}
String strStatusLine = authpost.getStatusLine().toString();
System.out.println("Login form post: " + strStatusLine);
String _strPostRspBody = authpost.getResponseBodyAsString();
_logger.debug("Response Body from Post: \n" + _strPostRspBody);
// release any connection resources used by the method
authpost.releaseConnection();
--
View this message in context:
http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28466685.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org