[prev in list] [next in list] [prev in thread] [next in thread]
List: curl-users
Subject: Re: Problem connecting to password protected page
From: Gary Danko <gary () hekal ! org>
Date: 2003-11-26 6:43:39
[Download RAW message or body]
I will give that a shot right now!
On Nov 25, 2003, at 10:35 PM, Ralph Mitchell wrote:
> I tried pulling this page:
>
> http://www.premiereinteractive.com/cgi-bin/members.cgi?stream=shows/
> PHILHENDREAL20031121&site=philhend&type=real_show
> and got back a cookie in the headers:
>
> Set-Cookie: :xCOOKIEx:=OTk5ODgxMTEw; expires=Saturday, 27-Dec-2003
> 09:14:09 GMT; path=/; domain=.premiereinteractive.com;
>
> The form also contains a couple of hidden fields that you didn't send
> back:
>
> input type="hidden" name="iGate"
> value="OTk5ODgxMTEwJmlTZXNpZD00NzY4NjE2MA=="
> input type="hidden" name="iType" value="MAIN"
> So, your curl command could look something like this:
>
> curl -s -S -L -b cookiefile -c cookiefile \
> -d "iUserName=mylogin" \
> -d "iPassword=mypassword" \
> -d "submit=Submit" \
> -d "iGate=OTk5ODgxMTEwJmlTZXNpZD00NzY4NjE2MA==" \
> -d "iType=MAIN" \
> https://members.premiereinteractive.com/pcd/eGateChk
>
> You may need to url-encode the iGate value, as it contains "==",
> which would equate to "%3d%3d".
>
> It's possible that premierinteractive.com is objecting to your
> "browser" user-agent string. you can fake that too, by adding "-A
> Mozilla/4.0" to the above command. It wouldn't hurt to add in the
> referrer, but I've yet to come across a site that needed it, and I'm
> running around 1000 tests against several hundred servers...
>
> Ralph Mitchell
>
>
> Mayuresh Kadu wrote:
>
> Maybe what u need is a valid "REFERER". Refer to Point 7.0 on
> http://curl.haxx.se/docs/httpscripting.html. It says
>
> "A HTTP request may include a 'referer' field, which can be used to
> tell
> from which URL the client got to this particular resource. Some
> programs/scripts check the referer field of requests to verify that
> this
> wasn't arriving from an external site or an unknown page. While this
> is a
> stupid way to check something so easily forged, many scripts still do
> it.
> Using curl, you can put anything you want in the referer-field and
> thus more
> easily be able to fool the server into serving your request."
>
> Use curl to set the referer field with:
>
> curl -e http://curl.haxx.se daniel.haxx.se
>
> Hope this helps ..
>
>
> - Mayuresh
>
>
> -----Original Message-----
> From: curl-users-admin@lists.sourceforge.net
> [mailto:curl-users-admin@lists.sourceforge.net]On Behalf Of Gary Danko
> Sent: Wednesday, November 26, 2003 12:29 AM
> To: curl-users@lists.sourceforge.net
> Subject: Re: Problem connecting to password protected page
>
>
> Okay I am getting somewhere. I can authenticate but I am getting an
> error... Still plodding along but I thought I'd post it anyway. :)
>
> [baracus:~] gdanko% curl -v -e
> "http://www.premiereinteractive.com/cgi-bin/members.cgi?stream=shows/
> PHILHEN
> DREAL20031121&site=philhend&type=real_show"
> -d "iUserName=mylogin&iPassword=mypassword&submit=Submit"
> https://members.premiereinteractive.com/pcd/eGateChk
> * About to connect() to members.premiereinteractive.com:443
> * Connected to authstream.premiereinteractive.com (65.83.107.249) port
> 443
> * SSL connection using DES-CBC3-SHA
> * Server certificate:
> * subject: /C=US/ST=California/L=Sherman Oaks/O=Premiere Radio
> Networks/OU=Premiere Interactive/CN=members.premiereinteractive.com
> * start date: 2002-09-16 00:00:00 GMT
> * expire date: 2004-10-07 23:59:59 GMT
> * common name: members.premiereinteractive.com (matched)
> * issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server
> Certification Authority
> > POST /pcd/eGateChk HTTP/1.1
> User-Agent: curl/7.10.2 (powerpc-apple-darwin7.0) libcurl/7.10.2
> OpenSSL/0.9.7b zlib/1.1.4
> Host: members.premiereinteractive.com
> Pragma: no-cache
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> Referer:
> http://www.premiereinteractive.com/cgi-bin/members.cgi?stream=shows/
> PHILHEND
> REAL20031121&site=philhend&type=real_show
> Content-Length: 55
> Content-Type: application/x-www-form-urlencoded
>
> iUserName=mylogin&iPassword=mypassword&submit=Submit<HTML>
> <BODY>
> <CENTER>
> <BR>
> <BR>
> <font size=4>
> Sorry, the following error has occurred:
> <BR>
> <p>Our subscription application expects to be called via a link from a
> publisher's web site.<br>It also expects to be provided with a valid
> magazine identifier.<br>It will not run correctly otherwise.<br>
> <BR>
> We are unable to continue processing your request at this time.
> <BR>
> The site Webmaster has been notified.
> <BR>
> Please try again later.</font>
> </CENTER>
> </BODY>
> </HTML>
> * Connection #0 left intact
> * Closing connection #0
>
>
> Daniel Stenberg wrote:
>
>
> On Tue, 25 Nov 2003, Gary Danko wrote:
>
>
>
> I still have to authenticate though.. that is the problem.
>
> Remember I go from the first URL (audioarchives) to
> members.premiereinteractive.com where I have to authenticate with an
> HTML
> form. I then go back to audioarchives. It loops me around and I do not
>
> know
>
> how to handle the form-based authentication and the looping back to my
> starting point.
>
> I would recommend you to get a grip of the basics by reading The Art Of
> Scripting HTTP Requests Using Curl:
>
> http://curl.haxx.se/docs/httpscripting.html
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us help
> YOU! Click Here: http://sourceforge.net/donate/
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us help
> YOU! Click Here: http://sourceforge.net/donate/
>
I will give that a shot right now!
On Nov 25, 2003, at 10:35 PM, Ralph Mitchell wrote:
<excerpt>I tried pulling this page:
<fixed><color><param>0000,0000,EEEE</param>http://www.premiereinteractive.com/cgi-bin/ \
members.cgi?stream=shows/PHILHENDREAL20031121&site=philhend&type=real_show</color></fixed>
and got back a cookie in the headers:
<fixed> Set-Cookie: :xCOOKIEx:=OTk5ODgxMTEw; expires=Saturday,
27-Dec-2003 09:14:09 GMT; path=/; domain=.premiereinteractive.com;
</fixed>
The form also contains a couple of hidden fields that you didn't send
back:
<fixed> input type="hidden" name="iGate"
value="OTk5ODgxMTEwJmlTZXNpZD00NzY4NjE2MA=="</fixed>
<fixed> input type="hidden" name="iType" value="MAIN"</fixed>
So, your curl command could look something like this:
curl -s -S -L -b cookiefile -c cookiefile \
-d "iUserName=mylogin" \
-d "iPassword=mypassword" \
-d "submit=Submit" \
-d "iGate=OTk5ODgxMTEwJmlTZXNpZD00NzY4NjE2MA==" \
-d "iType=MAIN" \
<color><param>0000,0000,EEEE</param>https://members.premiereinteractive.com/pcd/eGateChk</color>
You may need to url-encode the iGate value, as it contains "==",
which would equate to "%3d%3d".
It's possible that premierinteractive.com is objecting to your
"browser" user-agent string. you can fake that too, by adding "-A
Mozilla/4.0" to the above command. It wouldn't hurt to add in the
referrer, but I've yet to come across a site that needed it, and I'm
running around 1000 tests against several hundred servers...
Ralph Mitchell
Mayuresh Kadu wrote:
<fixed>Maybe what u need is a valid "REFERER". Refer to Point 7.0 on
<color><param>0000,0000,EEEE</param>http://curl.haxx.se/docs/httpscripting.html</color>.
It says
"A HTTP request may include a 'referer' field, which can be used to
tell
from which URL the client got to this particular resource. Some
programs/scripts check the referer field of requests to verify that
this
wasn't arriving from an external site or an unknown page. While this
is a
stupid way to check something so easily forged, many scripts still do
it.
Using curl, you can put anything you want in the referer-field and
thus more
easily be able to fool the server into serving your request."
Use curl to set the referer field with:
curl -e
<color><param>0000,0000,EEEE</param>http://curl.haxx.se</color> daniel.haxx.se
Hope this helps ..
- Mayuresh
-----Original Message-----
From:
<color><param>0000,0000,EEEE</param>curl-users-admin@lists.sourceforge.net</color>
[<color><param>0000,0000,EEEE</param>mailto:curl-users-admin@lists.sourceforge.net</color>]On
Behalf Of Gary Danko
Sent: Wednesday, November 26, 2003 12:29 AM
To:
<color><param>0000,0000,EEEE</param>curl-users@lists.sourceforge.net</color>
Subject: Re: Problem connecting to password protected page
Okay I am getting somewhere. I can authenticate but I am getting an
error... Still plodding along but I thought I'd post it anyway. :)
[baracus:~] gdanko% curl -v -e
<color><param>0000,0000,EEEE</param>"http://www.premiereinteractive.com/cgi-bin/members.cgi?stream=shows/PHILHEN
DREAL20031121&site=philhend&type=real_show"</color>
-d "iUserName=mylogin&iPassword=mypassword&submit=Submit"
<color><param>0000,0000,EEEE</param>https://members.premiereinteractive.com/pcd/eGateChk</color>
* About to connect() to members.premiereinteractive.com:443
* Connected to authstream.premiereinteractive.com (65.83.107.249) port
443
* SSL connection using DES-CBC3-SHA
* Server certificate:
* subject: /C=US/ST=California/L=Sherman Oaks/O=Premiere Radio
Networks/OU=Premiere Interactive/CN=members.premiereinteractive.com
* start date: 2002-09-16 00:00:00 GMT
* expire date: 2004-10-07 23:59:59 GMT
* common name: members.premiereinteractive.com (matched)
* issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server
Certification Authority
> POST /pcd/eGateChk HTTP/1.1
User-Agent: curl/7.10.2 (powerpc-apple-darwin7.0) libcurl/7.10.2
OpenSSL/0.9.7b zlib/1.1.4
Host: members.premiereinteractive.com
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Referer:
<color><param>0000,0000,EEEE</param>http://www.premiereinteractive.com/cgi-bin/members.cgi?stream=shows/PHILHEND</color>
REAL20031121&site=philhend&type=real_show
Content-Length: 55
Content-Type: application/x-www-form-urlencoded
iUserName=mylogin&iPassword=mypassword&submit=Submit<<HTML>
<<BODY>
<<CENTER>
<<BR>
<<BR>
<<font size=4>
Sorry, the following error has occurred:
<<BR>
<<p>Our subscription application expects to be called via a link from a
publisher's web site.<<br>It also expects to be provided with a valid
magazine identifier.<<br>It will not run correctly otherwise.<<br>
<<BR>
We are unable to continue processing your request at this time.
<<BR>
The site Webmaster has been notified.
<<BR>
Please try again later.<</font>
<</CENTER>
<</BODY>
<</HTML>
* Connection #0 left intact
* Closing connection #0
Daniel Stenberg wrote:
</fixed>
<fixed>On Tue, 25 Nov 2003, Gary Danko wrote:
</fixed>
<fixed>I still have to authenticate though.. that is the problem.
Remember I go from the first URL (audioarchives) to
members.premiereinteractive.com where I have to authenticate with an
HTML
form. I then go back to audioarchives. It loops me around and I do not
</fixed>
<fixed>know
</fixed>
<fixed>how to handle the form-based authentication and the looping
back to my
starting point.
</fixed>
<fixed>I would recommend you to get a grip of the basics by reading
The Art Of
Scripting HTTP Requests Using Curl:
<color><param>0000,0000,EEEE</param>http://curl.haxx.se/docs/httpscripting.html</color>
</fixed>
<fixed>
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here:
<color><param>0000,0000,EEEE</param>http://sourceforge.net/donate/</color>
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here:
<color><param>0000,0000,EEEE</param>http://sourceforge.net/donate/</color>
</fixed>
</excerpt>
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic