Re: curl and form submission
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Jun 08, 2016 at 01:02:54PM +0000, Bob wrote:
[...]
> Hello Tomas,
>
> Thanks for your explanation. At my end a funny thing happens which
> now questions the whole web based authentication of this provider. I
> have discovered a simple link (which happens during a quick
> redirection after pressing login button)
>
> http://<link>/login1.html?a=%3F<username>%2B%2F%40&b=%3F<password>%2B%2F%40
>
> I logout to kill my session and then put the same on browser, I
> logged in straight :-)
Again, your browser is pulling your leg. What you are doing with this
command line is equivalent to sending your filled in login form (you
are sending what the browser would do via "URL query parameters".
The next step is the server sending back a fresh session ID in a cookie
(and possibly a redirect to the "real" page). From then on you're in
business.
> How can I send that link through command line then ?
Simple: just "curl" it:
curl 'http://<link>/login1.html?a=%3F<username>%2B%2F%40&b=%3F<password>%2B%2F%40'
but as I said, this'll just give you the first step in a multi-step
process. You'd have possibly to follow (at least) one redirect,
offering the cookie you just harvested. That's where curl's options
- -c (set cookie jar) and -L (follow redirect) come in.
Try to find a way to watch what your browser's doing. It's much
more instructive than reading my incomplete guesses :-)
regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAldYHW8ACgkQBcgs9XrR2kZ9qACfQ+n5GTVFsO22i060kFqu3OJR
RWoAmwcgPTy21GVVCjaZ6+UuDVfzCgT2
=qaKj
-----END PGP SIGNATURE-----
Reply to: