View the Most Wanted LQ Wiki articles.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 08-28-2009, 12:52 AM   #1
LQ Newbie
Registered: Jun 2009
Distribution: Ubuntu 8.04 Hardy Heron
Posts: 15

Rep: Reputation: 0
Using curl to log in to https page.


I am having difficulties using curl to log into a specific site using https.

The command I use is:

curl -k -b cookie -c cookie -d "hldno=xxxx&passphrase=xxxx&btn_login.x=45&btn_login.y=9" -o side.html
Liveheaders in Firefox captures this when I log in manually:


POST /user/login.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: nb,no;q=0.8,nn;q=0.6,en-us;q=0.4,en;q=0.2
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: gmpcucode=978; __utma=71813964.1151648937473018600.1250869847.1250869847.1251397437.2; __utmz=71813964.1250869847.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gmsid=bq1oo34nb4haqg34qukuvnsgpb1h5la3; gmlangcode=0; gm_textsize=62.5; __utmb=71813964.1.10.1251397437; __utmc=71813964
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
HTTP/1.x 302 Found
Date: Thu, 27 Aug 2009 18:24:40 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: gmpcucode=978; expires=Sat, 26-Sep-2009 18:24:40 GMT; path=/;
Location: setsecqa.php
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
I may mention that the password has a plus sign that is sent like this "xxx%2Bxxx".

This is the login form:

<form name="formpost" action="/user/login.php?gmsid=p31gieju399j7fjeqj5t1n77kigpq673" method="post">
		<td class="literal" align="right">Holding Number:</td>
		<td class="regular" valign="center">
			<input type="textbox" name="hldno" value="" size="30" autocomplete="off">&nbsp;(example: 50-00-01-G or 500001g)
			<a href="losthold.php?gmsid=p31gieju399j7fjeqj5t1n77kigpq673"><u>Forgot your Holding Number?</u></a>
		<td class="literal" align="right">Passphrase:</td>
		<td class="regular" valign="center">
			<input type="password" name="passphrase" value="" size="30" autocomplete="off">&nbsp;Lost Passphrase? <a href="lostpass.php?gmsid=p31gieju399j7fjeqj5t1n77kigpq673"><u>Request a New Passphrase</u></a>
		<td class="regular">&nbsp;</td>
		<td class="regular">
			<input type="image" name="btn_login" alt="Login" src="/en/images/user_images/gm_btn_login.gif" border="0">
Old 08-28-2009, 02:48 AM   #2
Registered: Aug 2009
Posts: 311

Rep: Reputation: 36
I'm not so familiar with using curl,how about elinks if your looking for a command line browser.
Old 08-28-2009, 02:57 AM   #3
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Just gonna throw out a guess.

Perhaps you need to curl with the -c first to get the cookie... then make a second call with the -b and -d to send the cookie and credentials.
Old 09-03-2009, 03:50 PM   #4
LQ Newbie
Registered: Jun 2009
Distribution: Ubuntu 8.04 Hardy Heron
Posts: 15

Original Poster
Rep: Reputation: 0
Okay with help from a PC guru friend of mine we solved the https difficulties.

However not with the above site who only was a test site I practiced on.

I used a program named charlie to log what curl did differently from firefox.


curl -x -k -b kake3 -c kake3
curl -x -k -b kake3 -c kake3 -d "USER=username&PASSWORD=password&TARGET=/options/for/stupid/script/"
curl -x -k -b kake3 -c kake3 -o result.html
So basicly I had a script that accepted hidden inputs and redirected me to the loginpage after giving me a coockie and all I needed to do was call the correct url afterwards with curl to be accepted into the site...

If that made any sense to anybody.


The redirect situation need not be as complicated as this.
I have just been made aware that curl don't redirect as default.
So a better way to do the above would just be adding a -L option like this.


curl -x -k -L -b kake3 -c kake3 -d "USER=username&PASSWORD=password&TARGET=/options/for/stupid/script/"

Last edited by Chris_no; 09-04-2009 at 11:31 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unexpected "Unsupported protocol: HTTPS" error in Apache/PHP/curl bions Linux - Server 6 11-29-2010 10:51 AM
curl: (1) Protocol https not supported or disabled in libcurl guest Linux - Software 1 05-01-2009 03:40 AM
Wget or cURL code for checking changes to a web page? ewingtux Programming 2 12-16-2008 04:46 PM
i cannt use curl get this page,,,why henryluo Linux - Software 1 03-01-2008 08:07 AM
CURL displays the same form as result page swiftguy121 Linux - Software 0 06-02-2007 08:52 AM

All times are GMT -5. The time now is 07:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration