LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 08-28-2009, 12:52 AM   #1
Chris_no
LQ Newbie
 
Registered: Jun 2009
Distribution: Ubuntu 8.04 Hardy Heron
Posts: 15

Rep: Reputation: 0
Using curl to log in to https page.


Hello.

I am having difficulties using curl to log into a specific site using https.

The command I use is:

Code:
curl -k -b cookie -c cookie -d "hldno=xxxx&passphrase=xxxx&btn_login.x=45&btn_login.y=9" -o side.html https://secure.site.com/user/login.php
Liveheaders in Firefox captures this when I log in manually:

Code:
https://secure.site.com/user/login.php

POST /user/login.php HTTP/1.1
Host: secure.site.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: nb,no;q=0.8,nn;q=0.6,en-us;q=0.4,en;q=0.2
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://secure.site.com/user/login.php
Cookie: gmpcucode=978; __utma=71813964.1151648937473018600.1250869847.1250869847.1251397437.2; __utmz=71813964.1250869847.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gmsid=bq1oo34nb4haqg34qukuvnsgpb1h5la3; gmlangcode=0; gm_textsize=62.5; __utmb=71813964.1.10.1251397437; __utmc=71813964
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
hldno=username-R&passphrase=password&btn_login.x=45&btn_login.y=9
HTTP/1.x 302 Found
Date: Thu, 27 Aug 2009 18:24:40 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: gmpcucode=978; expires=Sat, 26-Sep-2009 18:24:40 GMT; path=/; domain=.site.com
Location: setsecqa.php
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
I may mention that the password has a plus sign that is sent like this "xxx%2Bxxx".

This is the login form:

Code:
<form name="formpost" action="/user/login.php?gmsid=p31gieju399j7fjeqj5t1n77kigpq673" method="post">
	<tr>
		<td class="literal" align="right">Holding Number:</td>
		<td class="regular" valign="center">
			<input type="textbox" name="hldno" value="" size="30" autocomplete="off">&nbsp;(example: 50-00-01-G or 500001g)
			<a href="losthold.php?gmsid=p31gieju399j7fjeqj5t1n77kigpq673"><u>Forgot your Holding Number?</u></a>
		</td>
	</tr>
	<tr>
		<td class="literal" align="right">Passphrase:</td>
		<td class="regular" valign="center">
			<input type="password" name="passphrase" value="" size="30" autocomplete="off">&nbsp;Lost Passphrase? <a href="lostpass.php?gmsid=p31gieju399j7fjeqj5t1n77kigpq673"><u>Request a New Passphrase</u></a>
		</td>
	</tr>
	<tr>
		<td class="regular">&nbsp;</td>
		<td class="regular">
			<input type="image" name="btn_login" alt="Login" src="/en/images/user_images/gm_btn_login.gif" border="0">
		</td>
	</tr>
	</form>
 
Old 08-28-2009, 02:48 AM   #2
kdelover
Member
 
Registered: Aug 2009
Posts: 311

Rep: Reputation: 36
I'm not so familiar with using curl,how about elinks if your looking for a command line browser.
 
Old 08-28-2009, 02:57 AM   #3
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Just gonna throw out a guess.

Perhaps you need to curl with the -c first to get the cookie... then make a second call with the -b and -d to send the cookie and credentials.
 
Old 09-03-2009, 03:50 PM   #4
Chris_no
LQ Newbie
 
Registered: Jun 2009
Distribution: Ubuntu 8.04 Hardy Heron
Posts: 15

Original Poster
Rep: Reputation: 0
Okay with help from a PC guru friend of mine we solved the https difficulties.

However not with the above site who only was a test site I practiced on.

I used a program named charlie to log what curl did differently from firefox.

http://www.charlesproxy.com/

Code:
#!/bin/bash

curl -x 127.0.0.1:8888 -k -b kake3 -c kake3 https://site.com/noauth/login/
curl -x 127.0.0.1:8888 -k -b kake3 -c kake3 -d "USER=username&PASSWORD=password&TARGET=/options/for/stupid/script/" https://site.com/stupid_script_url
curl -x 127.0.0.1:8888 -k -b kake3 -c kake3 -o result.html https://site.com/real_url
So basicly I had a script that accepted hidden inputs and redirected me to the loginpage after giving me a coockie and all I needed to do was call the correct url afterwards with curl to be accepted into the site...

If that made any sense to anybody.

Update!!!

The redirect situation need not be as complicated as this.
I have just been made aware that curl don't redirect as default.
So a better way to do the above would just be adding a -L option like this.

Code:
#!/bin/bash

curl -x 127.0.0.1:8888 -k -L -b kake3 -c kake3 -d "USER=username&PASSWORD=password&TARGET=/options/for/stupid/script/" https://site.com/stupid_script_url

Last edited by Chris_no; 09-04-2009 at 11:31 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unexpected "Unsupported protocol: HTTPS" error in Apache/PHP/curl bions Linux - Server 6 11-29-2010 10:51 AM
curl: (1) Protocol https not supported or disabled in libcurl guest Linux - Software 1 05-01-2009 03:40 AM
Wget or cURL code for checking changes to a web page? ewingtux Programming 2 12-16-2008 04:46 PM
i cannt use curl get this page,,,why henryluo Linux - Software 1 03-01-2008 08:07 AM
CURL displays the same form as result page swiftguy121 Linux - Software 0 06-02-2007 08:52 AM


All times are GMT -5. The time now is 06:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration