hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Redirect on authentication
Date Thu, 26 Feb 2009 13:34:02 GMT
Or you can use one of the browser add-ons that show you the requests
and responses.

On 26/02/2009, Jeff Davis <jeff@flyingdiamond.com> wrote:
> Hi,
>
>  Scripted logins are generally purposely hard to crack.  There is quite
> possibly hidden vars along with the user and pass, sometimes javascript
> modifies a post field before it's sent and also cookies are set that must be
> duplicated.
>
>  I have always found a packet analyzer helpful such as wireshark to get a
> clear understanding of how the login process looks when using a browser,
> then comparing that to what the packets look like with the httpclient app.
>
>  That should get you started in the right direction, if you look a little
> deeper.
>
>  Jeff
>
>
>
>
>
>  bo wrote:
>
> > Hi
> >
> > I'm trying to do form-based authentication. Here's what happens according
> to
> > the Firebug
> >
> > 1. Hit the URL (GET http://foo.com)
> > 2. That gets response code 302 and gets redirected (GET
> > http://foo.com/session/new) which brings a login form
> > 3. Login form is POST with
> action="https://foo.com/session" and two fields
> > uname and passwd
> > 4. Submitting the form gets 302 (POST https://foo.com/session) and then
> GET
> > http://foo.com/session/new which brings index page content
> >
> > I'm not clear if I need to follow both redirects and what is the best way
> to
> > do it. Test code that I have follows
> >
> >        DefaultHttpClient client = new DefaultHttpClient();
> >        HttpGet get = new HttpGet("http://foo.com/");
> >        HttpResponse response = client.execute(get);
> >        System.out.println(response.getStatusLine());
> >        response.getEntity().consumeContent();
> >        // do the form post, retain all the cookies
> >        HttpPost post = new
> HttpPost("https://foo.com/session/new");
> >        List <NameValuePair> nvps = new ArrayList <NameValuePair>();
> >        nvps.add(new BasicNameValuePair("login", "dude@gmail.com"));
> >        nvps.add(new BasicNameValuePair("password", "Foo"));
> >        nvps.add(new BasicNameValuePair("commit", "Sign In")); // this is
> > actually a submit button
> >        post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
> >        HttpResponse postresponse = client.execute(post);
> >        ResponseHandler<String> handler = new BasicResponseHandler();
> >        String body =
> handler.handleResponse(postresponse);
> >        System.out.println(body);
> >        // still prints out login form
> >
> > Thanks,
> >
> > Bob S.
> >
> >
> >
>
>
> ---------------------------------------------------------------------
>  To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
>  For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message