hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Redirect on authentication
Date Thu, 26 Feb 2009 17:46:45 GMT
On 26/02/2009, bo <bostone@gmail.com> wrote:
> sebb - in my original post I'm referring to Firebug - would you recommend a
>  better tool?

As it happens, I use Live HTTP Headers with Firefox which works OK for me.

I've never used Firebug, so cannot comment if it is better or worse.

If you are happy with Firebug then there's no point switching.

All you need is to be able to see the HTTP traffic.

>
>  On Thu, Feb 26, 2009 at 5:34 AM, sebb <sebbaz@gmail.com> wrote:
>
>  > Or you can use one of the browser add-ons that show you the requests
>  > and responses.
>  >
>  > On 26/02/2009, Jeff Davis <jeff@flyingdiamond.com> wrote:
>  > > Hi,
>  > >
>  > >  Scripted logins are generally purposely hard to crack.  There is quite
>  > > possibly hidden vars along with the user and pass, sometimes javascript
>  > > modifies a post field before it's sent and also cookies are set that must
>  > be
>  > > duplicated.
>  > >
>  > >  I have always found a packet analyzer helpful such as wireshark to get a
>  > > clear understanding of how the login process looks when using a browser,
>  > > then comparing that to what the packets look like with the httpclient
>  > app.
>  > >
>  > >  That should get you started in the right direction, if you look a little
>  > > deeper.
>  > >
>  > >  Jeff
>  > >
>  > >
>  > >
>  > >
>  > >
>  > >  bo wrote:
>  > >
>  > > > Hi
>  > > >
>  > > > I'm trying to do form-based authentication. Here's what happens
>  > according
>  > > to
>  > > > the Firebug
>  > > >
>  > > > 1. Hit the URL (GET http://foo.com)
>  > > > 2. That gets response code 302 and gets redirected (GET
>  > > > http://foo.com/session/new) which brings a login form
>  > > > 3. Login form is POST with
>  > > action="https://foo.com/session" and two fields
>  > > > uname and passwd
>  > > > 4. Submitting the form gets 302 (POST https://foo.com/session) and
>  > then
>  > > GET
>  > > > http://foo.com/session/new which brings index page content
>  > > >
>  > > > I'm not clear if I need to follow both redirects and what is the best
>  > way
>  > > to
>  > > > do it. Test code that I have follows
>  > > >
>  > > >        DefaultHttpClient client = new DefaultHttpClient();
>  > > >        HttpGet get = new HttpGet("http://foo.com/");
>  > > >        HttpResponse response = client.execute(get);
>  > > >        System.out.println(response.getStatusLine());
>  > > >        response.getEntity().consumeContent();
>  > > >        // do the form post, retain all the cookies
>  > > >        HttpPost post = new
>  > > HttpPost("https://foo.com/session/new");
>  > > >        List <NameValuePair> nvps = new ArrayList <NameValuePair>();
>  > > >        nvps.add(new BasicNameValuePair("login", "dude@gmail.com"));
>  > > >        nvps.add(new BasicNameValuePair("password", "Foo"));
>  > > >        nvps.add(new BasicNameValuePair("commit", "Sign In")); // this
>  > is
>  > > > actually a submit button
>  > > >        post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
>  > > >        HttpResponse postresponse = client.execute(post);
>  > > >        ResponseHandler<String> handler = new BasicResponseHandler();
>  > > >        String body =
>  > > handler.handleResponse(postresponse);
>  > > >        System.out.println(body);
>  > > >        // still prints out login form
>  > > >
>  > > > Thanks,
>  > > >
>  > > > Bob S.
>  > > >
>  > > >
>  > > >
>  > >
>  > >
>  > > ---------------------------------------------------------------------
>  > >  To unsubscribe, e-mail:
>  > > httpclient-users-unsubscribe@hc.apache.org
>  > >  For additional commands, e-mail:
>  > > httpclient-users-help@hc.apache.org
>  > >
>  > >
>  >
>  > ---------------------------------------------------------------------
>  > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>  > For additional commands, e-mail: httpclient-users-help@hc.apache.org
>  >
>  >
>
>
>
> --
>  _________________________
>  "Jump right ahead in my web"
>  The Rolling Stones.
>  "Out of Our Heads" 1965
>

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message