hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christine Karman <christ...@christine.nl>
Subject Re: Redirect on authentication
Date Fri, 27 Feb 2009 14:30:05 GMT
On Thu, 2009-02-26 at 07:26 -0800, bo wrote:
> sebb - in my original post I'm referring to Firebug - would you recommend a
> better tool?

I like Wireshark, saves me a lot of time when I do things similar to
what you are doing. I use it a lot.

Christine

> 
> On Thu, Feb 26, 2009 at 5:34 AM, sebb <sebbaz@gmail.com> wrote:
> 
> > Or you can use one of the browser add-ons that show you the requests
> > and responses.
> >
> > On 26/02/2009, Jeff Davis <jeff@flyingdiamond.com> wrote:
> > > Hi,
> > >
> > >  Scripted logins are generally purposely hard to crack.  There is quite
> > > possibly hidden vars along with the user and pass, sometimes javascript
> > > modifies a post field before it's sent and also cookies are set that must
> > be
> > > duplicated.
> > >
> > >  I have always found a packet analyzer helpful such as wireshark to get a
> > > clear understanding of how the login process looks when using a browser,
> > > then comparing that to what the packets look like with the httpclient
> > app.
> > >
> > >  That should get you started in the right direction, if you look a little
> > > deeper.
> > >
> > >  Jeff
> > >
> > >
> > >
> > >
> > >
> > >  bo wrote:
> > >
> > > > Hi
> > > >
> > > > I'm trying to do form-based authentication. Here's what happens
> > according
> > > to
> > > > the Firebug
> > > >
> > > > 1. Hit the URL (GET http://foo.com)
> > > > 2. That gets response code 302 and gets redirected (GET
> > > > http://foo.com/session/new) which brings a login form
> > > > 3. Login form is POST with
> > > action="https://foo.com/session" and two fields
> > > > uname and passwd
> > > > 4. Submitting the form gets 302 (POST https://foo.com/session) and
> > then
> > > GET
> > > > http://foo.com/session/new which brings index page content
> > > >
> > > > I'm not clear if I need to follow both redirects and what is the best
> > way
> > > to
> > > > do it. Test code that I have follows
> > > >
> > > >        DefaultHttpClient client = new DefaultHttpClient();
> > > >        HttpGet get = new HttpGet("http://foo.com/");
> > > >        HttpResponse response = client.execute(get);
> > > >        System.out.println(response.getStatusLine());
> > > >        response.getEntity().consumeContent();
> > > >        // do the form post, retain all the cookies
> > > >        HttpPost post = new
> > > HttpPost("https://foo.com/session/new");
> > > >        List <NameValuePair> nvps = new ArrayList <NameValuePair>();
> > > >        nvps.add(new BasicNameValuePair("login", "dude@gmail.com"));
> > > >        nvps.add(new BasicNameValuePair("password", "Foo"));
> > > >        nvps.add(new BasicNameValuePair("commit", "Sign In")); // this
> > is
> > > > actually a submit button
> > > >        post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
> > > >        HttpResponse postresponse = client.execute(post);
> > > >        ResponseHandler<String> handler = new BasicResponseHandler();
> > > >        String body =
> > > handler.handleResponse(postresponse);
> > > >        System.out.println(body);
> > > >        // still prints out login form
> > > >
> > > > Thanks,
> > > >
> > > > Bob S.
> > > >
> > > >
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > >  To unsubscribe, e-mail:
> > > httpclient-users-unsubscribe@hc.apache.org
> > >  For additional commands, e-mail:
> > > httpclient-users-help@hc.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >
> 
> 
-- 
dagdag is just a two-character rotation of byebye...


Mime
View raw message