hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bo <bost...@gmail.com>
Subject Re: Redirect on authentication
Date Thu, 26 Feb 2009 15:26:49 GMT
sebb - in my original post I'm referring to Firebug - would you recommend a
better tool?

On Thu, Feb 26, 2009 at 5:34 AM, sebb <sebbaz@gmail.com> wrote:

> Or you can use one of the browser add-ons that show you the requests
> and responses.
>
> On 26/02/2009, Jeff Davis <jeff@flyingdiamond.com> wrote:
> > Hi,
> >
> >  Scripted logins are generally purposely hard to crack.  There is quite
> > possibly hidden vars along with the user and pass, sometimes javascript
> > modifies a post field before it's sent and also cookies are set that must
> be
> > duplicated.
> >
> >  I have always found a packet analyzer helpful such as wireshark to get a
> > clear understanding of how the login process looks when using a browser,
> > then comparing that to what the packets look like with the httpclient
> app.
> >
> >  That should get you started in the right direction, if you look a little
> > deeper.
> >
> >  Jeff
> >
> >
> >
> >
> >
> >  bo wrote:
> >
> > > Hi
> > >
> > > I'm trying to do form-based authentication. Here's what happens
> according
> > to
> > > the Firebug
> > >
> > > 1. Hit the URL (GET http://foo.com)
> > > 2. That gets response code 302 and gets redirected (GET
> > > http://foo.com/session/new) which brings a login form
> > > 3. Login form is POST with
> > action="https://foo.com/session" and two fields
> > > uname and passwd
> > > 4. Submitting the form gets 302 (POST https://foo.com/session) and
> then
> > GET
> > > http://foo.com/session/new which brings index page content
> > >
> > > I'm not clear if I need to follow both redirects and what is the best
> way
> > to
> > > do it. Test code that I have follows
> > >
> > >        DefaultHttpClient client = new DefaultHttpClient();
> > >        HttpGet get = new HttpGet("http://foo.com/");
> > >        HttpResponse response = client.execute(get);
> > >        System.out.println(response.getStatusLine());
> > >        response.getEntity().consumeContent();
> > >        // do the form post, retain all the cookies
> > >        HttpPost post = new
> > HttpPost("https://foo.com/session/new");
> > >        List <NameValuePair> nvps = new ArrayList <NameValuePair>();
> > >        nvps.add(new BasicNameValuePair("login", "dude@gmail.com"));
> > >        nvps.add(new BasicNameValuePair("password", "Foo"));
> > >        nvps.add(new BasicNameValuePair("commit", "Sign In")); // this
> is
> > > actually a submit button
> > >        post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
> > >        HttpResponse postresponse = client.execute(post);
> > >        ResponseHandler<String> handler = new BasicResponseHandler();
> > >        String body =
> > handler.handleResponse(postresponse);
> > >        System.out.println(body);
> > >        // still prints out login form
> > >
> > > Thanks,
> > >
> > > Bob S.
> > >
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> >  To unsubscribe, e-mail:
> > httpclient-users-unsubscribe@hc.apache.org
> >  For additional commands, e-mail:
> > httpclient-users-help@hc.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
_________________________
"Jump right ahead in my web"
The Rolling Stones.
"Out of Our Heads" 1965

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message