hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bo <bost...@gmail.com>
Subject Re: Redirect on authentication
Date Thu, 26 Feb 2009 15:26:07 GMT
Thanks Jeff,

I have not use packet analyzers for such purpose before. Using NET portion
of Firebug, I can clearly see all headers, responses, cookies, etc. I will
try wireshark, any pointers on what to look for? And mainly - do I need
manually follow redirects or should HttpClient follow these, especially 302?

Bob

On Wed, Feb 25, 2009 at 11:09 PM, Jeff Davis <jeff@flyingdiamond.com> wrote:

> Hi,
>
> Scripted logins are generally purposely hard to crack.  There is quite
> possibly hidden vars along with the user and pass, sometimes javascript
> modifies a post field before it's sent and also cookies are set that must be
> duplicated.
>
> I have always found a packet analyzer helpful such as wireshark to get a
> clear understanding of how the login process looks when using a browser,
> then comparing that to what the packets look like with the httpclient app.
>
> That should get you started in the right direction, if you look a little
> deeper.
>
> Jeff
>
>
>
>
>
> bo wrote:
>
>> Hi
>>
>> I'm trying to do form-based authentication. Here's what happens according
>> to
>> the Firebug
>>
>> 1. Hit the URL (GET http://foo.com)
>> 2. That gets response code 302 and gets redirected (GET
>> http://foo.com/session/new) which brings a login form
>> 3. Login form is POST with action="https://foo.com/session" and two
>> fields
>> uname and passwd
>> 4. Submitting the form gets 302 (POST https://foo.com/session) and then
>> GET
>> http://foo.com/session/new which brings index page content
>>
>> I'm not clear if I need to follow both redirects and what is the best way
>> to
>> do it. Test code that I have follows
>>
>>        DefaultHttpClient client = new DefaultHttpClient();
>>        HttpGet get = new HttpGet("http://foo.com/");
>>        HttpResponse response = client.execute(get);
>>        System.out.println(response.getStatusLine());
>>        response.getEntity().consumeContent();
>>        // do the form post, retain all the cookies
>>        HttpPost post = new HttpPost("https://foo.com/session/new");
>>        List <NameValuePair> nvps = new ArrayList <NameValuePair>();
>>        nvps.add(new BasicNameValuePair("login", "dude@gmail.com"));
>>        nvps.add(new BasicNameValuePair("password", "Foo"));
>>        nvps.add(new BasicNameValuePair("commit", "Sign In")); // this is
>> actually a submit button
>>        post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
>>        HttpResponse postresponse = client.execute(post);
>>        ResponseHandler<String> handler = new BasicResponseHandler();
>>        String body = handler.handleResponse(postresponse);
>>        System.out.println(body);
>>        // still prints out login form
>>
>> Thanks,
>>
>> Bob S.
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
_________________________
"Jump right ahead in my web"
The Rolling Stones.
"Out of Our Heads" 1965

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message