hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Can servers "block" programmatic form submissions?
Date Tue, 21 Apr 2009 15:05:41 GMT
On Tue, Apr 21, 2009 at 09:09:32AM -0400, Klein, Stephanie [USA] wrote:
> First, thank you for taking the time to respond to my question.  I
> really appreciate it.
> 
> "> I downloaded a browser sniffer program, but when it's running, the
> > website I'm trying to log into won't load properly (via the browser).
> > 
> 
> I find this highly improbable. I can not think of a way for a server
> side application to tell that the IP traffic is being sniffed upon, but
> I am not a network specialist by any stretch of imagination. There must
> be something else."
> 
> I was rather surprised by the behavior of the website when I had the
> sniffer running, too.  I tried several times, though - when the sniffer
> was running, the page wouldn't load.  When the sniffer was stopped, the
> page loaded fine.  I suppose it could be something with the firewall
> here at work - I'll try at home on my personal computer and see if I get
> the same results.
> 

Were you using an HTTP sniffer that acted as a proxy to the target host or a full-flown protocol
analyzer such as Wireshark?


> " there should always be a way to emulate the HTTP packets as emitted by
> the common browsers."  
> 
> Can you suggest a particular object I should research/explore to try to
> find a way to emulate the browser?  Will I want to look at HttpClient,
> or is there something else I should look into?
> 

There is no way around capturing HTTP packets generated by a browser and emulating the same
HTTP session using HttpClient (or some other HTTP transport library)

Hope this helps

Oleg

> Again, thanks for your help,
>  - Stephanie
> 
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org] 
> Sent: Tuesday, April 21, 2009 6:54 AM
> To: HttpClient User Discussion
> Subject: Re: Can servers "block" programmatic form submissions?
> 
> On Mon, Apr 20, 2009 at 01:03:16PM -0400, Klein, Stephanie [USA] wrote:
> > Hi, All,
> > 
> > I'm writing an application to log into a website via a form.  I've
> tried
> > many different ways, but each time, I get re-directed to a page saying
> > I'm being "redirected to an authentication service on another device".
> > (I'm not able to get to this page via a browser.)
> > 
> > I downloaded a browser sniffer program, but when it's running, the
> > website I'm trying to log into won't load properly (via the browser).
> > 
> 
> I find this highly improbable. I can not think of a way for a server
> side application to tell that the IP traffic is being sniffed upon, but
> I am not a network specialist by any stretch of imagination. There must
> be something else.
> 
> 
> > So, is it possible for a company to disable programmatic access on the
> > server side?  Can they have something set up to block this type of
> > log-in?
> > 
> 
> Yes, they can, and they often do. Lots of companies intentionally make
> it difficult to script the login process to their sitesi, for good
> reasons. However, there should always be a way to emulate the HTTP
> packets as emitted by the common browsers.
> 
> Hope this helps.
> 
> Oleg
> 
> 
> > Just in case it's helpful, here is the latest version of code I'm
> using.
> > Again, I've tried several versions.  I'd be happy to share the other
> > versions if that will be helpful.  I do have wire logging turned on
> and
> > would be happy to share those files also.
> > 
> > // BEGIN OF CODE
> > 
> > String response = "";
> > 
> > GetMethod authget = new GetMethod("https://www.somesite.com");
> > (new HttpClient()).executeMethod(authget);
> > response = authget.getResponseBodyAsString();
> > System.out.println("Body from authget " + response);
> > 
> > PostMethod authPost = new PostMethod("https://www.somesite.com");
> > 
> > NameValuePair[] paramList = {
> > 	new NameValuePair("SMENC", "ISO-8859-1"),
> > 	new NameValuePair("SMLOCAE", "US-EN"),
> > 	new NameValuePair("TARGET", "/login/index.html"),
> > 	new NameValuePair("USER", "username"),
> > 	new NameValuePair("PASSWORD", "password"),
> > 	new NameValuePair("lowBandwidth", "false")
> > };
> > 			
> > System.out.println("Response body is " + response);
> > System.out.println("Login form post (authPost): " +
> > authPost.getStatusLine().toString());
> > 
> > // END OF CODE
> > 
> > Thank you for your time and consideration,
> > 
> >  - Stephanie
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message