hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Klein, Stephanie [USA]" <klein_stepha...@bah.com>
Subject RE: Can servers "block" programmatic form submissions?
Date Wed, 22 Apr 2009 13:40:54 GMT
Thank you, Oleg and Brijesh, for your suggestions.  I'll try a different
sniffer and/or one of the plug-ins and try digging a little deeper into
the header packets.

Thanks again!
 - Stephanie

-----Original Message-----
From: Brijesh Deo [mailto:bdeo@SonicWALL.com] 
Sent: Wednesday, April 22, 2009 7:32 AM
To: HttpClient User Discussion
Subject: RE: Can servers "block" programmatic form submissions?

Hi Stephanie,

You can use some tools that work with your browser to see what
request/response headers, data etc are contained in the HTTP packets
when you are tying to browse your website using a browser.
Then you can set the same/similar combination of Http headers, data in
your HttpGet or HttpPost objects to emulate the browser behavior while
using the HttpClient to send requests to your website.

For Mozilla Firefox, you can install a plugin called HttpFox which will
let you see every GET/POST packet and all underlying header/data.

For IE, there is something called IEHTTPAnalyzer but that's not free I
guess. Although you can work with the trial version for sometime, I
think.

Or, if you are comfortable you can use Packet Sniffer tools like
Ethereal or wireshark and then find Http Packets and then analyze its
contents.

Thanks,
Brijesh




-----Original Message-----
From: Klein, Stephanie [USA] [mailto:klein_stephanie@bah.com] 
Sent: Tuesday, April 21, 2009 6:40 PM
To: HttpClient User Discussion
Subject: [Junk released by User action] RE: Can servers "block"
programmatic form submissions?

First, thank you for taking the time to respond to my question.  I
really appreciate it.

"> I downloaded a browser sniffer program, but when it's running, the
> website I'm trying to log into won't load properly (via the browser).
> 

I find this highly improbable. I can not think of a way for a server
side application to tell that the IP traffic is being sniffed upon, but
I am not a network specialist by any stretch of imagination. There must
be something else."

I was rather surprised by the behavior of the website when I had the
sniffer running, too.  I tried several times, though - when the sniffer
was running, the page wouldn't load.  When the sniffer was stopped, the
page loaded fine.  I suppose it could be something with the firewall
here at work - I'll try at home on my personal computer and see if I get
the same results.

" there should always be a way to emulate the HTTP packets as emitted by
the common browsers."  

Can you suggest a particular object I should research/explore to try to
find a way to emulate the browser?  Will I want to look at HttpClient,
or is there something else I should look into?

Again, thanks for your help,
 - Stephanie

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org] 
Sent: Tuesday, April 21, 2009 6:54 AM
To: HttpClient User Discussion
Subject: Re: Can servers "block" programmatic form submissions?

On Mon, Apr 20, 2009 at 01:03:16PM -0400, Klein, Stephanie [USA] wrote:
> Hi, All,
> 
> I'm writing an application to log into a website via a form.  I've
tried
> many different ways, but each time, I get re-directed to a page saying
> I'm being "redirected to an authentication service on another device".
> (I'm not able to get to this page via a browser.)
> 
> I downloaded a browser sniffer program, but when it's running, the
> website I'm trying to log into won't load properly (via the browser).
> 

I find this highly improbable. I can not think of a way for a server
side application to tell that the IP traffic is being sniffed upon, but
I am not a network specialist by any stretch of imagination. There must
be something else.


> So, is it possible for a company to disable programmatic access on the
> server side?  Can they have something set up to block this type of
> log-in?
> 

Yes, they can, and they often do. Lots of companies intentionally make
it difficult to script the login process to their sitesi, for good
reasons. However, there should always be a way to emulate the HTTP
packets as emitted by the common browsers.

Hope this helps.

Oleg


> Just in case it's helpful, here is the latest version of code I'm
using.
> Again, I've tried several versions.  I'd be happy to share the other
> versions if that will be helpful.  I do have wire logging turned on
and
> would be happy to share those files also.
> 
> // BEGIN OF CODE
> 
> String response = "";
> 
> GetMethod authget = new GetMethod("https://www.somesite.com");
> (new HttpClient()).executeMethod(authget);
> response = authget.getResponseBodyAsString();
> System.out.println("Body from authget " + response);
> 
> PostMethod authPost = new PostMethod("https://www.somesite.com");
> 
> NameValuePair[] paramList = {
> 	new NameValuePair("SMENC", "ISO-8859-1"),
> 	new NameValuePair("SMLOCAE", "US-EN"),
> 	new NameValuePair("TARGET", "/login/index.html"),
> 	new NameValuePair("USER", "username"),
> 	new NameValuePair("PASSWORD", "password"),
> 	new NameValuePair("lowBandwidth", "false")
> };
> 			
> System.out.println("Response body is " + response);
> System.out.println("Login form post (authPost): " +
> authPost.getStatusLine().toString());
> 
> // END OF CODE
> 
> Thank you for your time and consideration,
> 
>  - Stephanie
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message