hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lsacco <occ...@gmail.com>
Subject Re: Getting past authentication to Flickr/Yahoo
Date Wed, 05 May 2010 21:29:02 GMT


olegk wrote:
> 
> Yahoo as well as other high profile sites intentionally make it very
> difficult to script their login process.
> 

Yeah, no kidding!  Here's my code...I basically combed there form and create
new NameValuePairs for them.  They also have hash function onSubmit to MD5
the password and challenge phrase and so I just do that in Java.  Still
after all my efforts, I can't get passed the login form.  Anything you see
below that I might be missing?  Thanks!

		String url = "https://login.yahoo.com";
		int port = 443;

		HttpClient _client = new HttpClient();
		_client.getHostConfiguration().setHost(url, port, "https");
		_client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);

		GetMethod authget = new GetMethod(url);

		try {
			_client.executeMethod(authget);
		} catch (IOException i) {
			i.printStackTrace();
		}

		// Read the response body.
		byte[] responseBody = authget.getResponseBody();
		String _strGetRspBody = authget.getResponseBodyAsString();
		_logger.debug("GetRspBody: " + _strGetRspBody);

		// release any connection resources used by the method
		authget.releaseConnection();

		// Get the .u value
		int intUStart = _strGetRspBody
				.indexOf("<input type=\"hidden\" name=\".u\"");
		intUStart = intUStart + 38;
		String strU = _strGetRspBody.substring(intUStart, intUStart + 13);
		_logger.debug("U value from Get: " + strU);

		// Get the .challenge value
		int intChallengeStart = _strGetRspBody
				.indexOf("<input type=\"hidden\" name=\".challenge\"");
		intChallengeStart = intChallengeStart + 46;
		String strChallenge = _strGetRspBody.substring(intChallengeStart,
				intChallengeStart + 28);
		_logger.debug("Challenge value from Get: " + strChallenge);
		
		//JS Function in Yahoo! form to hash password onSubmit
//		function hash2(form){var passwd=form.passwd.value
//		if(!form.passwd.value){return false;}
//		if(ok_password(passwd)){return true;}
//		var challenge=form[".challenge"].value;
//		var fullhash=MD5(MD5(passwd)+challenge);
//		form.passwd.value=fullhash;
//		form[".md5"].value=1;form[".hash"].value=1;form[".js"].value=1;
//		return true;}
		String hashPwd = MD5(MD5(password) + strChallenge);
		_logger.debug("hashPwd value from Get: " + hashPwd);
		
		NameValuePair[] nvPairs = new NameValuePair[24];
		nvPairs[0] = new NameValuePair("username", user);
		nvPairs[1] = new NameValuePair("passwd", hashPwd);
		nvPairs[2] = new NameValuePair(".tries","1");
		nvPairs[3] = new NameValuePair(".src","flickr");
		nvPairs[4] = new NameValuePair(".md5","1");
		nvPairs[5] = new NameValuePair(".hash","1");
		nvPairs[6] = new NameValuePair(".js","1");
		nvPairs[7] = new NameValuePair(".last","");
		nvPairs[8] = new NameValuePair("promo","");
		nvPairs[9] = new NameValuePair(".intl","us");
		nvPairs[10] = new NameValuePair(".bypass","");
		nvPairs[11] = new NameValuePair(".partner","");
		nvPairs[12] = new NameValuePair(".u",strU);
		nvPairs[13] = new NameValuePair(".v","0");
		nvPairs[14] = new NameValuePair(".challenge",strChallenge);
		nvPairs[15] = new NameValuePair(".yplus","");
		nvPairs[16] = new NameValuePair(".emailCode","");
		nvPairs[17] = new NameValuePair("pkg","");
		nvPairs[18] = new NameValuePair("stepid","");
		nvPairs[19] = new NameValuePair(".ev","");
		nvPairs[20] = new NameValuePair("hasMsgr","0");
		nvPairs[21] = new NameValuePair(".chkP","Y");
		nvPairs[22] = new
NameValuePair(".done","http://www.flickr.com/services/api/tos/");
		nvPairs[23] = new NameValuePair(".pd","_ver=0&c=&ivt=&sg=");

		String strLogonUrl = "https://login.yahoo.com/config/login?";
		PostMethod authpost = new PostMethod(strLogonUrl);

		// Prepare login parameters
		authpost.setRequestBody(nvPairs);

		try {
			_client.executeMethod(authpost);
		} catch (IOException i) {
			i.printStackTrace();
		}

		String strStatusLine = authpost.getStatusLine().toString();
		System.out.println("Login form post: " + strStatusLine);

		String _strPostRspBody = authpost.getResponseBodyAsString();
		_logger.debug("Response Body from Post: \n" + _strPostRspBody);

		// release any connection resources used by the method
		authpost.releaseConnection();

-- 
View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28466685.html
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message