curl-users
Re: Automate connection to Sonic firewall web administration page
Date: Wed, 23 Apr 2003 09:22:19 -0700
Put a sniffer between your browser and the SonicWall, and look at the TCP traffic? I bet a simple tcpdump trap, look at it in ethereal and you could perhaps request those hash keys using curl...
just an idea
-te
On Wed, Apr 23, 2003 at 01:02:12PM +0100, Reuben Pearse wrote:
> Thanks for the suggestion.
>
> The applet is clever in that it gets two uniquely generate hash keys
> from the server everytime you try to logon onto the firewall. These hash
> keys are then used to encyrpt the password before submission. The keys
> used to hash the password are only valid for about 20 seconds. The only
> way I could see a way round this is if the applet could be downloaded
> and executed seperately (how do I do this on Linux) and passed the hash
> keys by extracting the applet parameter values from the HTML page
> retrieved by Curl.
>
> Hmmm....any suggestions.
>
> Reuben
> reuben_at_pearse.co.uk
>
> -----Original Message-----
> From: Ralph Mitchell [mailto:rmitchell_at_eds.com]
> Sent: 23 April 2003 11:52
> To: curl-users_at_lists.sourceforge.net
> Subject: Re: Automate connection to Sonic firewall web administration
> page
>
>
> Reuben Pearse wrote:
>
> > Hi there,
> >
> > I have just realised that logon webpage used to logon into the Sonic
> > firewall uses a Java applet to hash the password entered on the HTML
> > form before it submits the page. Is there any way to get round this
> > using cURL?
>
> You'll be using some kind of script to do this, right? And the Sonic
> provides the Java applet, right? You should be able to download the
> applet and save it, then run it with whatever java runtime you have
> handy. You probably only need to do that once for any given firewall
> password, unless it's trivial to exec the applet from the script.
>
> I've never done that, by the way - never needed to, thank goodness - but
> I have had some success with javascript.
>
> BTW, if the applet is plain text (is it? Dunno Java, myself... :) you
> can probably rewrite it into C or something else you're familiar with.
>
> Ralph Mitchell
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
-- Troy Engel GPG KeyID: DF3D5207 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sfReceived on 2003-04-23