cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Automate connection to Sonic firewall web administration page

From: tengel <tengel_at_sonic.net>
Date: Wed, 23 Apr 2003 09:22:19 -0700

Put a sniffer between your browser and the SonicWall, and look at the TCP traffic? I bet a simple tcpdump trap, look at it in ethereal and you could perhaps request those hash keys using curl...

just an idea
-te

On Wed, Apr 23, 2003 at 01:02:12PM +0100, Reuben Pearse wrote:
> Thanks for the suggestion.
>
> The applet is clever in that it gets two uniquely generate hash keys
> from the server everytime you try to logon onto the firewall. These hash
> keys are then used to encyrpt the password before submission. The keys
> used to hash the password are only valid for about 20 seconds. The only
> way I could see a way round this is if the applet could be downloaded
> and executed seperately (how do I do this on Linux) and passed the hash
> keys by extracting the applet parameter values from the HTML page
> retrieved by Curl.
>
> Hmmm....any suggestions.
>
> Reuben
> reuben_at_pearse.co.uk
>
> -----Original Message-----
> From: Ralph Mitchell [mailto:rmitchell_at_eds.com]
> Sent: 23 April 2003 11:52
> To: curl-users_at_lists.sourceforge.net
> Subject: Re: Automate connection to Sonic firewall web administration
> page
>
>
> Reuben Pearse wrote:
>
> > Hi there,
> >
> > I have just realised that logon webpage used to logon into the Sonic
> > firewall uses a Java applet to hash the password entered on the HTML
> > form before it submits the page. Is there any way to get round this
> > using cURL?
>
> You'll be using some kind of script to do this, right? And the Sonic
> provides the Java applet, right? You should be able to download the
> applet and save it, then run it with whatever java runtime you have
> handy. You probably only need to do that once for any given firewall
> password, unless it's trivial to exec the applet from the script.
>
> I've never done that, by the way - never needed to, thank goodness - but
> I have had some success with javascript.
>
> BTW, if the applet is plain text (is it? Dunno Java, myself... :) you
> can probably rewrite it into C or something else you're familiar with.
>
> Ralph Mitchell
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf

-- 
Troy Engel
GPG KeyID: DF3D5207
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

Received on 2003-04-23

This message: [ Message body ]
Next message: Daniel Stenberg: "RE: very slow input from stdin"
Previous message: Bill_Hyden_at_Dell.com: "RE: very slow input from stdin"
In reply to: Reuben Pearse: "RE: Automate connection to Sonic firewall web administration page"
Next in thread: Ralph Mitchell: "Re: Automate connection to Sonic firewall web administration page"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]