curl-users
Re: Automate connection to Sonic firewall web administration page
Date: Thu, 24 Apr 2003 00:21:09 -0500
OK, I have no idea about Java - I've never had to deal with it - but...
First of all, does the applet run server-side, or from your browser?
If it's server-side, all you can do is try to mimic the actions of the
browser, and Troy's suggestion is a good place to start - sniff the traffic
between your box and the Sonic, then work up a script to manage the
conversation.
If the script runs in your browser (or whatever) there will probably be
something like:
<script language="Java" src="xxxx"></script>
(remember, I've never used Java :) somewhere in the page. That's the thing
you'd download using curl, in the same way that you'd download anything
else from a webserver using curl. Once you have it, you may be able to run
it in captivity, or you may be able to examine it and replicate it in your
script somehow.
OK, there's a lot of ifs and maybes in there, but you get the idea...
Ralph
Reuben Pearse wrote:
> Thanks for the suggestion.
>
> The applet is clever in that it gets two uniquely generate hash keys
> from the server everytime you try to logon onto the firewall. These hash
> keys are then used to encyrpt the password before submission. The keys
> used to hash the password are only valid for about 20 seconds. The only
> way I could see a way round this is if the applet could be downloaded
> and executed seperately (how do I do this on Linux) and passed the hash
> keys by extracting the applet parameter values from the HTML page
> retrieved by Curl.
>
> Hmmm....any suggestions.
>
> Reuben
> reuben_at_pearse.co.uk
>
> -----Original Message-----
> From: Ralph Mitchell [mailto:rmitchell_at_eds.com]
> Sent: 23 April 2003 11:52
> To: curl-users_at_lists.sourceforge.net
> Subject: Re: Automate connection to Sonic firewall web administration
> page
>
> Reuben Pearse wrote:
>
> > Hi there,
> >
> > I have just realised that logon webpage used to logon into the Sonic
> > firewall uses a Java applet to hash the password entered on the HTML
> > form before it submits the page. Is there any way to get round this
> > using cURL?
>
> You'll be using some kind of script to do this, right? And the Sonic
> provides the Java applet, right? You should be able to download the
> applet and save it, then run it with whatever java runtime you have
> handy. You probably only need to do that once for any given firewall
> password, unless it's trivial to exec the applet from the script.
>
> I've never done that, by the way - never needed to, thank goodness - but
> I have had some success with javascript.
>
> BTW, if the applet is plain text (is it? Dunno Java, myself... :) you
> can probably rewrite it into C or something else you're familiar with.
>
> Ralph Mitchell
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-04-24