curl-users
Re: https, redirection and authentication using POST
Date: Fri, 30 May 2003 06:20:26 +1000
This has got to be the wierdest damn site i've seen (but living in Oz I understand that Tel$tra is full of strange people).
To get into the site you need to do it in 2 stages
The first one you've almost got correct, you go there, but send no post data.
After that connection has run through the numerous redirects and gathered all the cookies and wotnot that bigpond issue to you.
Then I think you go to here - the form is actually submitted using java script, not a standard form action command.
with the following post data (Once the password form has loaded, look at the source and you'll see all of these)
SMENC=ISO-8859-1
SMLOCALE=US-EN
USERNAME=xxxx_at_bigpond.net.au
PASSWORD=yyyy
target=https://telstra.com/tcoma/security/login2-sm.asp?form=bdumcust_,_AUTH_REDIR=https://accounts.bigpond.com/broadband/usage/secure/monthlyusage.do
smauthreason=0
retrytext=Invalid Username or Password
and that should get you in. I Think. it's a bit confusing because of all the redirects, javascript and other garbage they've got on the site.
And just to prove how weird this site really is. I've attached a log of the redirects required to get into the site
This is what happens when you connect to https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
You can find the POST about a third of the way through.
GET
Redirect to https://account.bigpond.com/broadband/usage/secure/monthlyusage.do?SMSESSION=NO
GET
Redirect to https://telstra.com/tcoma/security/login2-sm.asp?form=bdumcust_,_AUTH_REDIR=https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
GET
Redirect to https://telstra.com/siteminderagent/login/bdumcustlogin.fcc?TYPE=33554432&REALMOID=06-3e7738bb-412b-001a-0000-05ce000005ce&GUID=&SMAUTHREASON=0&TARGET=$SM$https://telstra.com/tcoma/security/login2-sm.asp%3fform=bdumcust_,_AUTH_REDIR=https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
POST
Redirect to https://telstra.com/tcoma/security/login2-sm.asp?form=bdumcust_,_AUTH_REDIR=https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
GET
Redirect to https://telstra.com/siteminderagent/SmMakeCookie.ccc?SMSESSION=$SM$yzwojDd1%2bnXfk/M2PxwsAPPiLXsZdl1O3kNoCv%2bnQuF%2bwSnlv9f1ZavRwxlgnDirO8WzqigVji33Ua/gmeXIas7hkFBlKtVReucazbC6/%2bat2se%2b7SeWDbhbyoampH%2bCc9ef1HEy1%2bi6uSta229Jpba7orMcaD6sS8MKg/aB8CC37Cu9WovJzuVyFlU9FZG3dUdgXk6LOPoo2YpKwGPbgmjcHmoc%2bBq%2bnre8mn/gxIcmgMfFKllTyigw%2bNqqbLb2sBEYM6oWY8fAOTdmFfUNfcZRxbk/PeBfdSzrBHDX1lvxLl2YDPyFgGvjmJATaziAfC32bFpEy5FzFneKHA4YwjXgb6v1AgamXXnQyFR6GGHxOb43vA4NVuXVlI%2bc3fP1WJKy9EfJg6NlE65CY5DNuYaPbH1VFfqowXMiuI25eBNtaU5jZvsfxhCcbRHn3FAUmf1lqkfS3IkDOoSpqekyrWMDVs60g%2b6%2bwe1o2m2QfBDPjNbFHu8ryoz00zbawm4aCiVEf2fF7077VMkTtvFyCWCxW4WOsu4YKC758hLjek1%2bFu8lE8f3T%2bPoXdNZGw0hwHKlte/yqRj6fCa2R8LlFyvR3eZ/ji4FHbGXUZiH1hyrOPsYteAc1y3ikerI8l45jRcZaEdDpr5992rBcGd3WfSJ7gijGQ/27j%2bNhot6IlSY3RX8bb1ifOCiB8eCb%2bkF0aa%2bFuW09ydwAcA2mCHTRrmzNV7VAYKgmhGWrb1E%2b2KCy5a2pMn%2bkWAQlGYYVdykgYRmELtWjyj2s6RYvFZDuJdbk43KooA2&PERSIST=0&TARGET=$SM$https://telstra.com/tcoma/security/login2-sm.asp%3fform=bdumcust_,_AUTH_REDIR=http
s://account.bigpond.com/broadband/usage/secure/monthlyusage.do
GET
Redirect to https://telstra.com/tcoma/security/login2-sm.asp?form=bdumcust_,_AUTH_REDIR=https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
GET
Redirect to https://telstra.com/tcoma/security/login2-sm.asp?form=bdumcust&AUTH_REDIR=https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
GET
Redirect to https://telstra.com/tcoma/security/login2-sm.asp?AUTH_REDIR=https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
GET
text/html
GET
Redirect to https://account.bigpond.com/broadband/usage/secure/monthlyusage.do?SMSESSION=$SM$5WJkSvXt/RHNjA46wRStvEYzzzgL5z2ZAtjRt198MjT%2bGvYfoTJFhAdPffyRGSqRDzNPjIiRo5caSdbS2MHKJzbN4TIO2r4611rEdwUMLshKOjmSsxy4nGyAzkr9Vb0mxFfygANiNLshRTaBBarIl9INmXKPbz9bueEqmpPKD5XbkI%2b/jS3CvuC0qp0EU20j%2bA9Pi7YkHUrgaxSiNEuZQNJrPlQ6pFFxuxaqOKGFG%2bdhIj266/8xjzqdi0FDqj1BgUJ2CJuxthbhvwRAOj0pYyRBaEjzGjaWg5l0eo9CrQtpZ7glyO0B0DQGyedHMFMflmuM7nOyH6DQbRBiuayHygjmHPjv%2bCSqkxfHZaKb72P17KlRdWUI6/Z7PYAxl9nYeX1ay/aKJRp/Qmi0DqO7q8ldBhX5DklKC618cEVh4rssNwHcgyv2pHrgu3KAFVKLHMlqAqqLtIlwlnoYUrbtDr8biLjvbjiRpxqy%2bySeaTbB0C7RnLM/qHjGGCtyfi%2bme%2b8/gNjmmH7XAHitugkfFrxaCbXylezvXwD7svisvg7V1wR482Te9eGqLXUYHNqrKdWMWxgOqbl0pGcU66cUMify3OxAaN8lll78hEl%2bOtKQ9k%2b3Lcc3Y47tmHGJmxitGn%2bjHWZzn2yIKFTCC7QZbkHkkE3g8N4Zrprnl6s/r1XnZMErA5MXR%2becNwtOzOkLmQhLNCknAL9ug48O4HSjUk%2bLyuRPkJR8n/tXGdp5Bbee7Dl/Vcn2DIZL1r11JxEFZrKzmD85PAJxCyqe/WjKLhigbiH1X0DSD3BKUjDgug67mt3n/iFVDJ1CuG4ZE901
GET
Redirect to https://telstra.com/siteminderagent/SmMakeCookie.ccc?SMSESSION=$SM$H8ikrF0a5UbXOJZf2jF8xqBs1AGF7LfYYlLgaalKuWbblb8vfuFE5fG1UnM6wWHECYBebVoULVnjGyMiBB8ZvyTawnNHdbNKbmSo1I4%2fEQrj3x21KnDhX5z7HqjMmC6qBL2a3tO1aVTvTjboh1DPeMstSFVb9tC6GAQaWq2OqrrHb1%2b3dVv4DPy0sSIQ%2fIl02DhThZb8x%2fc2pU0yMicrlkbk3AcTEorqEimylLt2w8Q5JUPHyF24oBmCMXimjwWCR0rmLYwrvgHiO8D74MeWOW%2ffTIBprEUmTjV8diTZ%2ficlnx4tEF4hfK%2f4q960VlJTjaI4ICsWkb0Wbp%2b87Icta%2fxNcy6ZPKJRcB%2bU9iYibhS3KzjdA4YanXlvABw6Id%2foMskK1QietCrTFL2mnkABda9udZj9xg8qkwS6JEVmMMlOpT1jE%2bgOeJnmD1GYbrTmrMPHaa%2bU79diX8GZyYAGtfQYOzejA9TjEy1ppxWEGS0Or4IBJL%2fJKTirNMrLLD970ywXJv9tjxvDcKKS%2bwHO2ZY7QScBeDiVn05fks%2fto2mosu%2fEbPbuka5Uy%2fADSifzfXfKkOc7WYJ1q7J9gNIIuiAv%2fq1YqElfNxt1%2bNerMSffHwXxt4ysnD8gey1QngOdiEUbTRY73NxGMqXHC1CtqnmmLQUXIfD8ExGv88x%2fvuCMXKB3hX1A8gfDRm72QJQPk7M8NAmrWYpWO%2fhvSAsW775aKfEUX3B%2bs0ugFQUVSalsExZGPPKViGU4GT7d%2beCzxBI%2bCahSIMR1Mcg1qbv78p6p%2fkWOwYsVGPzC2uGsAweGksdXrIIuNZqaIZHBWcYRZDHY3cuUbVI%2bqpPftoqs0j%2btt5uO1w9jP8UiT3dvv5s%3d&PERSIST=0
&TARGET=$SM$https%3a%2f%2faccount%2ebigpond%2ecom%2fbroadband%2fusage%2fsecure%2fmonthlyusage%2edo
GET
Redirect to https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
>>> aclister_at_bigpond.net.au 29/05/03 10:32:25 pm >>>
Hi all
I'm a bit stuck with accessing a particular page which combines a secure
site, redirection and POST'ing a username and password. It's probably
easier if I just give you the address and what I need rather than trying
to explain things so any interested parties can have a go at it.
The site is at
https://account.bigpond.com/broadband/usage/secure/monthlyusage.do
On trying to access that page, it redirects several times and ends up
with a login / password prompt which, when entered, takes me to the page
I want to process.
What I've tried to use is
curl -L -s -v -S -c cookies -b cookies -d \
"USERNAME=xxxxxx&PASSWORD=yyyyyy" \
"https://account.bigpond.com/broadband/usage/secure/monthlyusage.do"
which seems to be headed in the right direction as it gets me to the
appropriate login page but the form POST data seems to have been
"inserted" on the first page and not the last.
If anyone has any hints/ideas I'd be very grateful.
Thanks
Andrew
-- Andrew Lister <aclister at bigpond dot net dot au> ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ********************************************************************** This e-mail, including any attachments sent with it, is confidential and for the sole use of the intended recipient(s). This confidentiality is not waived or lost if you receive it and you are not the intended recipient(s), or if it is transmitted/ received in error. Any unauthorised use, alteration, disclosure, distribution or review of this e-mail is prohibited. It may be subject to a statutory duty of confidentiality if it relates to health service matters. If you are not the intended recipient(s), or if you have received this e-mail in error, you are asked to immediately notify the sender by telephone or by return e-mail. You should also delete this e-mail message and destroy any hard copies produced. ********************************************************************** ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5Received on 2003-05-29