cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: HTTPS POST with Reply

From: Kevin Carothers <kevindotcar_at_gmail.com>
Date: Fri, 15 Sep 2006 11:26:19 -0700

Hi Dave,

On 9/15/06, Lamar, Dave <dlamar_at_gottschalks.com> wrote:
>
> Thank you Dan.
> I have not recovered the changed password as yet, but I tried
> /usr/local/bin/curl -dv ......
> And /usr/local/bin/curl -d -v ....... , in hopes that I would see at
> least and invalid login reply.
> Alas, I still see nothing coming back from the url.
>
> Would you have another tip, or does this seem to be an issue at the url
> end?

You need to see (or tell us) what the other end is expecting. These are
just my suggestions from having to deal with these issues in the past.
Take them for whatever they're worth...

1. (easiest) Do you have access to the remote site? If yes, see what the
CGI/servlet is expecting on that side of things.... look for HTTP redirects
in the HTTP response.

2. (more likely) I'm betting that you will have to send EVERYTHING that the
remote site is expecting in both the HTTP headers, cookies and input
params- especially for something like a passwwd change-

If the remote site is implementing session management of some kind, you'll
have to mimick the session protocol. MS-IIS sites implement ActiveX
controls on the server-side, and all of the HTTP data sent by the client has
to mimick EXACTLY what the servr is expecting- otherwise the server
(rightly) will reject the post.

Are you SURE that all the remote site is asking for is
"userid=XXXXXXX&password=XXXXXX&command=requestnewpassword"
?

Can you verify the remote isn't asking for something like "ctl0:session" ,
Or "__VIEWSTATE", Or "__EVENTTARGET=btnInitial", Or
"__EVENTARGUMENT" ? If they do, then you're going to have to send them
(and don't forget to send them in Base64 code) or your post will be
rejected.

Hoping this helps

KC
Received on 2006-09-15