cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: HTTPS POST with Reply

From: Lamar, Dave <dlamar_at_gottschalks.com>
Date: Fri, 15 Sep 2006 11:44:24 -0700

Kevin -
    According to the vendor, this is all the information they are
requesting.
As noted originally, it does appear to be working because the last valid
password is no longer valid, but without a reply, I have no idea what
the new password is.
 
Thanks.
 
-dl

________________________________

From: curl-users-bounces_at_cool.haxx.se
[mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of Kevin Carothers
Sent: Friday, September 15, 2006 11:26 AM
To: the curl tool
Subject: Re: HTTPS POST with Reply

Hi Dave,

On 9/15/06, Lamar, Dave <dlamar_at_gottschalks.com> wrote:

        Thank you Dan.
        I have not recovered the changed password as yet, but I tried
        /usr/local/bin/curl -dv ......
        And /usr/local/bin/curl -d -v ....... , in hopes that I would
see at
        least and invalid login reply.
        Alas, I still see nothing coming back from the url.
        
        Would you have another tip, or does this seem to be an issue at
the url
        end?

You need to see (or tell us) what the other end is expecting. These are
just my suggestions from having to deal with these issues in the past.
Take them for whatever they're worth...

1. (easiest) Do you have access to the remote site? If yes, see what
the CGI/servlet is expecting on that side of things.... look for HTTP
redirects in the HTTP response.

2. (more likely) I'm betting that you will have to send EVERYTHING that
the remote site is expecting in both the HTTP headers, cookies and input
params- especially for something like a passwwd change-

If the remote site is implementing session management of some kind,
you'll have to mimick the session protocol. MS-IIS sites implement
ActiveX controls on the server-side, and all of the HTTP data sent by
the client has to mimick EXACTLY what the servr is expecting-
otherwise the server (rightly) will reject the post.

Are you SURE that all the remote site is asking for is
"userid=XXXXXXX&password=XXXXXX&command=requestnewpassword" ?

Can you verify the remote isn't asking for something like "ctl0:session"
, Or "__VIEWSTATE", Or "__EVENTTARGET=btnInitial", Or
"__EVENTARGUMENT" ? If they do, then you're going to have to send
them (and don't forget to send them in Base64 code) or your post will be
rejected.

Hoping this helps

KC
Received on 2006-09-15