curl-users
Sms.aspx redirects to login.aspx on form post (action uses javascript); help wanted
Date: Sun, 12 Aug 2007 12:39:33 +0200
hi,
I am using curl for several years now to automate all kinds of http/
https uploads, downloads and form posts. A few weeks ago I was
confronted with a site that is not cooperating.
The website in question is https://myaccount.1601telecom.nl/
A site which lets you SMS messages worldwide for € 0.01 each (even
with your own phone number as sender).
This website is based on .aspx technology and uses scripting to post
the form. Which makes the problem related to an earlier post at this
list: "Post login information" from: Giuseppe Calà
<jiveaxe_at_gmail.com> dated: 2007-01-31
As far as I can see, in the last action (posting the sms message
contents) the authentication is lost. At least the response redirects
me to the login page.
Things done so far to solve the problem:
- Run without javascript (does login, opening sms page, but not
sending the sms message itself)
- Transfer viewstate information between sessions
- Run liveheaders
- Debug javascript code line-by-line with firebug
all kind of unused javascript junk is downloaded (like the
AtlasRuntime.js which is the microsoft atlas runtime framework) but I
do only see a few functions being used when the form is submitted,
then it does: verify form fields based on regular expressions, fill
out a form field with a control name (unencrypted string which is
added to the post), and submit the form.
- Seperate the cookies / Run all actions in one cookie file (= no
difference)
- Replay the actions manually (so timing is not an ussue)
- Change users agents (firefox and mozilla 4.8 tried, in the
webbrowser I am able to sent the SMS message with both)
So far, no luck when I try to post the SMS message, I am being
redirected to the login page .
Has anyone new ideas what could cause the redirection to login?
Thanks in advance and best regards,
Ceriel Jacobs
--- Some background: --- I am currently using: curl 7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7l zlib/1.2.3 Protocols: ftp gopher telnet dict ldap http file https ftps Features: IPv6 Largefile NTLM SSL libz --- The commands being executed: --- (1) /usr/bin/curl -k -L -s -e "" -c "/var/tmp/websms. 1601telecom.nl.cookie.1.txt" -A "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; it; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" "https:// myaccount.1601telecom.nl/Login.aspx" | iconv -f iso-8859-1 -t utf-8 (2) /usr/bin/curl -k -L -s -d "__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT&__VIEWSTATE=%% VIEWSTATEVAR%%&ctl00%24ContentPlaceHolder1%24LoginView1%24LoginUser% 24UserName=%%USERNAME%%&ctl00%24ContentPlaceHolder1%24LoginView1% 24LoginUser%24Password=%%PASSWORD%%&ctl00%24ContentPlaceHolder1% 24LoginView1%24LoginUser%24RememberMe=on&ctl00%24ContentPlaceHolder1% 24LoginView1%24LoginUser%24LoginButton=Login" -e "https://myaccount. 1601telecom.nl/Login.aspx" -b "/var/tmp/websms.1601telecom.nl.cookie. 1.txt" -c "/var/tmp/websms.1601telecom.nl.cookie.2.txt" -A "Mozilla/ 5.0 (Macintosh; U; PPC Mac OS X Mach-O; it; rv:1.8.0.1) Gecko/ 20060111 Firefox/1.5.0.1" "https://myaccount.1601telecom.nl/ Login.aspx" | iconv -f iso-8859-1 -t utf-8 (3) /usr/bin/curl -k -L -s -e "https://myaccount.1601telecom.nl/ Default.aspx" -b "/var/tmp/websms.1601telecom.nl.cookie.2.txt" -c "/ var/tmp/websms.1601telecom.nl.cookie.3.txt" -A "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; it; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1" "https://myaccount.1601telecom.nl/Profile/SMS.aspx" | iconv -f iso-8859-1 -t utf-8 (4) /usr/bin/curl -k -L -s -d "__LASTFOCUS=&ctl00_TreeView1_ExpandState=eennnnnnn&ctl00_TreeView1_Sele ctedNode=&__EVENTTARGET=ctl00$ContentPlaceHolder1 $SendSMS&__EVENTARGUMENT=&ctl00_TreeView1_PopulateLog=&__VIEWSTATE=%% VIEWSTATE%%&ctl00$ContentPlaceHolder1$TBPhoneNr=%%NUMBER%%&ctl00 $ContentPlaceHolder1$DDLSMSCallerId=08001601&ctl00$ContentPlaceHolder1 $message=%%MESSAGE%%" -e "https://myaccount.1601telecom.nl/Profile/ SMS.aspx" -b "/var/tmp/websms.1601telecom.nl.cookie.3.txt" -c "/var/ tmp/websms.1601telecom.nl.cookie.4.txt" -A "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; it; rv:1.8.0.1) Gecko/20060111 Firefox/ 1.5.0.1" "https://myaccount.1601telecom.nl/Profile/SMS.aspx" | iconv - f iso-8859-1 -t utf-8 --- The cookie values: (1) myaccount.1601telecom.nl FALSE / FALSE 0 AspxAutoDetectCookieSupport 1 myaccount.1601telecom.nl FALSE / FALSE 0 ASP.NET_SessionId 35i3jz454bw0dk45qpvzpuec (2) myaccount.1601telecom.nl FALSE / FALSE 0 AspxAutoDetectCookieSupport 1 myaccount.1601telecom.nl FALSE / FALSE 0 ASP.NET_SessionId 35i3jz454bw0dk45qpvzpuec myaccount.1601telecom.nl FALSE / FALSE 939679200 .ASPXAUTH (3) myaccount.1601telecom.nl FALSE / FALSE 0 AspxAutoDetectCookieSupport 1 myaccount.1601telecom.nl FALSE / FALSE 0 ASP.NET_SessionId jcxkt455qni4ilfwdw5jkn45 myaccount.1601telecom.nl FALSE / FALSE 1187508242 1601 1601=%%PASSWORD%% myaccount.1601telecom.nl FALSE / FALSE 0 .ASPXAUTH 8B339B00406F499B901107A3FF252F9FA5BD7910D523D7A02A72B3F46AE8347CCE76D9A0 01B02F7CA6592E404C61E1F5DEFB5ACFFE4C63F59613310C38B841BC92FD18F0E16B021D 8F2887B915A082CE (4) myaccount.1601telecom.nl FALSE / FALSE 0 AspxAutoDetectCookieSupport 1 myaccount.1601telecom.nl FALSE / FALSE 0 ASP.NET_SessionId jcxkt455qni4ilfwdw5jkn45 myaccount.1601telecom.nl FALSE / FALSE 1187508242 1601 1601=%%PASSWORD%% myaccount.1601telecom.nl FALSE / FALSE 0 .ASPXAUTH 8B339B00406F499B901107A3FF252F9FA5BD7910D523D7A02A72B3F46AE8347CCE76D9A0 01B02F7CA6592E404C61E1F5DEFB5ACFFE4C63F59613310C38B841BC92FD18F0E16B021D 8F2887B915A082CE --- When following the responses, in the last cookie the .APSXAUTH is cleared. This makes me think that posting the form, somewhere loses the .ASPX authentication: myaccount.1601telecom.nl FALSE / FALSE 0 AspxAutoDetectCookieSupport 1 myaccount.1601telecom.nl FALSE / FALSE 0 ASP.NET_SessionId bupyoz55dsflioruxaxane45 myaccount.1601telecom.nl FALSE / FALSE 1187512013 1601 1601=%%PASSWORD%% myaccount.1601telecom.nl FALSE / FALSE 939679200 .ASPXAUTHReceived on 2007-08-12