cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Problems and infos

From: Doug McNutt <douglist_at_macnauchtan.com>
Date: Sat, 22 Nov 2008 17:44:24 -0700

At 12:43 -0800 11/22/08, Dan Fandrich wrote:
>On Sat, Nov 22, 2008 at 06:39:40PM +0100, Massimiliano Cuttini wrote:
>> The script:
>>
>> * logon
>> * get the session
>> * perform operations correctly (i already developed more than 18
>>commands).
>>
>> However yesterday i found a operation (simple POST on a page) that i cannot
>> perform.
>> I see that i get "CURL: Empty reply from server (52)".
>
>It it works with a browser but not curl, then there must be something done
>differently between the two. It's theoretically possible that the remote
>site is doing something more sophisticated than checking the User-Agent
>to determin whether to let a request through or not, but it's unlikely.

But don't get your hopes up.

If money is involved there are third party programmers who, with job
security in mind, can do strange things. One that intrigues me is the
JavaScript that creates a request to a third party site for a "random
" number that has to match the value sent to the original site when
the POST is made. The third party site sends the random number to the
prime site over a separate channel. It's almost impossible to match
the secret codes that change each time and must be acceptable to the
third party site.

The value of a cookie changes for each request you make and you must
request all of the intermediate files in the right sequence to get to
the one you want.

And, by the way, some of the needed values are sent in disguised
image files that are one pixel by one pixel but carry a cookie with
them.

I have given up on my broker's site. With their latest scheme I was
up to 200 separate requests to something over three different sites
to get logged in.

Some of the addins for Firefox, GreaseMonkey and iMacros, look
interesting. A problem is that JavaScript itself makes it nearly
impossible to submit a form because of a perceived security risk..

If anyone knows a broker or a bank who will honor my RSA certificate
please let me know. I'm on my way.

-- 
--> From the USSA, the only socialist country that refuses to admit it. <--
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2008-11-23