curl-users
Re: Creating cookie for authentication
Date: Mon, 17 Oct 2011 17:50:54 -0400
On Mon, Oct 17, 2011 at 1:29 AM, Josh Luthman
<josh_at_imaginenetworksllc.com>wrote:
> On Mon, Oct 17, 2011 at 1:20 AM, Josh Luthman
> <josh_at_imaginenetworksllc.com> wrote:
> > On Sun, Oct 16, 2011 at 10:10 PM, Ralph Mitchell
> > <ralphmitchell_at_gmail.com> wrote:
> >> On Sun, Oct 16, 2011 at 3:57 PM, Josh Luthman <
> josh_at_imaginenetworksllc.com>
> >> wrote:
> >>>
> >>> I am trying to create a cookie so that I can then use wget to obtain
> >>> an image embedded behind a login page.
> >>>
> >>> I am working with this HTML log in page:
> >>> http://pastebin.com/CP9YsbTr
> >>>
> >>> Now I am trying to create a cookie with this command:
> >>> curl -silent -c inxcamcookie --form username=admin --form
> >>> password=thisismypasswd --form Submit=Login
> >>> http://10.10.10.191/login.cgi
> >>> curl -silent -c inxcamcookie --form
> >>> "username=admin&password=thisismypasswd&Submit=Login"
> >>> http://10.10.10.191/login.cgi
> >>
> >> You're probably going to need to do a "get" on the login page first,
> which
> >> very likely will hand you the cookie. Then post back the login form
> with
> >> userid and password. Something like this:
> >>
> >> curl -s -S -L -b cookies -c cookies -o loginpage.html
> >> http://10.10.10.191/login.html
> >>
> >> curl -s -S -L -b cookies -c cookies -o loginresult.html \
> >> --form username=admin \
> >> --form password=thisismypasswd \
> >> --form Submit=Login \
> >> http://10.10.10.191/login.cgi
> >>
> >> Are you sure the login requires a multipart form? In all the web page
> >> monitoring scripts I've written for hobbit/xymon I don't believe I ever
> used
> >> a multipart form post.
> >>
> >> Ralph Mitchell
> >>
> >>
> >> -------------------------------------------------------------------
> >> List admin: http://cool.haxx.se/list/listinfo/curl-users
> >> FAQ: http://curl.haxx.se/docs/faq.html
> >> Etiquette: http://curl.haxx.se/mail/etiquette.html
> >>
> >>
> >
> > I tried your two commands and the cookie "cookies" looks very similar
> > to that of my "inxcookie". Neither of these allowed me to wget an
> > image, the request is saving the login page's HTML and stores it to
> > image.jpg.
> >
> >>Are you sure the login requires a multipart form? In all the web page
> monitoring scripts I've written for hobbit/xymon I don't believe I ever used
> a multipart form post.
> >
> > Based on the HTML of the login page - http://pastebin.com/CP9YsbTr -
> > you'll see Content-Type: multipart/form-data. This is why I believe I
> > need --form. This is not for Xymon but rather an IP camera.
> >
>
> Got it all figured out. Using your commands worked, but I also had to
> include -H 'Expect:' due to an issue with lighttpd 1.4.x documented
> here - http://redmine.lighttpd.net/issues/1017
>
> Below is what is working for me successfully.
>
> $cat getcamimage.sh
> curl -s -S -L -H 'Expect:' -b cookies -c cookies -o loginpage.html
> http://10.10.10.191/login.cgi
> curl -s -S -L -H 'Expect:' -b cookies -c cookies -o loginresult.html
> --form username=ADMIN --form password=PASSSD --form Submit=Login
> http://10.10.10.191/login.cgi
> wget -q --load-cookies cookies "http://10.10.10.191/snap.jpeg" -O
> image.jpg
>
> Thank you very very much, Ralph!
>
You're welcome! Just to make sure you understood what I was suggesting -
when you grab a login page, you often get a cookie (or several) with it.
That then gets posted back along with your userid/password. If you *don't*
hit the login page before trying the post, you don't have the cookie(s) and
it'll fail. Obviously if the server is broken, that's another issue
altogether.
Ralph
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-10-17