cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Creating cookie for authentication

From: Josh Luthman <josh_at_imaginenetworksllc.com>
Date: Mon, 17 Oct 2011 20:07:04 -0400

I figured that is what you meant. I confirmed that theory but doing
only the second curl command. This proved unsuccessful. You are
absolutely right, in this case both commands are required.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Oct 17, 2011 at 5:50 PM, Ralph Mitchell <ralphmitchell_at_gmail.com> wrote:
> On Mon, Oct 17, 2011 at 1:29 AM, Josh Luthman <josh_at_imaginenetworksllc.com>
> wrote:
>>
>> On Mon, Oct 17, 2011 at 1:20 AM, Josh Luthman
>> <josh_at_imaginenetworksllc.com> wrote:
>> > On Sun, Oct 16, 2011 at 10:10 PM, Ralph Mitchell
>> > <ralphmitchell_at_gmail.com> wrote:
>> >> On Sun, Oct 16, 2011 at 3:57 PM, Josh Luthman
>> >> <josh_at_imaginenetworksllc.com>
>> >> wrote:
>> >>>
>> >>> I am trying to create a cookie so that I can then use wget to obtain
>> >>> an image embedded behind  a login page.
>> >>>
>> >>> I am working with this HTML log in page:
>> >>> http://pastebin.com/CP9YsbTr
>> >>>
>> >>> Now I am trying to create a cookie with this command:
>> >>> curl -silent -c inxcamcookie --form username=admin --form
>> >>> password=thisismypasswd --form Submit=Login
>> >>> http://10.10.10.191/login.cgi
>> >>> curl -silent -c inxcamcookie --form
>> >>> "username=admin&password=thisismypasswd&Submit=Login"
>> >>> http://10.10.10.191/login.cgi
>> >>
>> >>  You're probably going to need to do a "get" on the login page first,
>> >> which
>> >> very likely will hand you the cookie.  Then post back the login form
>> >> with
>> >> userid and password.  Something like this:
>> >>
>> >>      curl -s -S -L -b cookies -c cookies -o loginpage.html
>> >> http://10.10.10.191/login.html
>> >>
>> >>      curl -s -S -L -b cookies -c cookies -o loginresult.html \
>> >>            --form username=admin \
>> >>            --form password=thisismypasswd \
>> >>            --form Submit=Login \
>> >>            http://10.10.10.191/login.cgi
>> >>
>> >> Are you sure the login requires a multipart form?  In all the web page
>> >> monitoring scripts I've written for hobbit/xymon I don't believe I ever
>> >> used
>> >> a multipart form post.
>> >>
>> >> Ralph Mitchell
>> >>
>> >>
>> >> -------------------------------------------------------------------
>> >> List admin: http://cool.haxx.se/list/listinfo/curl-users
>> >> FAQ:        http://curl.haxx.se/docs/faq.html
>> >> Etiquette:  http://curl.haxx.se/mail/etiquette.html
>> >>
>> >>
>> >
>> > I tried your two commands and the cookie "cookies" looks very similar
>> > to that of my "inxcookie".  Neither of these allowed me to wget an
>> > image, the request is saving the login page's HTML and stores it to
>> > image.jpg.
>> >
>> >>Are you sure the login requires a multipart form?  In all the web page
>> >> monitoring scripts I've written for hobbit/xymon I don't believe I ever used
>> >> a multipart form post.
>> >
>> > Based on the HTML of the login page - http://pastebin.com/CP9YsbTr -
>> > you'll see Content-Type: multipart/form-data.  This is why I believe I
>> > need --form.  This is not for Xymon but rather an IP camera.
>> >
>>
>> Got it all figured out.  Using your commands worked, but I also had to
>> include -H 'Expect:' due to an issue with lighttpd 1.4.x documented
>> here - http://redmine.lighttpd.net/issues/1017
>>
>> Below is what is working for me successfully.
>>
>> $cat getcamimage.sh
>> curl -s -S -L -H 'Expect:' -b cookies -c cookies -o loginpage.html
>> http://10.10.10.191/login.cgi
>> curl -s -S -L -H 'Expect:' -b cookies -c cookies -o loginresult.html
>> --form username=ADMIN --form password=PASSSD --form Submit=Login
>> http://10.10.10.191/login.cgi
>> wget -q --load-cookies cookies "http://10.10.10.191/snap.jpeg" -O
>> image.jpg
>>
>> Thank you very very much, Ralph!
>
> You're welcome!  Just to make sure you understood what I was suggesting -
> when you grab a login page, you often get a cookie (or several) with it.
> That then gets posted back along with your userid/password.  If you *don't*
> hit the login page before trying the post, you don't have the cookie(s) and
> it'll fail.  Obviously if the server is broken, that's another issue
> altogether.
>
> Ralph
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ:        http://curl.haxx.se/docs/faq.html
> Etiquette:  http://curl.haxx.se/mail/etiquette.html
>
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-10-18