cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Authentication via proxy on a cloud

From: Rohit Kanchan <rohit.kanchan_at_gmail.com>
Date: Tue, 31 Jul 2012 13:35:59 -0400

Thanks Dan! I did got further ... I am not getting any error, but I am
still getting stuck at authentication part. Cookie value seems to be
changing with every session.... so instead of cookie - I want to do the
script with username and password.
Any ideas - how can I do that?
I am trying the following command(its not working - doesn't matter if you
type password wrong - same results).

C:\curl>curl -v -A "MSIE 8.0" -x 10.70.0.10:80 -L
http://www.addictinggames.com/ -k --user "username@blah.gov" --insecure -o
output.txt

Enter host password for user 'username_at_blah.gov':
* About to connect() to proxy 10.70.0.10 port 80 (#0)
* Trying 10.70.0.10...
  % Total % Received % Xferd Average Speed Time Time Time
Current
                                 Dload Upload Total Spent Left
Speed
  0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0*
connected
* Connected to 10.70.0.10 (10.70.0.10) port 80 (#0)
* Server auth using Basic with user 'username_at_blah.gov'
> GET http://www.addictinggames.com/ HTTP/1.1
> Authorization: Basic dGVzdGZ1bGxAY2lvLm55Lmdvdjo0UHJveHlUZWFt
> User-Agent: MSIE 8.0
> Host: www.addictinggames.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 307 Temporary Redirect
< Content-Length: 0
< Location:
https://gateway.zscaler.net:443/auD?origurl=http%3A%2F%2Fwww%2eaddic
tinggames%2ecom%2f&wexps=1
< Cache-Control: no-store,no-cache
< Pragma: no-cache
< Content-Type: text/html
< P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
< Set-Cookie: _sm_au_d=1;path=/;domain=.addictinggames.com
<
  0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0
* Connection #0 to host 10.70.0.10 left intact
* Issue another request to this URL: '
https://gateway.zscaler.net:443/auD?origur
l=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps=1'
* About to connect() to proxy 10.70.0.10 port 80 (#1)
* Trying 10.70.0.10...
  0 0 0 0 0 0 0 0 --:--:-- --:--:--
--:--:-- 0*
connected
* Connected to 10.70.0.10 (10.70.0.10) port 80 (#1)
* Establish HTTP proxy tunnel to gateway.zscaler.net:443
> CONNECT gateway.zscaler.net:443 HTTP/1.1
> Host: gateway.zscaler.net:443
> User-Agent: MSIE 8.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
< Proxy-Agent: Zscaler/3.6
<
* Proxy replied OK to CONNECT request
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=California; L=Sunnyvale; O=Zscaler, Inc.;
CN=*.zscale
r.net
* start date: 2012-01-16 00:00:00 GMT
* expire date: 2013-12-30 12:00:00 GMT
* subjectAltName: gateway.zscaler.net matched
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert
Global C
A (2048)
* SSL certificate verify result: unable to get local issuer
certificate (
20), continuing anyway.
> GET /auD?origurl=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps=1
HTTP/1.1
> User-Agent: MSIE 8.0
> Host: gateway.zscaler.net
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< Content-Length: 0
< Location:
https://gateway.zscaler.net:443/auT?origurl=http%3A%2F%2Fwww%2eaddic
tinggames%2ecom%2f&wexps=1&wexps=1
< Cache-Control: no-store,no-cache
< Pragma: no-cache
< Content-Type: text/html
< Set-Cookie: _sm_au_d=1;path=/;domain=gateway.zscaler.net;Secure;HttpOnly;
< P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
<
  0 0 0 0 0 0 0 0 --:--:-- 0:00:01
--:--:-- 0
* Connection #1 to host 10.70.0.10 left intact
* Issue another request to this URL: '
https://gateway.zscaler.net:443/auT?origur
l=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps=1&wexps=1'
* Re-using existing connection! (#1) with host 10.70.0.10
* Connected to 10.70.0.10 (10.70.0.10) port 80 (#1)
> GET
/auT?origurl=http%3A%2F%2Fwww%2eaddictinggames%2ecom%2f&wexps=1&wexps=1 HT
TP/1.1
> User-Agent: MSIE 8.0
> Host: gateway.zscaler.net
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< Content-Length: 0
< Location: http://www.addictinggames.com/?_sm_byp=iVV3ZN6w76rrV7qM
< Cache-Control: no-store,no-cache
< Pragma: no-cache
< Content-Type: text/html
<
  0 0 0 0 0 0 0 0 --:--:-- 0:00:01
--:--:-- 0
* Connection #1 to host 10.70.0.10 left intact
* Issue another request to this URL: '
http://www.addictinggames.com/?_sm_byp=iVV
3ZN6w76rrV7qM'
* Re-using existing connection! (#0) with host 10.70.0.10
* Connected to 10.70.0.10 (10.70.0.10) port 80 (#0)
* Server auth using Basic with user 'username_at_blah.gov'
> GET http://www.addictinggames.com/?_sm_byp=iVV3ZN6w76rrV7qM HTTP/1.1
> Authorization: Basic dGVzdGZ1bGxAY2lvLm55Lmdvdjo0UHJveHlUZWFt
> User-Agent: MSIE 8.0
> Host: www.addictinggames.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
  0 0 0 0 0 0 0 0 --:--:-- 0:00:02
--:--:-- 0<
HTTP/1.1 200 OK
< Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5
Resin/3.
1.9
< Content-Length: 112917
< Content-Type: text/html; charset=UTF-8
< Pragma: no-cache
< Content-Language: en-US
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Date: Fri, 27 Jul 2012 19:15:07 GMT
< Connection: keep-alive
<
{ [data not shown]
100 110k 100 110k 0 0 23963 0 0:00:04 0:00:04 --:--:--
50955
* Connection #0 to host 10.70.0.10 left intact
* Closing connection #1
* SSLv3, TLS alert, Client hello (1):
} [data not shown]
* Closing connection #0

===============================================

On Fri, Jul 27, 2012 at 5:52 PM, Dan Fandrich <dan_at_coneharvesters.com>wrote:

> On Fri, Jul 27, 2012 at 04:00:59PM -0400, Rohit Kanchan wrote:
> > I use zscaler cloud proxy which does the authentication via SAML -
> single sign
> > on. I want to monitor the proxy servers using command line curl
> > This is what I am trying... but can't get the authentication right. Can
> someone
> > help?
> >
> > C:\curl>curl -v -A "MSIE 9.0" -x 10.70.0.10:80 -L
> > http://www.addictinggames.com
> > / -b 'Cookie: _sm_au_c=iVVTqsqrJN4FSk5P0c' -k --insecure
> [...]
> > * Connection #1 to host 10.70.0.10 left intact
> > * Re-using existing connection! (#0) with host 10.70.0.10
> > * Connected to 10.70.0.10 (10.70.0.10) port 80 (#0)
> > > GET http://_sm_au_c=iVVTqsqrJN4FSk5P0c' HTTP/1.1
> > > User-Agent: MSIE 9.0
> > > Host: _sm_au_c=iVVTqsqrJN4FSk5P0c'
> > > Accept: */*
> > > Proxy-Connection: Keep-Alive
> > >
> > * HTTP 1.0, assume close after body
> > < HTTP/1.0 400 Bad request
> > < Server: Zscaler/3.6
> > < Content-Type: text/html
> > < Connection: close
>
> This bogus request is due to a bad command-line parameter; curl is
> treating the _sm_au_c=iVVTqsqrJN4FSk5P0c as a URL and trying to connect
> to it. It looks like your shell doesn't allow single quotes to surround
> options. Try replacing them with double quotes and see if you get any
> further.
>
> >>> Dan
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: http://curl.haxx.se/docs/faq.html
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-07-31