Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: can't login with curl in forum

From: Dan Fandrich via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 13 May 2020 13:24:27 +0200

On Wed, May 13, 2020 at 01:04:06PM +0200, mierdatutis mi via curl-users wrote:
> Thanks Daniel,
> I've modified the command:
>
>  curl -vvv 'http://labsk.net/index.php?action=login2' \
>       -H 'Connection: keep-alive' \
>       -H 'Cache-Control: max-age=0' \
>       -H 'Upgrade-Insecure-Requests: 1' \
>       -H 'Origin: http://labsk.net' \
>       -H 'Content-Type: application/x-www-form-urlencoded' \
>       -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/
> 537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36' \
>       -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/
> webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
>       -H 'Referer: http://labsk.net/index.php?action=login' \
>       -H 'Accept-Language: en-US,en;q=0.9,es;q=0.8,pt;q=0.7,zh-CN;q=0.6,zh;q=
> 0.5,de;q=0.4,fr;q=0.3' \
>       -H 'x-signature: oyQbrF4XBHg40wQdzJytES6thC9z2z+rvs+KQpcIn8M=' \

What is this signature? It sounds like something created in Javascript to
prevent people from doing what you're trying to do.

>       -H 'timestamp: 1589063737703' \

This timestamp is from 3 days ago. This header is probably in the same category
as the last one.

>       --data 'user=USER%40gmail.com&passwrd=PASSSSS&cookieneverexp=on&c13a08a29
> =bd8cf50879be944ee415b1319081f6dd&hash_passwrd=' \

hash_passwrd= is blank; should it be? Also, the hex numbers in there may
also be some kind of security code.

> --compressed \
>       -c cookies.txt
>
> I can save cookies. But the result of these command returns me url like I'm not
> logged in. I can't understand :-(  

Probably because the server doesn't like some of the headers or data you're sending.

> Any help please?

Be sure to read https://curl.haxx.se/docs/httpscripting.html#Some_login_tricks
This kind of thing can sometimes be really difficult to perform.

Dan
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-05-13