Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: can't login with curl in forum

From: mierdatutis mi via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 13 May 2020 14:14:19 +0200

Thanks David,
What do you men with duplicate headers? I only see a post call in chrome
network tool.

About the data part, I only have to fill in form username and password that
I put in the curl command, the rest of command that I put is get of chrome
network tool.

El mié., 13 may. 2020 a las 13:58, David Colter via curl-users (<
curl-users_at_cool.haxx.se>) escribió:

> Hi,
>
> curl -vvv 'http://labsk.net/index.php?action=login2' \
> -H 'Connection: keep-alive' \
> -H 'Cache-Control: max-age=0' \
> -H 'Upgrade-Insecure-Requests: 1' \
> -H 'Origin: http://labsk.net' \
> -H 'Content-Type: application/x-www-form-urlencoded' \
> -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36' \
> -H 'Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
> \
> -H 'Referer: http://labsk.net/index.php?action=login' \
> -H 'Accept-Language:
> en-US,en;q=0.9,es;q=0.8,pt;q=0.7,zh-CN;q=0.6,zh;q=0.5,de;q=0.4,fr;q=0.3' \
> -H 'x-signature: oyQbrF4XBHg40wQdzJytES6thC9z2z+rvs+KQpcIn8M=' \
> -H 'timestamp: 1589063737703' \
> --data 'user=USER%40gmail.com&passwrd=PASSSSS&cookieneverexp=on&c13a08a29=bd8cf50879be944ee415b1319081f6dd&hash_passwrd='
> \
> --compressed \
> -c cookies.txt
>
>
> A couple ideas to try. In my experience with login scripts, the trick to
> make them work was to exactly duplicate the headers sent, as seen in the
> network tool. In this way, my scripts never the first 4 -H headers you use.
> Secondly, the x-signature and timestamp might be different for each post.
> Third, The 3rd piece of your --data might also be dynamic. You may have to
> parse the original login page for these values.
>
> David
> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
>

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-05-13