curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: can't login with curl in forum

From: bruce via curl-users <>
Date: Wed, 13 May 2020 08:41:33 -0400


Late to the conversation. If I understand the part of the thread I've
seen, you're trying to use curl to login to a site. If this is
correct. Use the browser (Firefox/Chrome) and disable the javascript,
and see if you can login with javascript not working. If you can
successfully get in, then you know you should be able to craft a curl
process to statically login to the site.

If the disabled attempt doesn't work, then you still might be able to
login, but it would mean you have to "replicate" the logic performed
by the javascript process.

Making sure the browser/javascript is enabled, and that you can login.
There should be a "create curl" function somewhere in/on the browser.
This would essentially replicate what the browser has done, using a
curl statement to generate the curl action url+headers etc. Keep in
mind, some login processes are multi step processes. As for the
browser/curl function, google might need to help show you where this
function is. I can't recall at the moment!

And, if you've already done the above steps, my bad!

good luck!

On Wed, May 13, 2020 at 8:25 AM mierdatutis mi via curl-users
<> wrote:
> Thanks David,
> What do you men with duplicate headers? I only see a post call in chrome network tool.
> About the data part, I only have to fill in form username and password that I put in the curl command, the rest of command that I put is get of chrome network tool.
> El mié., 13 may. 2020 a las 13:58, David Colter via curl-users (<>) escribió:
>> Hi,
>> curl -vvv '' \
>> -H 'Connection: keep-alive' \
>> -H 'Cache-Control: max-age=0' \
>> -H 'Upgrade-Insecure-Requests: 1' \
>> -H 'Origin:' \
>> -H 'Content-Type: application/x-www-form-urlencoded' \
>> -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36' \
>> -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
>> -H 'Referer:' \
>> -H 'Accept-Language: en-US,en;q=0.9,es;q=0.8,pt;q=0.7,zh-CN;q=0.6,zh;q=0.5,de;q=0.4,fr;q=0.3' \
>> -H 'x-signature: oyQbrF4XBHg40wQdzJytES6thC9z2z+rvs+KQpcIn8M=' \
>> -H 'timestamp: 1589063737703' \
>> --data '' \
>> --compressed \
>> -c cookies.txt
>> A couple ideas to try. In my experience with login scripts, the trick to make them work was to exactly duplicate the headers sent, as seen in the network tool. In this way, my scripts never the first 4 -H headers you use. Secondly, the x-signature and timestamp might be different for each post. Third, The 3rd piece of your --data might also be dynamic. You may have to parse the original login page for these values.
>> David
>> -----------------------------------------------------------
>> Unsubscribe:
>> Etiquette:
> -----------------------------------------------------------
> Unsubscribe:
> Etiquette:

Received on 2020-05-13