Fill a form authenticated HTTPS

Re: Fill a form authenticated HTTPS

In article
<af1cd50d96b0ca 448f66e0403d941 fc6.126649@myga te.mailgate.org >,
"Sheela" <thegio@hotmail .com> wrote:
[color=blue]
> hi all,
> I'm searching all around the web without any good answer, maybe you have
> the right one.
>
> I'm trying to fill&send a form on a site authenticated https via curl.
> The problem is simply that it doesn't arrives to authenticate..
> It returns id error1 -> unsupported protocol.
>
> The code is the following:
>
> <?php
> $user_agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";
>
> $login_url = "https://www.my_site.com/login";
> $login_data = "username=my_us er_name&passwor d=my_pass";
> $form_url = "https://www.my_site.com/form";
> $form_data ="input1=walla& input2=test";
>
> $ch = curl_init($logi n_url);
>
> curl_setopt($ch , CURLOPT_SSLVERS ION, 3);
> curl_setopt($ch , CURLOPT_SSL_VER IFYHOST, 2);
> curl_setopt($ch , CURLOPT_SSL_VER IFYPEER, FALSE);
> curl_setopt($ch , CURLOPT_RETURNT RANSFER, 1);
> curl_setopt($ch , CURLOPT_VERBOSE , 1);
> curl_setopt($ch , CURLOPT_USERAGE NT, $user_agent);
> curl_setopt($ch , CURLOPT_COOKIEJ AR, "curl_cookies") ;
> curl_setopt($ch , CURLOPT_COOKIEF ILE, "curl_cookies") ;
> curl_setopt($ch , CURLOPT_POSTFIE LDS, $login_data);
>
> $body = curl_exec($ch); // login
>
> curl_setopt($ch , CURLOPT_POST,1) ;
> curl_setopt($ch , CURLOPT_URL, $form_url);
> curl_setopt($ch , CURLOPT_POSTFIE LDS, $form_data);
>
> $body = curl_exec($ch); // get form results
>
> echo "error curl_errno ($ch) <br>"; //it return error id1
> curl_close($ch) ;
> ?>
>
> Thank you very much
> SHE[/color]

I did this with perl. Curl wasn't available on my ISP's site. Perl can
do this very easily.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Re: Fill a form authenticated HTTPS

Sheela wrote:
<snip>[color=blue]
> It returns id error1 -> unsupported protocol.[/color]

Really? But, in the code, you're referring different error??[color=blue]
> The code is the following:[/color]
<snip>[color=blue]
> curl_setopt($ch , CURLOPT_VERBOSE , 1);[/color]
If you use verbose mode, use the logging file too:
Something like:
$fp_err = fopen('verbose_ file.txt', 'ab+');
fwrite($fp_err, date('Y-m-d H:i:s')."\n\n") ; //add timestamp to the
verbose log
curl_setopt($ch , CURLOPT_VERBOSE , 1);
curl_setopt($ch , CURLOPT_FAILONE RROR, true);
curl_setopt($ch , CURLOPT_STDERR, $fp_err);

<snip>[color=blue]
> echo "error curl_errno ($ch) <br>"; //it return error id1[/color]
^^^^^^^^^^^^^^^ ^^^^^^^^^^^

Error here. Try:
echo 'error no = '.curl_errno($c h).'<br>';
echo 'error string = '.curl_error($c h).'<br>';

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Re: Fill a form authenticated HTTPS

[color=blue]
> Error here. Try:
> echo 'error no = '.curl_errno($c h).'<br>';
> echo 'error string = '.curl_error($c h).'<br>';
>[/color]
this is the result

error no = 0
error string =

should that mean that is all correct?

thnx a lot

SHE


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Re: Fill a form authenticated HTTPS

It seems to be all alright but the form that should be submitted doesn't
submit :(

SHE
that is content of the verbose file:




* About to connect() to www.mysite.com port 443
* Trying xxx.xxx.xxx.xxx ... * connected
* Connected to www.mysite.com (xxx.xxx.xxx.xx x) port 443
* successfully set certificate verify locations:
* CAfile: /usr/local/share/curl/curl-ca-bundle.crt
CApath: none
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=CH/ST=xxxx/L=Pos6/O=XXXXXXX/OU=Internet
Services/OU=Terms of use at www.verisign.com/rpa (c)00/CN=www.mysite.c om
* start date: 2004-07-05 00:00:00 GMT
* expire date: 2005-07-05 23:59:59 GMT
* common name: www.mysite.com (matched)
* issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign .com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign
* SSL certificate verify ok.[color=blue]
> POST /powergate/private/index.html?logi n/ HTTP/1.1[/color]
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: www.mygate.com
Pragma: no-cache
Accept: */*
Cookie:
Navajo=ft/JoUnFID16EHTmL3 d4cZreFFYIUCMuC tDyKCHreqPMyrW6 lkbcIPRUZmJhuFj DeYqaQHMQVLc-
Content-Length: 0
Content-Type: application/x-www-form-urlencoded

< HTTP/1.1 302 Found
< Date: Sun, 13 Mar 2005 16:36:11 GMT
< Server: Apache/2.0.49 (Unix) mod_ssl/2.0.49 OpenSSL/0.9.7d
< Pragma: no-cache
* Replaced cookie
Navajo="CPDIgk0 IR6j14N89DarbR7 sZ8m24keH93FHsV 8x4YJuKTBdu/zbrV/8TkVuP7Fnaf84Hi Qn3OEI-"
for domain www.mysite.com, path /, expire 0
< Set-Cookie:
Navajo=CPDIgk0I R6j14N89DarbR7s Z8m24keH93FHsV8 x4YJuKTBdu/zbrV/8TkVuP7Fnaf84Hi Qn3OEI-;
path=/; secure
< Connection: close
< Location:

< Cache-Control: no-cache
< Content-Length: 302
< Content-Type: text/html
* Closing connection #0
* About to connect() to www.mysite.com port 443
* Trying xxx.xxx.xxx.xxx ... * connected
* Connected to www.mysite.com (xxx.xxx.xxx.xx x) port 443
* successfully set certificate verify locations:
* CAfile: /usr/local/share/curl/curl-ca-bundle.crt
CApath: none
* SSL re-using session ID
* SSL connection using RC4-MD5
* Server certificate:
* subject: /C=CH/ST=xxxx/L=Pos6/O=XXXXXXx/OU=Internet
Services/OU=Terms of use at www.verisign.com/rpa (c)00/CN=www.mysite.c om
* start date: 2004-07-05 00:00:00 GMT
* expire date: 2005-07-05 23:59:59 GMT
* common name: www.mysite.com (matched)
* issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign .com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign
* SSL certificate verify ok.[color=blue]
> POST /eo/e-banking/ HTTP/1.1[/color]
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: www.mysite.com
Pragma: no-cache
Accept: */*
Cookie:
Navajo=CPDIgk0I R6j14N89DarbR7s Z8m24keH93FHsV8 x4YJuKTBdu/zbrV/8TkVuP7Fnaf84Hi Qn3OEI-
Content-Length: 155
Content-Type: application/x-www-form-urlencoded


ctrMasterEo:_ct l3:txtnumber=xx xxxxxxx&ctrMast erEo__ctl3_txtn umber=xxxxxx&ct rMasterEo:_ctl3 :txtText=test_t xt&ctrMasterEo_ _ctl3_txtText=t ext_txt<
HTTP/1.1 302 Found
< Date: Sun, 13 Mar 2005 16:36:11 GMT
< Server: Apache/2.0.49 (Unix) mod_ssl/2.0.49 OpenSSL/0.9.7d
< Pragma: no-cache
< Connection: close
< Location: https://www.mysite.com/eo/e-banking/?login
< Cache-Control: no-cache
< Content-Length: 278
< Content-Type: text/html
* Closing connection #0


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Re: Fill a form authenticated HTTPS

Sheela wrote:[color=blue]
> It seems to be all alright but the form that should be submitted[/color]
doesn't[color=blue]
> submit :(
>
> SHE
> that is content of the verbose file:[/color]
<snip>

How do you say that it isn't get submitted? For me, it seems to
submit. But, may the authentication fail, if it expects the cookie
along with the form post. So, it is always better to set the cookie and
then post like:
1. *Just* open https://foo.com/login.php so that it sets the cookie.
2. Now post to that login.php page

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Re: Fill a form authenticated HTTPS

[color=blue]
> How do you say that it isn't get submitted? For me, it seems to
> submit.[/color]

cause if it submit the form I will receive a mail ;).


But, may the authentication fail, if it expects the cookie[color=blue]
> along with the form post. So, it is always better to set the cookie and
> then post like:
> 1. *Just* open https://foo.com/login.php so that it sets the cookie.
> 2. Now post to that login.php page[/color]

I do that... i log to the loginpage and then a go to the submitpage..
and the cookie is setted (I hope) ;)

do you know a site where I can found more informations about https
handshaking and so on?

thank you very much 4 help
SHE


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Re: Fill a form authenticated HTTPS

Sheela wrote:
<snip>[color=blue]
> do you know a site where I can found more informations about https
> handshaking and so on?[/color]

I'm not sure, what you wanted. You may cross check the content of
cURL verbose logging file with the http sniffers say
LiveHttpHeaders/Firefox or HTTPLook <http://www.httpsniffer .com/>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Re: Fill a form authenticated HTTPS

I'm sure I arrived to loggin.
But i recevie this errors..


Posting Form Data...



--------------------------------------------------------------------------------
error no = 22
error string = The requested URL returned error: 500

thnx 4 ur help

SHE


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Re: Fill a form authenticated HTTPS

> --------------------------------------------------------------------------------[color=blue]
> error no = 22
> error string = The requested URL returned error: 500
>
> thnx 4 ur help
>
> SHE[/color]



this cause the page is redirected somewehere else after the submit
and I scare it cause problems with curl..

SHE


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Re: Fill a form authenticated HTTPS

Sheela Casso wrote:[color=blue][color=green]
> > error no = 22
> > error string = The requested URL returned error: 500[/color]
>
> this cause the page is redirected somewehere else after the submit
> and I scare it cause problems with curl..[/color]

As I already told, sniff the headers while manually login to the URL
and compare it with the cURL verbose log. I assume that the passed
header is messed up. I also assume that you've already added
curl_setopt($ch , CURLOPT_FOLLOWL OCATION, 1) which is correct.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Re: Fill a form authenticated HTTPS

I dont know how but I arrived to make the post going.... :)

curl_setopt($ch , CURLOPT_FOLLOWL OCATION, 1);
is the option to set that the post have to follow the redir?

Thank you very much :)

SHE



--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Re: Fill a form authenticated HTTPS

Sheela wrote:[color=blue]
> I dont know how but I arrived to make the post going.... :)[/color]

Glad to know that.
[color=blue]
> curl_setopt($ch , CURLOPT_FOLLOWL OCATION, 1);
> is the option to set that the post have to follow the redir?[/color]

Yes.

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Re: Fill a form authenticated HTTPS

thank you very much.

SHE


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG