Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Re: logging in to secure site

by dannoura (Pilgrim)
on Apr 30, 2004 at 15:57 UTC ( #349435=note: print w/ replies, xml ) Need Help??


in reply to Re: logging in to secure site
in thread logging in to secure site

Thanks for your help. I tried submitting https://www.saxobank.com/Default.aspx/?id=2&Lan=EN&Au=0&Grp=0 in the POST method. This gave me another page with username and password fields in plain html (below). Submitting to that with the URL https://www.saxobank.com/ didn't work. Excuse my ignorance, but I can't figure out how to submit using the information from the javascript. Can you figure it out?

<td class="qblock-head" colSpan="2">Member Login (Encrypted)</td> </tr> <tr> <td class="qst">User ID &nbsp;</td> <td class="qst"><input class=input type=text m +axLength=50 size=20 value="" name="txtUID" id="txtUID"> </td> </tr> <tr> <td class="qst">Password &nbsp;</td> <td class="qst"><input class="input" type="pas +sword" maxLength="50" size="20" name="txtPWD" id="txtPWD"> </td>


Comment on Re: Re: logging in to secure site
Select or Download Code
Re: Re: Re: logging in to secure site
by matija (Priest) on Apr 30, 2004 at 16:10 UTC
    I might have been able to if you had submitted enough information, but you didn't so I can't.

    In particular, you didn't include the <form> tag, which might tell us the right URL, nor the <submit> tag that would show us if they were playing any further games with javascript.

    Before you come back here, look at the form tag, and try to submit to the URL listed in the action field.

      Here are the relevant parts. They don't seem to be any different from the URL I previously posted.

      <form name="Form1" method="post" action="Default.aspx?id=2&amp;Lan=EN&amp;Au=1&amp;Grp=5" id="Form1">

      and

      <table class="qblock" cellPadding="4" width="300" border="0"> <tr> <td class="qblock-head" colSpan="2">Member Log +in (Encrypted)</td> </tr> <tr> <td class="qst">User ID &nbsp;</td> <td class="qst"><input class=input type=text m +axLength=50 size=20 value="" name="txtUID" id="txtUID"> </td> </tr> <tr> <td class="qst">Password &nbsp;</td> <td class="qst"><input class="input" type="pas +sword" maxLength="50" size="20" name="txtPWD" id="txtPWD"> </td> </tr> <tr> <td class="Naviblockheader" align="middle" col +Span="2"><input class="input" type="submit" value="log in" name="subm +it"> </td> </tr> </table>
        From the look of it you must submit a variable "submit" with the value "log in" too. That means your URL must contain "&submit=log+in&" somewhere.
Re: Re: Re: logging in to secure site
by sacked (Hermit) on Apr 30, 2004 at 18:44 UTC
    Your form fields are named incorrectly. From the HTML above, you'll need to supply the fields "txtUID" and "txtPWD" for your username as password, respectively. In addition, you also need the hidden form field "__VIEWSTATE", and the "submit" field (named for the submit button). In the code below, I also updated the URL to match that set by the javascript on the web page.
    my $request=$ua->request( POST "https://www.saxobank.com/Default.aspx/?id=2&Lan=EN&Au=0&Grp=0" +, { __VIEWSTATE => 'dDwxOTk0Mzg2NjQzOzs+/+MSvllHQREYBFP5zZXrPV/rhdM=', txtUID => 'me', txtPWD => 'secret', submit => 'log in' });
    It doesn't appear that the "__VIEWSTATE" field has a unique value for each page load, but if it did, you could modify your code to load the home page to retrieve the value for the "__VIEWSTATE" field:
    my $viewstate= get_viewstate( $ua ) or die "can't get viewstate field" +; + my $request=$ua->request( POST "https://www.saxobank.com/Default.aspx/?id=2&Lan=EN&Au=0&Grp=0" +, { __VIEWSTATE => $viewstate, txtUID => 'me', txtPWD => 'secret', submit => 'log in' }); + print $request->is_success ? $request->content : "failed\n"; + # retrieve value for hidden __VIEWSTATE field (unique for each browser + load?) sub get_viewstate { my $ua= shift; + require HTML::TokeParser; my $request= $ua->request(GET "http://www.saxobank.com/"); die $request->status_line unless $request->is_success; + my $p= HTML::TokeParser->new( \$request->content ); + while( my $tag= $p->get_tag("input") ) { return $tag->[1]{value} if $tag->[1]{name} eq '__VIEWSTATE'; } }
    --sacked

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://349435]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (7)
As of 2014-08-02 09:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Who would be the most fun to work for?















    Results (55 votes), past polls