Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re^3: Log In To guardian.co.uk with WWW::Mechanize

by merzy (Scribe)
on May 28, 2005 at 15:37 UTC ( #461359=note: print w/replies, xml ) Need Help??


in reply to Re^2: Log In To guardian.co.uk with WWW::Mechanize
in thread Log In To guardian.co.uk with WWW::Mechanize

Still no time to work on this, but I'm curious enough to poke at it every once in a while. Between different requests to the login page, here's what changes:
[11:23am] eero:~/tmp/guardian: diff 0,12930,-1,00.html o 236c236 < <input type="hidden" name="AU_CHALLENGE" value="1117293798"><input t +ype="hidden" name="AU_CHALLENGE2" value="af7fb54d3a917e272e2b7abe1353 +bd51"></form></table></td></tr></table> --- > <input type="hidden" name="AU_CHALLENGE" value="1117293788"><input t +ype="hidden" name="AU_CHALLENGE2" value="59e3978f05fde8396395a576645c +d04b"></form></table></td></tr></table> [11:23am] eero:~/tmp/guardian:
...and here's where in the page source the work is done:
function preparePassword() { var form = document.regpss1; var dummy = '----------------------------------------'; form.AU_PASSWORD_HASH.value = binl2hex(core_hmac_md5(form. +AU_CHALLENGE2.value,form.AU_PASSWORD.value)); form.AU_PASSWORD.value = dummy.substr(0,form.AU_PASSWORD.v +alue.length); regpss_submitted = true; form.submit(); }

I'm guessing that you'll need to take your password, run it through that hashing sequence and then return that as the actual password in the post. Or something like that.

I'm surprised nobody's done this yet.

Replies are listed 'Best First'.
Re^4: Log In To guardian.co.uk with WWW::Mechanize
by Cody Pendant (Prior) on May 29, 2005 at 01:00 UTC
    Oh god. There's an even worse mea culpa coming up.

    My face is literally red.

    I didn't check whether the login was successful or not. I saw an error message and assumed that it meant the login wasn't successful. I am an idiot. If I ignore the error and continue, I am actually logged in.

    I will now dress in virtual sackcloth and do Good Works among the Less Fortunate for a year.



    ($_='kkvvttuu bbooppuuiiffss qqffssmm iibbddllffss')
    =~y~b-v~a-z~s; print
      Heh! Glad to hear you're all set.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://461359]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (4)
As of 2022-01-27 20:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (71 votes). Check out past polls.

    Notices?