Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^2: Log In To guardian.co.uk with WWW::Mechanize

by Cody Pendant (Prior)
on May 28, 2005 at 03:37 UTC ( [id://461277]=note: print w/replies, xml ) Need Help??


in reply to Re: Log In To guardian.co.uk with WWW::Mechanize
in thread Log In To guardian.co.uk with WWW::Mechanize

Good call, should have thought of that sooner.

OK this is what I get:

http://users.guardian.co.uk/signin/tr/1,13542,-1,00.html POST /signin/tr/1,13542,-1,00.html HTTP/1.1 Host: users.guardian.co.uk User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv: +1.7.8) Gecko/20050511 Firefox/1.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 +,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://users.guardian.co.uk/signin/0,12930,-1,00.html?AU_LOGI +N_ID=myusername&AU_PASSWORD=%2D%2D%2D%2D%2D%2D%2D%2D&AU_PASSWORD_HASH +=12f6c69cf906afb85852b32bc04e4c19&AU_CHALLENGE=1117250755&AU_CHALLENG +E2=c486109c620b57c4bc69b4792179cdb9 Cookie: GU_MU=UVdvQE44Q29AamtBQUR2T2VMWXxpV3RHNEZCQmhZeVIzbEI5dzlPUWdB +PT0%3d; GU_LOCATION=YXVzOjU6dmk6NDpyaWNobW9uZDozOi0xOmJyb2FkYmFuZDotM +zcuODMzOjE0NS4wMDBAOTAxOTgyNDIxMjQ4OTE1NTYyMjUzNTI0NzUxOTE0MzIwNjc0Mj +Qz; CP=*; GU_ST=http%3A//www.guardian.co.uk/ Content-Type: application/x-www-form-urlencoded Content-Length: 199 AU_LOGIN_ID=myusername&AU_PASSWORD=--------&AU_KEEP_ME_SIGNED_IN=on&AU +_PASSWORD_HASH=f67c849de72c3939d7169374f761ab9e&AU_CHALLENGE=11172509 +06&AU_CHALLENGE2=fd62bbf5c99827b9b738eac3cb566c35 HTTP/1.x 301 Moved Permanently Date: Sat, 28 May 2005 03:29:00 GMT Server: Apache/1.3.33 (Unix) Set-Cookie: GU_ME=myusername; path=/; expires=Thu, 27 May 2010 03:29:0 +2 GMT; domain=.guardian.co.uk Set-Cookie: GU_MI=mi%5Fi%3D872201%3Bmi%5Fp%3DCRE%2CTLK%2CBRF%2CMGU%3Bg +u%5Fpk%3DCRE%2CTLK%2CMGU%3Bmi%5Fe%3D%21200505310329%3Bmi%5Fs%3Dba40d2 +702ddb6ca1d9f0eb8c61793554; path=/; expires=Thu, 27 May 2010 03:29:02 + GMT; domain=.guardian.co.uk; httponly; Set-Cookie: GU_MY=200505280339:67f4730c3bbbccb2723f33abb5d3e922; path= +/; expires=Sat, 28 May 2005 03:39:02 GMT; domain=users.guardian.co.uk +; httponly; Location: /signin/status/tr/1,13608,-1,00.html Cache-Control: no-cache Pragma: no-cache Expires: 0 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ---------------------------------------------------------- http://users.guardian.co.uk/signin/status/tr/1,13608,-1,00.html GET /signin/status/tr/1,13608,-1,00.html HTTP/1.1 Host: users.guardian.co.uk User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv: +1.7.8) Gecko/20050511 Firefox/1.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 +,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://users.guardian.co.uk/signin/0,12930,-1,00.html?AU_LOGI +N_ID=myusername&AU_PASSWORD=%2D%2D%2D%2D%2D%2D%2D%2D&AU_PASSWORD_HASH +=12f6c69cf906afb85852b32bc04e4c19&AU_CHALLENGE=1117250755&AU_CHALLENG +E2=c486109c620b57c4bc69b4792179cdb9 Cookie: GU_MU=UVdvQE44Q29AamtBQUR2T2VMWXxpV3RHNEZCQmhZeVIzbEI5dzlPUWdB +PT0%3d; GU_LOCATION=YXVzOjU6dmk6NDpyaWNobW9uZDozOi0xOmJyb2FkYmFuZDotM +zcuODMzOjE0NS4wMDBAOTAxOTgyNDIxMjQ4OTE1NTYyMjUzNTI0NzUxOTE0MzIwNjc0Mj +Qz; CP=*; GU_ST=http%3A//www.guardian.co.uk/; GU_ME=myusername; GU_MI +=mi%5Fi%3D872201%3Bmi%5Fp%3DCRE%2CTLK%2CBRF%2CMGU%3Bgu%5Fpk%3DCRE%2CT +LK%2CMGU%3Bmi%5Fe%3D%21200505310329%3Bmi%5Fs%3Dba40d2702ddb6ca1d9f0eb +8c61793554; GU_MY=200505280339:67f4730c3bbbccb2723f33abb5d3e922 HTTP/1.x 301 Moved Permanently Date: Sat, 28 May 2005 03:29:03 GMT Server: Apache/1.3.33 (Unix) Set-Cookie: GU_ME=myusername; path=/; expires=Thu, 27 May 2010 03:29:0 +5 GMT; domain=.guardian.co.uk Set-Cookie: GU_MI=mi%5Fi%3D872201%3Bmi%5Fp%3DCRE%2CTLK%2CBRF%2CMGU%3Bg +u%5Fpk%3DCRE%2CTLK%2CMGU%3Bmi%5Fe%3D%21200505310329%3Bmi%5Fs%3Dba40d2 +702ddb6ca1d9f0eb8c61793554; path=/; expires=Thu, 27 May 2010 03:29:05 + GMT; domain=.guardian.co.uk; httponly; Set-Cookie: GU_ST=; path=/; domain=.guardian.co.uk Location: http://www.guardian.co.uk/ Cache-Control: no-cache Pragma: no-cache Expires: 0 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ---------------------------------------------------------- http://www.guardian.co.uk/

At which point I'm taken to the front page and I'm logged in.



($_='kkvvttuu bbooppuuiiffss qqffssmm iibbddllffss')
=~y~b-v~a-z~s; print

Replies are listed 'Best First'.
Re^3: Log In To guardian.co.uk with WWW::Mechanize
by merzy (Scribe) on May 28, 2005 at 15:37 UTC
    Still no time to work on this, but I'm curious enough to poke at it every once in a while. Between different requests to the login page, here's what changes:
    [11:23am] eero:~/tmp/guardian: diff 0,12930,-1,00.html o 236c236 < <input type="hidden" name="AU_CHALLENGE" value="1117293798"><input t +ype="hidden" name="AU_CHALLENGE2" value="af7fb54d3a917e272e2b7abe1353 +bd51"></form></table></td></tr></table> --- > <input type="hidden" name="AU_CHALLENGE" value="1117293788"><input t +ype="hidden" name="AU_CHALLENGE2" value="59e3978f05fde8396395a576645c +d04b"></form></table></td></tr></table> [11:23am] eero:~/tmp/guardian:
    ...and here's where in the page source the work is done:
    function preparePassword() { var form = document.regpss1; var dummy = '----------------------------------------'; form.AU_PASSWORD_HASH.value = binl2hex(core_hmac_md5(form. +AU_CHALLENGE2.value,form.AU_PASSWORD.value)); form.AU_PASSWORD.value = dummy.substr(0,form.AU_PASSWORD.v +alue.length); regpss_submitted = true; form.submit(); }

    I'm guessing that you'll need to take your password, run it through that hashing sequence and then return that as the actual password in the post. Or something like that.

    I'm surprised nobody's done this yet.
      Oh god. There's an even worse mea culpa coming up.

      My face is literally red.

      I didn't check whether the login was successful or not. I saw an error message and assumed that it meant the login wasn't successful. I am an idiot. If I ignore the error and continue, I am actually logged in.

      I will now dress in virtual sackcloth and do Good Works among the Less Fortunate for a year.



      ($_='kkvvttuu bbooppuuiiffss qqffssmm iibbddllffss')
      =~y~b-v~a-z~s; print
        Heh! Glad to hear you're all set.
Re^3: Log In To guardian.co.uk with WWW::Mechanize
by Anonymous Monk on May 28, 2005 at 12:17 UTC
    So what do you think you should do now?

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://461277]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (4)
As of 2024-03-29 11:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found