在shell中生成登录cookie(使用curl?) [英] Generate login cookie in shell (using curl?)
问题描述
在启动浏览器之前,我想在外壳中生成一个登录cookie,以使我已经登录到某些网站.目前,我正在使用以下命令在自己的nextcloud服务器上尝试使用
curl --cookie test.txt --cookie-jar test.txt \-d" user = *** name ***"\-d"密码= ***密码***"\<我的nextcloud服务器>/index.php/login 获取如下所示的Cookie.但是,将其放置在我的其他Cookie中并不允许我登录.
#Netscape HTTP Cookie文件#https://curl.haxx.se/docs/http-cookies.html#这个文件是由libcurl生成的!编辑风险自负.#HttpOnly_<我的nextcloud服务器>FALSE/nextcloud是nc_sameSiteCookiestrict是#HttpOnly_<我的nextcloud服务器>FALSE/nextcloud是nc_sameSiteCookielax是#HttpOnly_<我的nextcloud服务器>FALSE/nextcloud是oc_sessionPassphrase .....#HttpOnly_<我的nextcloud服务器>FALSE/nextcloud是... 用铬记录正常登录的操作,下面将生成一个不同的cookie,是否有人熟悉这种登录方法?谢谢!
我的目标是针对冲浪浏览器的自动登录脚本,例如此
如果您在浏览器开发工具的网络"标签上尝试通过浏览器连接到nextcloud,则会看到确切的请求.
您需要再次使用Curl进行完全相同的请求.
在您的情况下,您缺少以下设置:
-X POST -H内容类型:application/x-wwww-form-urlencoded"
请求在POST中发送表单.
但是您还缺少该表单的其他隐藏字段,包括requesttoken字段.
此字段是当您到达登录页面时随机生成的令牌,该令牌存储在php会话中,并在您登录时与表单的值进行比较.这是一个使暴力破解更加困难的安全系统.
要绕过此安全系统,您首先需要在登录页面上发出请求,提取生成的cookie并解析页面内容以检索requesttoken字段.然后,您可以第二次请求发送带有您的登录名和密码的表单,并最终获得经过身份验证的cookie.
祝你好运!
I would like to generate a login cookie in the shell, before launching my browser, such that I am already logged into certain websites. Currently I am trying this with my own nextcloud server using the following command
curl --cookie test.txt --cookie-jar test.txt \
-d "user=***name***" \
-d "password=***password***" \
<my nextcloud server>/index.php/login
getting a cookie that looks like the following. However, placing this among my other cookies does not allow me to login.
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_<my nextcloud server> FALSE /nextcloud TRUE nc_sameSiteCookiestrict true
#HttpOnly_<my nextcloud server> FALSE /nextcloud TRUE nc_sameSiteCookielax true
#HttpOnly_<my nextcloud server> FALSE /nextcloud TRUE oc_sessionPassphrase .....
#HttpOnly_<my nextcloud server> FALSE /nextcloud TRUE ..... ...................
Recording with chromium the action of a normal login, a different cookie is generated out of the one below, is anyone familiar with this login method? Thanks!
My goal would be an auto login script like this one for the surf browser
If you try to connect to nextcloud with your browser while looking at the Network tab of your browser's development tool, you will see the exact request being made.
You need to do the exact same request again with Curl.
In your case you are missing the following settings:
-X POST -H "Content-Type: application/x-wwww-form-urlencoded"
to make a request to send a form in POST.
But you are also missing the other hidden fields of the form including the requesttoken field.
This field is a token randomly generated when you arrive on the login page which is stored in a php session and is compared with the values of your form when you log in. It is a security system to make bruteforce attacks more difficult.
To bypass this security system, you first need to make a request on the login page, extract the cookies generated and parse the content of the page to retrieve the requesttoken field. Then you can made your second request to send the form with with your login and password and finaly get your authenticated cookies.
Good luck !
这篇关于在shell中生成登录cookie(使用curl?)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
