使用html表单和cookie进行登录以进行身份验证 [英] login to page using html form and cookies for authentication
问题描述
我正尝试使用卷曲登录到
您的cURL命令不正确。在 si_username 中输入错字,并且在 https 中缺少认证页面中的S.此外,在goto中,您将放置singout页面而不是主页面(或其他页面)。
尝试:
curl -L -F'si_username = name'-F'si_password = xxx'-F'goto = https://www.criticker.com/' -F'si = Go'-c cookiefile.txt https://www.criticker.com/authenticate.php
您甚至可能不需要 goto 和 Go 字段:
curl -L -F'si_username = name'-F'si_password = xxx'-c cookiefile.txt https://www.criticker.com/authenticate.php
I'm trying to login to this page using curl. The page uses authentication via html forms so http auth using curl --user name:password is not working in this case. I've found this post where is mentioned that one should search for
action= attribute under <form> to obtain correct address where to send data. The snippet from mentioned page looks following:
<form id="si_signinform" name="signinform" method="post" action="https://www.criticker.com/authenticate.php">
<input class="si_input" name="si_username" id="si_input_uname" value="" autocapitalize="none" type="text">
<input class="si_input" name="si_password" id="si_input_pswd" value="" type="password">
<input name="goto" value="https://www.criticker.com/signout.php" type="hidden">
<p id="submit"><input id="si_submit" name="si" value="Go" type="submit"></p>
I've also find this post which says that some attributes might be hidden when the are send to server (seems that this is my case because of "goto" and "si" parameters as shown on screenshots)
So here are steps I did:
- I've logged to page via Firefox
- I've check HTTP parameters via Developer Tools (see screenshots)
- I've issued following curl command to login
curl -L -X POST -F 'si_uername=wakatana' -F 'si_password=$PASWORD' -F 'goto=https://www.criticker.com/signout.php' -F 'si=Go' -c cookiefile.txt http://www.criticker.com/authenticate.php - Then I've issued following curl command to check whether I'm logged successfully
curl -L -b cookiefile.txt https://www.criticker.com/
When I login from Firefox I can see my username in upper right of page.
But when I issue one of the curl commands and grep the returned content for username there is no such string. Based on this I deduce that authentication was not successful. But when login via Firefox and use "Copy as cURL" function as stated here I got this:
curl "https://www.criticker.com/" -H "Host: www.criticker.com" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H "Accept-Language: en-US,en;q=0.5" --compressed -H "Referer: https://www.criticker.com/signin.php" -H "Cookie: PHPSESSID=SOME_VALUES_GOES_HERE; gid2=SOME_VALUES_GOES_HERE; uid2=SOME_VALUES_GOES_HERE -H "Connection: keep-alive" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1"
and it works. The problem is that I need to first login wit Firefox and then issue curl.
How can I use curl to login to page which is using forms? Please note I'm looking for some general hints which I can apply to any page (e.g. using proxy, sniffers etc.). I'm not primary interested in this site (but I'm interesting why the curl commands does not work). It is just example which uses form for authentication, if there is some playground for testing such curl commands please let me know. Thank you
Your cURL command is incorrect. Typo in si_username and missing the S in https for the authentication page. Also, in the "goto" you are putting the singout page instead of the main page (or some other page).
Try with:
curl -L -F 'si_username=name' -F 'si_password=xxx' -F 'goto=https://www.criticker.com/' -F 'si=Go' -c cookiefile.txt https://www.criticker.com/authenticate.php
You may not even need the goto and Go fields:
curl -L -F 'si_username=name' -F 'si_password=xxx' -c cookiefile.txt https://www.criticker.com/authenticate.php
这篇关于使用html表单和cookie进行登录以进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
