2

Logging into web servers is not my area of expertise, and I am looking to automate a task of logging into a web server, but I am not sure how I need to format my code to achieve this goal. I have looked at other pages, but no matter what I did I got the same response back.

web page snippets:

  <form name="form1" action="login.cgi" method="POST" onsubmit="encrypt();">
    <input type="hidden" name="Token" value="16">
    <tr height="15">
      <td><img src="/images/spacer.gif" alt="" height="15"></td>
    </tr>
    <tr height="32">
      <td valign="top">
        <table width="100%" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td width="19"><img src="/images/spacer.gif" alt="" width="19"></td>
            <td width="100%"> </td>
          </tr>
        </table>
      </td>
    </tr>
    <tr height="12">
      <td><img src="/images/spacer.gif" alt="" height="12"></td>
    </tr>
    <tr>
      <td height="1" valign="top">
        <table border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td width="20"><img src="/images/spacer.gif" alt="" width="20"></td>
            <td valign="top">
              <table border="0" cellspacing="0" cellpadding="0">
                <tr>
                  <td><img src="/images/spacer.gif" alt="" width="10" height="8"></td>
                  <td><img src="/images/spacer.gif" alt="" width="400" height="8"></td>
                </tr>
                <tr>
                  <td nowrap>
                    <b>Login:</b>
                  </td>
                  <td>
                    <input name="userid_w" type="text" size="50">
                    <input name="userid" type="hidden" value=""><img src="/images/spacer.gif" alt="" width="10"></td>
                </tr>
                <tr>
                  <td colspan="2" height="3"><img src="/images/spacer.gif" alt="" height="3"></td>
                </tr>
                <tr>
                  <td nowrap>
                    <b>Login Password:</b>
                  </td>
                  <td>
                    <input name="password_w" type="password" size="50">
                    <input name="password" type="hidden" value="">
                  </td>
                </tr>
                <tr height="3">
                  <td colspan="2"><img src="/images/spacer.gif" alt="" height="3"></td>
                </tr>
                <tr>
                  <td></td>
                  <td>
                    <input type="submit" value="Login">

....

    <input type="hidden" name="open" value="">
  </form>
</table>

The response I am getting from the server, no matter what userid_w or password_w value I give, returns:

<html>  <head></head>  <body onload='document.form1.submit()'>    <form name='form1' method='POST' action='message.cgi' target='_top'>      <input type='hidden' name='title' value='MSG_TTL_COOKIEOFF'/>      <input type='hidden' name='messageID' value='MSG_COOKIEOFF'/>      <input type='hidden' name='buttonURL' value='Frame.cgi'/>      <input type='hidden' name='screen' value='all'/>   </form>  </body></html>

Any help would be appreciated.

Edit: Running curl -l on the page gives:

<html>  <head></head>  <body onload='document.form1.submit()'>    <form name='form1' method='POST' action='/web/guest/en/websys/webArch/message.cgi' target='_top'>      <input type='hidden' name='title' value='MSG_TTL_COOKIEOFF'/>      <input type='hidden' name='messageID' value='MSG_COOKIEOFF'/>      <input type='hidden' name='buttonURL' value='Frame.cgi'/>      <input type='hidden' name='screen' value='all'/>  </form>  </body></html

Which looks like what my pythons script outputs...

Improve this question
8
  • What is it you tried? If you show some code, it's a lot easier to help. Commented May 17, 2013 at 5:46
  • modified this code: stackoverflow.com/questions/13925983/… , changed the user, passwd, and op field to userid_w, password_w. Commented May 17, 2013 at 5:53
  • Did you send the token value from the form? Commented May 17, 2013 at 5:58
  • I did at some point, but it was not changing the response, so I figured my error was elsewhere.... Commented May 17, 2013 at 6:01
  • it could be a one-time-token, so I suggest you get the login page, read the token and send it. What status code do you get? It's hard to help with so little information Commented May 17, 2013 at 6:08

1 Answer 1

Reset to default
5
+50

Looking at <form name="form1" action="login.cgi" method="POST" onsubmit="encrypt();"> one could assume data is modified by a javascript snippet before being sent to the login.cgi. If that is the case, you have two options to follow:

  • Use selenium to pass credentials and proceed with login, then get the session cookie and copy it over to the http client of your choices (e.g. requests)
  • Run a javascript interpreter (e.g. python-spidermonkey) using provided credentials to get the real POST values that get sent, and use them to make a call with http client of your choice
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.