Solved

Make a perl client fake a GET containing a cookie

Posted on 2000-05-09
6
178 Views
Last Modified: 2010-03-05
Let's say I execute the following code and it doesn't work because the server
doesn't believe I have cookies enabled.  The server returns "Cannot Identify
User. You must allow cookies in  your browser so that PINVAL can identify you after
Login".

My code follows.  It works agains other http's that don't need a cookie.  I'm basically grabbing .HTML and dumping it to the disk.

     use LWP::UserAgent;
     $user_agent = new LWP::UserAgent;
     $request = new HTTP::Request ('GET','http://www.this.com/pinVAL/XS.ISA?Action=GETINSTSTD&ID=951692');
     $response = $user_agent->request($request);

     open FILEHANDLE, ">file.txt";
     print FILEHANDLE $response->content;
     close FILEHANDLE;

What can I do before hand to force the server to recognize my cookie?

I don't know much about the server, but when I sniff the transmission (during a IE 4.0 browser transmission) I see the following during a SEND.

GET /finVAL/Images/developed.jpg HTTP/1.1
Accepted: */*
Referer: http://www.this.com/finVAL/XS.ISA?Action=STCON
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; version.dll)
Host: www.this.com
Connection: Keep-Allive
Cookie: PINXZZZ=MYACCT; PINDDDID=MYACCT-46158x19377x781178x50891218
0
Comment
Question by:cwoodwar
  • 3
  • 3
6 Comments
 
LVL 3

Expert Comment

by:tgoetze
ID: 2795638
You can add the cookie in the GET request by sending an optional third parameter to HTTP::Request.

For example:


use LWP::UserAgent;
use HTTP::Headers;

$h = new HTTP::Headers();
$h->header('Cookie' => 'PINXZZZ=MYACCT; PINDDDID=MYACCT-46158x19377x781178x50891218');

     $user_agent = new LWP::UserAgent;
     $request = new HTTP::Request ('GET','http://www.this.com/pinVAL/XS.ISA?Action=GETINSTSTD&ID=951692',$h);
     $response = $user_agent->request($request);

     open FILEHANDLE, ">file.txt";
     print FILEHANDLE $response->content;
     close FILEHANDLE;



You can also check out the HTTP::Cookies module if you want to store new cookies as you go.

0
 

Author Comment

by:cwoodwar
ID: 2795953
You mentioned the following.

"You can also check out the HTTP::Cookies module if you want to store new cookies as you go"

How do I do this.  I need to check the cookie so I can plug in the values.

How do I do this?

0
 
LVL 3

Expert Comment

by:tgoetze
ID: 2800954
You already have a way of transmitting the request with the approrpiate header (once you know the cookie content). If you can find where IE stores the cookie, you can just grab it and put it in the program. Often times the cookie value doesn't change very often. Look in: c:\windows\Profiles\user_name\Cookies for your cookies.

Alternatively, you can try to have Perl do everything for you. Two ways you can do this. (1) Write a script that does the original registration through the web page and consequently grabs the cookie when it is originally created. This requies a decent sized effort and good understanding of the site you are going to and LWP.

Here's an alternative:
(2) Use Netscape to establish your account originally. Then you can have HTTP::Cookies::Netscape share Netscape's cookies. Here's an example:

use LWP::UserAgent;
use HTTP::Cookies::Netscape;

     $user_agent = new LWP::UserAgent;
     $request = new HTTP::Request ('GET','http://www.this.com/pinVAL/XS.ISA?Action=GETINSTSTD&ID=951692',$h);
     $cookie_jar = HTTP::Cookies::Netscape->new(
                     File => 'C:\netscape\cookies', #CHANGE THIS TO POINT TO YOUR LOCATION
                     Autosave => 1
                   );
     $cookie_jar->add_cookie_header($request); # adds the header to the request, this is
                                               #  what I showed you how to do previously
     $response = $user_agent->request($request);

     #If you think the cookie might have changed, you can:
     $cookie_jar->extract($response);
     $cookie_jar->save();

     open FILEHANDLE, ">file.txt";
     print FILEHANDLE $response->content;
     close FILEHANDLE;



0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 3

Accepted Solution

by:
tgoetze earned 100 total points
ID: 2800982
I didn't clean up properly in the last code pasting. Try this as the code sample from in the previous post:

use LWP::UserAgent;
use HTTP::Cookies::Netscape;

     $user_agent = new LWP::UserAgent;
     $request = new HTTP::Request ('GET','http://www.this.com/pinVAL/XS.ISA?Action=GETINSTSTD&ID=951692');
     $cookie_jar = HTTP::Cookies::Netscape->new(
                     File => 'C:\netscape\cookies', #CHANGE THIS TO POINT TO YOUR LOCATION
                     Autosave => 1
                   );
     $cookie_jar->add_cookie_header($request); # adds the header to the request, this is
                                               #  what I showed you how to do previously
     $response = $user_agent->request($request);

     #If you think the cookie might have changed, you can:
     $cookie_jar->extract($response);
     $cookie_jar->save();

     open FILEHANDLE, ">file.txt";
     print FILEHANDLE $response->content;
     close FILEHANDLE;





0
 

Author Comment

by:cwoodwar
ID: 2800999
I'll give this a try when I get back to my other lab.

Please stand by.

Charles
0
 

Author Comment

by:cwoodwar
ID: 2802970
We nolonger have access to the target machine.  Therefore I can't 100% validate the answer.

Looking at the code I believe this definitely the answer.

Therefore I give tgoetze 95% out of a 100%.

Thank you very much.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now