Solved

ASPX and POST values

Posted on 2011-03-22
31
2,122 Views
Last Modified: 2012-05-11
Hello guys I am making an iphone app and I am trying to send username and password to an .aspx website.

This is the login site: www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx

after capturing the login process I got that: %3D&HeaderLogin1%24CybeeUserName1%24txtUserName=myuser name&HeaderLogin1%24CybeePassword1%24txtPassword=mypass &HeaderLogin1%24ibtnLogin.x=31&HeaderLogin1%24ibtnLogin.y=7

I tried to send the txtUsername and txtPassword but nothing happening. Then I download the source of the website and I found Header1_CybeeUsername1_txtUsername,Header1$CybeeUs ername1$txtUsername, and the same for password field and Login button. Which of these values I have to send to the server? I have to send value for the ibtnLogin also?

Thanks
0
Comment
Question by:mavris
  • 18
  • 13
31 Comments
 
LVL 1

Expert Comment

by:beakt
ID: 35194168
If you're capturing what your regular web browser sends, you should probably send everything exactly as your web browser does.  It's common for a site to use hidden fields or other simple validation techniques to make sure a human is sending the POST back from the web page their site generated.  Also, is your app sending back any cookies the target website sends when you access their login page?

Jeff
0
 

Author Comment

by:mavris
ID: 35194215
No I am sending nothing. I am just reqest the url and then I am giving to the server the values.
This is my code:
-(IBAction) buttonpressed { 
    
    NSURL *url = [NSURL URLWithString:@"https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx"];
    
    ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
    [request setShouldRedirect:YES]; 
    [request setPostValue:@"mavris" forKey:@"HeaderLogin1_CybeeUserName1_txtUserName"];
    [request setPostValue:@"apoelaragrivas" forKey:@"HeaderLogin1_CybeePassword1_txtPassword"];   

    [request setPostValue:@"" forKey:@"HeaderLogin1_ibtnLogin"];

 
    [request setDelegate:self];
    [request startAsynchronous];

}


- (void)requestFinished:(ASIFormDataRequest *)request{
    // Use when fetching text data
  

    NSString *responseString = [request responseString];
    
   NSLog(@"Output = %@",responseString);

}

Open in new window


The response string it should be the redirected url but it giving me the same.
I tried this as you suggested but its give me the same result:
-(IBAction) buttonpressed { 
    
    NSURL *url = [NSURL URLWithString:@"https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx"];
    
    ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
    [request setShouldRedirect:YES]; 
    [request setPostValue:@"mavris" forKey:@"HeaderLogin1%24CybeeUserName1%24txtUserName"];
    [request setPostValue:@"apoelaragrivas" forKey:@"HeaderLogin1%24CybeePassword1%24txtPassword"];   

    [request setPostValue:@"31" forKey:@"HeaderLogin1%24ibtnLogin.x"];
    [request setPostValue:@"7" forKey:@"HeaderLogin1%24ibtnLogin.y"];


    // [request setDidFinishSelector:@selector(topSecretFetchComplete:)]; 
    //[request setDidFailSelector:@selector(topSecretFetchFailed:)]; 
    [request setDelegate:self];
    [request startAsynchronous];

}

Open in new window

0
 
LVL 1

Expert Comment

by:beakt
ID: 35194584
Don't be mad.  Let's keep working on this.  I visited the site and it send a cookie with a session ID on my visit.  The site's code might check to make sure a POST from a given IP uses the same cookie as it just sent, to avoid automated POSTing.  It's not a particularly sophistication protection against brute-force, but some people do it.  The next easiest thing to do is send the cookie with your POST, unless you're sure that the code you wrote does that automatically.
0
 

Author Comment

by:mavris
ID: 35194668
Sorry my bad!
I tried this one:
-(IBAction) buttonpressed { 
    
    NSURL *url = [NSURL URLWithString:@"https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx"];
    
    ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
    [request setShouldRedirect:YES]; 

    [request setPostValue:@"" forKey:@"__EVENTTARGET"];
    [request setPostValue:@"" forKey:@"__EVENTARGUMENT"];
    [request setPostValue:@"%2FwEPDwUKMTY2OTQ4NzA2MA9kFgICAw9kFgICAw9kFgICAg9kFgQCAQ9kFgZmDxYCHgVzdHlsZWQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHgRUZXh0BRfOjM69zr%2FOvM6xIM6nz4HOrs%2BDz4TOt2RkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHgxFcnJvck1lc3NhZ2UFUs6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs%2BDz4TOtSDPhM6%2FIM%2BAzrXOtM6vzr8gIs6Mzr3Ov868zrEgzqfPgc6uz4PPhM63Ii5kZAIEDw8WBB4UVmFsaWRhdGlvbkV4cHJlc3Npb24FHV5bYS16QS1aXVthLXpBLVowLTlcLl17NSwxOX0kHwIFSc6kzr8gz4DOtc60zq%2FOvyAizozOvc6%2FzrzOsSDOp8%2BBzq7Pg8%2BEzrciIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus%2BFz4HOvy5kZAIDD2QWBmYPFgIfAGQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHwEFIc6az4nOtM65zrrPjM%2BCIM6gz4HPjM%2BDzrLOsc%2BDzrfPgmRkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHwIFXM6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs%2BDz4TOtSDPhM6%2FIM%2BAzrXOtM6vzr8gIs6az4nOtM65zrrPjM%2BCIM6gz4HPjM%2BDzrLOsc%2BDzrfPgiIuZGQCBA8PFgQfAwUdXlthLXpBLVpdW2EtekEtWjAtOVwuXXs1LDE5fSQfAgVTzqTOvyDPgM61zrTOr86%2FICLOms%2BJzrTOuc66z4zPgiDOoM%2BBz4zPg86yzrHPg863z4IiIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus%2BFz4HOvy5kZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUWSGVhZGVyTG9naW4xJGlidG5Mb2dpbuXtDdjGl%2FgvdzGlio5ejfi0Bu9T&" forKey:@"__VIEWSTATE"];
    [request setPostValue:@"2FwEWBAKejebeDgLw26eKDgLTorKcDgLkqLpr7rvcqNM38pSUD9ecskWNWI%2BqLYs%3D&" forKey:@"__EVENTVALIDATION"];
    [request setPostValue:@"myuser" forKey:@"HeaderLogin1%24CybeeUserName1%24txtUserName"];
    [request setPostValue:@"mypass" forKey:@"HeaderLogin1%24CybeePassword1%24txtPassword"];
    


    [request setPostValue:@"0" forKey:@"HeaderLogin1%24ibtnLogin.x"];
    [request setPostValue:@"0" forKey:@"HeaderLogin1%24ibtnLogin.y"];


    // [request setDidFinishSelector:@selector(topSecretFetchComplete:)]; 
    //[request setDidFailSelector:@selector(topSecretFetchFailed:)]; 
    [request setDelegate:self];
    [request startAsynchronous];

}

Open in new window


And is reply that the service is not available at the moment!
So you suggest me to find a way to take the cookie from this site before try to auth and then use it as variable for the __VIEWSTATE?

What about using this class?
http://developer.apple.com/library/mac/#documentation/Cocoa/Reference/Foundation/Classes/NSHTTPCookie_Class/Reference/Reference.html
0
 
LVL 1

Expert Comment

by:beakt
ID: 35194706
mavris,

Yes, that is what I suggest.  I'd think you would not hard-code those strings for things like _VIEWSTATE and _EVENTVALIDATION, because it will be different.  If you can figure out how to take the cookie that is received from your first GET, and then just send that back when you POST, that should at least eliminate that as the problem.

All the website sent me was this:
Cookie: .CMV_CYBEE_SESSIONID=yhg22zbko5qig5jfnom3ll45

So, let's try sending back that cookie (knowing that the right-side value might change), and see if that fixes it.

Jeff

0
 

Author Comment

by:mavris
ID: 35194778
Ok I have an update here.
I am using this lib and thats what it says about cookies:

Persistent cookies

ASIHTTPRequest allows you to use the global store shared by all Mac OS X applications that use the CFNetwork or NSURLRequest APIs. If useCookiePersistence is on (it is by default), cookies will be stored in the shared NSHTTPCookieStorage container, and reused on other requests automatically. It's worth noting that ASIHTTPRequest might present cookies created in other applications if they are valid for a particular request.

You can clear all cookies created during a session like so:

[ASIHTTPRequest setSessionCookies:nil];
In this case, 'session cookies' refers to ALL cookies created during a session, rather cookies with no expiry date (often referred to as session cookies) that are removed when the application quits.

Alternatively, the convenience class method clearSession will clear all cookies created during the session, along with any cached authentication data.


So the cookies are handled by the libray.
This is my POST:
OST /miPortal/HeaderLoginBar.aspx HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx
Cookie: .CMV_CYBEE_SESSIONID=khxaqq45p4synb55o1ph0k45; ReturnID=; __utma=63534909.1332954431.1300484799.1300484799.1300487128.2; __utmc=63534909; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=63534909.6.10.1300487128
Content-Type: application/x-www-form-urlencoded
Content-Length: 1420
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTY2OTQ4NzA2MA9kFgICAw9kFgICAw9kFgICAg9kFgQCAQ9kFgZmDxYCHgVzdHlsZWQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHgRUZXh0BRfOjM69zr%2FOvM6xIM6nz4HOrs%2BDz4TOt2RkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHgxFcnJvck1lc3NhZ2UFUs6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs%2BDz4TOtSDPhM6%2FIM%2BAzrXOtM6vzr8gIs6Mzr3Ov868zrEgzqfPgc6uz4PPhM63Ii5kZAIEDw8WBB4UVmFsaWRhdGlvbkV4cHJlc3Npb24FHV5bYS16QS1aXVthLXpBLVowLTlcLl17NSwxOX0kHwIFSc6kzr8gz4DOtc60zq%2FOvyAizozOvc6%2FzrzOsSDOp8%2BBzq7Pg8%2BEzrciIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus%2BFz4HOvy5kZAIDD2QWBmYPFgIfAGQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHwEFIc6az4nOtM65zrrPjM%2BCIM6gz4HPjM%2BDzrLOsc%2BDzrfPgmRkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHwIFXM6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs%2BDz4TOtSDPhM6%2FIM%2BAzrXOtM6vzr8gIs6az4nOtM65zrrPjM%2BCIM6gz4HPjM%2BDzrLOsc%2BDzrfPgiIuZGQCBA8PFgQfAwUdXlthLXpBLVpdW2EtekEtWjAtOVwuXXs1LDE5fSQfAgVTzqTOvyDPgM61zrTOr86%2FICLOms%2BJzrTOuc66z4zPgiDOoM%2BBz4zPg86yzrHPg863z4IiIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus%2BFz4HOvy5kZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUWSGVhZGVyTG9naW4xJGlidG5Mb2dpbh3q3kdWpMxlMwB5MdfB4FZTu1YZ&__EVENTVALIDATION=%2FwEWBALrytq3DwLw26eKDgLTorKcDgLkqLprugML%2F2AZ%2BfRITfIsQ5JEXmKz1Wc%3D&HeaderLogin1%24CybeeUserName1%24txtUserName=MYUSER&HeaderLogin1%24CybeePassword1%24txtPassword=MYPASS&HeaderLogin1%24ibtnLogin.x=20&HeaderLogin1%24ibtnLogin.y=4
HTTP/1.1 302 Found

Open in new window


and I am using this code now:
-(IBAction) buttonpressed { 
    
    NSURL *url = [NSURL URLWithString:@"https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx"];
    
    ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
    [request setShouldRedirect:YES]; 
    [request setUseCookiePersistence:YES];

       [request setPostValue:@"MYUSER" forKey:@"&HeaderLogin1%24CybeeUserName1%24txtUserName"];
    [request setPostValue:@"MYPASS" forKey:@"&HeaderLogin1%24CybeePassword1%24txtPassword"];
    


    [request setPostValue:@"0" forKey:@"&HeaderLogin1%24ibtnLogin.x"];
    [request setPostValue:@"0" forKey:@"&HeaderLogin1%24ibtnLogin.y"];


    [request setDelegate:self];
    [request startAsynchronous];

Open in new window


Note that I tried to login to the imgur.com using as postvalues the "username", the "password" and the "submit" and it work. So that means that cookies are handled by the class?
0
 
LVL 1

Expert Comment

by:beakt
ID: 35194812
mavris,

So, yes, we see that cookie was sent back in the POST.  Was it there before?  You hadn't posted the exact text of what your program was POSTing earlier, before you started trying to ensure the cookies were being sent back.

I would think you'd be using session cookies, not persistent cookies.  Not sure what happens if your code, on the same device, access the same site and gets a different session cookie.

Anyway, did the logon work?  I see you got a 302 response, but did it eventually send what you wanted?  If so, the site clearly uses cookies to track the logon session, and you will have to send the same session cookie for each access until you log out.

Jeff
0
 

Author Comment

by:mavris
ID: 35197429
Sorry for the late response Jeff but it was 2 AM in my country! The POST was from my firefox and not for my iPhone. I will reply when I go home
0
 

Author Comment

by:mavris
ID: 35202442
Hey I am back..According to the developer of the ASIHTTPRequest:"If the server is sending a cookie, ASIHTTPRequest should normally manage this for you, and will include all valid cookies in the next request automatically."

Take a look at my last post(code) and tell me about the user, pass I am using! Is there any wrong paramater? I mean the user should be only txtUsername or something else?
0
 
LVL 1

Accepted Solution

by:
beakt earned 500 total points
ID: 35202560
OK, just wanted to ensure the cookie issue was out of the way.

Looking at this:

[request setPostValue:@"MYUSER" forKey:@"&HeaderLogin1%24CybeeUserName1%24txtUserName"];
[request setPostValue:@"MYPASS" forKey:@"&HeaderLogin1%24CybeePassword1%24txtPassword"];

It seems to literally be passing those % codes in the POST data.  I would expect it to show "&HeaderLogin1$CybeeUserName1$txtUserName", since this is how it appears on that page's source HTML.  Would you try that?

Also, you dropped the hidden input fields (__EVENTTARGET, __VIEWSTATE, etc.), which might be required.  Again, you might need to pull the value set in the page that is sent from your GET request, and send them back with your POST, in case the site somehow matches that to your IP.  Look for any other hidden input field in the site's form, and note the Javascript the page has that sets those values.  You might need to duplicate that in your code.

Can you try those and let us know what happens?

Jeff
0
 

Author Comment

by:mavris
ID: 35202731
OK just tried the to replace %24 with $ but nothing happened.
I declare also other vars as EVENTARGET etc and se the value the same with what I get from website.

This is http capture when I am login to the site with my firefox:
https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx

POST /miPortal/HeaderLoginBar.aspx HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx
Cookie: __utma=63534909.1332954431.1300484799.1300831988.1300914590.5; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .CMV_CYBEE_SESSIONID=hj5l0fa0fcybdw55jyadmsnq; ReturnID=; __utmb=63534909.4.10.1300914590; __utmc=63534909
Content-Type: application/x-www-form-urlencoded
Content-Length: 1412
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTY2OTQ4NzA2MA9kFgICAw9kFgICAw9kFgICAg9kFgQCAQ9kFgZmDxYCHgVzdHlsZWQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHgRUZXh0BRfOjM69zr%2FOvM6xIM6nz4HOrs%2BDz4TOt2RkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHgxFcnJvck1lc3NhZ2UFUs6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs%2BDz4TOtSDPhM6%2FIM%2BAzrXOtM6vzr8gIs6Mzr3Ov868zrEgzqfPgc6uz4PPhM63Ii5kZAIEDw8WBB4UVmFsaWRhdGlvbkV4cHJlc3Npb24FHV5bYS16QS1aXVthLXpBLVowLTlcLl17NSwxOX0kHwIFSc6kzr8gz4DOtc60zq%2FOvyAizozOvc6%2FzrzOsSDOp8%2BBzq7Pg8%2BEzrciIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus%2BFz4HOvy5kZAIDD2QWBmYPFgIfAGQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHwEFIc6az4nOtM65zrrPjM%2BCIM6gz4HPjM%2BDzrLOsc%2BDzrfPgmRkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHwIFXM6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs%2BDz4TOtSDPhM6%2FIM%2BAzrXOtM6vzr8gIs6az4nOtM65zrrPjM%2BCIM6gz4HPjM%2BDzrLOsc%2BDzrfPgiIuZGQCBA8PFgQfAwUdXlthLXpBLVpdW2EtekEtWjAtOVwuXXs1LDE5fSQfAgVTzqTOvyDPgM61zrTOr86%2FICLOms%2BJzrTOuc66z4zPgiDOoM%2BBz4zPg86yzrHPg863z4IiIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus%2BFz4HOvy5kZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUWSGVhZGVyTG9naW4xJGlidG5Mb2dpbrKGGP37YXPZFygqQ%2BdUJey3XyKr&__EVENTVALIDATION=%2FwEWBAL8jIKUDALw26eKDgLTorKcDgLkqLpragxv%2BSSTAdAG3T4JuaJUsUcWIB4%3D&HeaderLogin1%24CybeeUserName1%24txtUserName=MYUSER&HeaderLogin1%24CybeePassword1%24txtPassword=MYPASS&HeaderLogin1%24ibtnLogin.x=0&HeaderLogin1%24ibtnLogin.y=0
HTTP/1.1 302 Found
Date: Wed, 23 Mar 2011 21:38:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /Default.aspx?ID=234
Set-Cookie: .CMV_CYBEE_AUTH=7A38E7888DBC0298B584792A6CE16FC162B541C7B690170A8ED81725C7D8F4378C12597C94A396AAF91974201E8CA83957F7E468A508EFBFCF11D7C453DF6F5BA4AB2AADFD8D4B281BB1C667EC1F6BB2EE613007BA66D674E55D6CF562D1472CC94C3DD45712C06CB47590D7FF91FC792095F274; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 13256
----------------------------------------------------------
https://www.cytamobile-vodafone.com/Default.aspx?ID=234

GET /Default.aspx?ID=234 HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx
Cookie: __utma=63534909.1332954431.1300484799.1300831988.1300914590.5; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .CMV_CYBEE_SESSIONID=hj5l0fa0fcybdw55jyadmsnq; ReturnID=; __utmb=63534909.4.10.1300914590; __utmc=63534909; .CMV_CYBEE_AUTH=7A38E7888DBC0298B584792A6CE16FC162B541C7B690170A8ED81725C7D8F4378C12597C94A396AAF91974201E8CA83957F7E468A508EFBFCF11D7C453DF6F5BA4AB2AADFD8D4B281BB1C667EC1F6BB2EE613007BA66D674E55D6CF562D1472CC94C3DD45712C06CB47590D7FF91FC792095F274

HTTP/1.1 200 OK
Date: Wed, 23 Mar 2011 21:38:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
refresh: 0;URL=http://www.cytamobile-vodafone.com/Default.aspx?ID=234
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 183
----------------------------------------------------------
http://www.cytamobile-vodafone.com/Default.aspx?ID=234

GET /Default.aspx?ID=234 HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: __utma=63534909.1332954431.1300484799.1300831988.1300914590.5; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .CMV_CYBEE_SESSIONID=hj5l0fa0fcybdw55jyadmsnq; ReturnID=; __utmb=63534909.4.10.1300914590; __utmc=63534909; .CMV_CYBEE_AUTH=7A38E7888DBC0298B584792A6CE16FC162B541C7B690170A8ED81725C7D8F4378C12597C94A396AAF91974201E8CA83957F7E468A508EFBFCF11D7C453DF6F5BA4AB2AADFD8D4B281BB1C667EC1F6BB2EE613007BA66D674E55D6CF562D1472CC94C3DD45712C06CB47590D7FF91FC792095F274

HTTP/1.1 200 OK
Date: Wed, 23 Mar 2011 21:38:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ReturnID=; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37105
----------------------------------------------------------
http://www.cytamobile-vodafone.com/Default.aspx?ID=234

GET /Default.aspx?ID=234 HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.cytamobile-vodafone.com/Default.aspx?ID=234
Cookie: __utma=63534909.1332954431.1300484799.1300831988.1300914590.5; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .CMV_CYBEE_SESSIONID=hj5l0fa0fcybdw55jyadmsnq; ReturnID=; __utmb=63534909.4.10.1300914590; __utmc=63534909; .CMV_CYBEE_AUTH=7A38E7888DBC0298B584792A6CE16FC162B541C7B690170A8ED81725C7D8F4378C12597C94A396AAF91974201E8CA83957F7E468A508EFBFCF11D7C453DF6F5BA4AB2AADFD8D4B281BB1C667EC1F6BB2EE613007BA66D674E55D6CF562D1472CC94C3DD45712C06CB47590D7FF91FC792095F274

HTTP/1.1 200 OK
Date: Wed, 23 Mar 2011 21:38:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ReturnID=; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 37105
----------------------------------------------------------
http://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx

GET /miPortal/HeaderLoginBar.aspx HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.cytamobile-vodafone.com/Default.aspx?ID=234
Cookie: __utma=63534909.1332954431.1300484799.1300831988.1300914590.5; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .CMV_CYBEE_SESSIONID=hj5l0fa0fcybdw55jyadmsnq; ReturnID=; __utmb=63534909.4.10.1300914590; __utmc=63534909; .CMV_CYBEE_AUTH=7A38E7888DBC0298B584792A6CE16FC162B541C7B690170A8ED81725C7D8F4378C12597C94A396AAF91974201E8CA83957F7E468A508EFBFCF11D7C453DF6F5BA4AB2AADFD8D4B281BB1C667EC1F6BB2EE613007BA66D674E55D6CF562D1472CC94C3DD45712C06CB47590D7FF91FC792095F274

HTTP/1.1 302 Found
Date: Wed, 23 Mar 2011 21:38:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 181
----------------------------------------------------------
http://www.cytamobile-vodafone.com/miservices/myservices.aspx

GET /miservices/myservices.aspx HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.cytamobile-vodafone.com/Default.aspx?ID=234
Cookie: __utma=63534909.1332954431.1300484799.1300831988.1300914590.5; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .CMV_CYBEE_SESSIONID=hj5l0fa0fcybdw55jyadmsnq; ReturnID=; __utmb=63534909.4.10.1300914590; __utmc=63534909; .CMV_CYBEE_AUTH=7A38E7888DBC0298B584792A6CE16FC162B541C7B690170A8ED81725C7D8F4378C12597C94A396AAF91974201E8CA83957F7E468A508EFBFCF11D7C453DF6F5BA4AB2AADFD8D4B281BB1C667EC1F6BB2EE613007BA66D674E55D6CF562D1472CC94C3DD45712C06CB47590D7FF91FC792095F274

HTTP/1.1 200 OK
Date: Wed, 23 Mar 2011 21:38:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .CMV_CYBEE_ROLES=1ImlnK_d4T5xoiZI0f8c5ULRDw9WI39gE-XHK-2ay1J1ixKhwb-mYkAUTRs_Fr9VNwBXKzlOwuVH102HI_rDowCol97WgsqzQgHUgkdQeHvV6qGJLIme-jTyAlAONmW_O8IPekZSQOTDQBXudephmnb1V1YvQibfPuE1Lm4P8HGdbtLGEg1zRv2mgvFKs_yyij26d7xbBXKBLSqs5jt2wNjAEoPCDHaLqacltH22BM_JQtT44FiDI30nxMtomRukoAWwvVY4lpRqqStW195psM6UBoeH56-xzTDsjq6-bUrtClTmZooIXjkXDkgoGABonRce9VKXrb7dtaiPcDRj29VEn5t3N9EM9_-0faC1FyJ9gsWoponxJwpeHxxBbMUccHL45HUeKAAPLb3hGBMIsVUruZtg4cHQfYlL00WfYRmjOwj6t_RKI86fk1glA7dh5A4JReXwaqpW9IoE_oxePdiecacKnkjgt78oy_5f5bYcKwP9s6qufxxyTe7r1YrDVBPZcg2; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 20506
----------------------------------------------------------
https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx

GET /miPortal/HeaderLoginBar.aspx HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.cytamobile-vodafone.com/Default.aspx?ID=234
Cookie: __utma=63534909.1332954431.1300484799.1300831988.1300914590.5; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .CMV_CYBEE_SESSIONID=hj5l0fa0fcybdw55jyadmsnq; ReturnID=; __utmb=63534909.4.10.1300914590; __utmc=63534909; .CMV_CYBEE_AUTH=7A38E7888DBC0298B584792A6CE16FC162B541C7B690170A8ED81725C7D8F4378C12597C94A396AAF91974201E8CA83957F7E468A508EFBFCF11D7C453DF6F5BA4AB2AADFD8D4B281BB1C667EC1F6BB2EE613007BA66D674E55D6CF562D1472CC94C3DD45712C06CB47590D7FF91FC792095F274

HTTP/1.1 200 OK
Date: Wed, 23 Mar 2011 21:38:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .CMV_CYBEE_ROLES=CrtkNBkEfQmNUiq5IlL5SMuGEIcabpoD8AP8YZurCRy2PZc7lCQ5Qmf8Ed1EIuyN8OJQKX9tqFyI-LxiYATbva1L2B4wWwIjmnqvIoA9nzVAZcD1ESxIaULYoC6SAuye0L83lCsDvUyu7f99P4hN5rk-emA8hF1usoAlZcRi47LS2NoyL4dxUyq4XCDj3HRnIbxspSVxJlP_NxHlMOUqZkY_XA8_Mh5JoMeOR3eQdLYUYAYQEDDAYQJvIjxO3RWQgjsd3jwuC5YMlv78IcBk8-r28FMqjfzR-kvtlr-biYcPAzxs7FExV_ilxo36ylmtuzbnISXL8lYLugSIL2dn-WZNw6K6j4iifb5KYuFGx2hmleRrLpTwG5PulOpcYaB0qDtIwFR14UdZXoC0WHbIlWVxubgmv9jQjbK5oCVDqARCQEnzL5IB6iDjAl28DRYcGrDEjPIO6pZbGX8kT9zsJgO9jfV1guFEk11QoDU1trwU1g3pSMyuv0KecPyzg41KYLpQPg2; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 7904
----------------------------------------------------------
http://www.cytamobile-vodafone.com/cytamobilevodafone/cytaproducts/Slider.aspx?MenuOn=n&FamilySN1=1&cyta=n

GET /cytamobilevodafone/cytaproducts/Slider.aspx?MenuOn=n&FamilySN1=1&cyta=n HTTP/1.1
Host: www.cytamobile-vodafone.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.cytamobile-vodafone.com/miservices/myservices.aspx
Cookie: __utma=63534909.1332954431.1300484799.1300831988.1300914590.5; __utmz=63534909.1300484799.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); .CMV_CYBEE_SESSIONID=hj5l0fa0fcybdw55jyadmsnq; ReturnID=; __utmb=63534909.5.10.1300914590; __utmc=63534909; .CMV_CYBEE_AUTH=7A38E7888DBC0298B584792A6CE16FC162B541C7B690170A8ED81725C7D8F4378C12597C94A396AAF91974201E8CA83957F7E468A508EFBFCF11D7C453DF6F5BA4AB2AADFD8D4B281BB1C667EC1F6BB2EE613007BA66D674E55D6CF562D1472CC94C3DD45712C06CB47590D7FF91FC792095F274; .CMV_CYBEE_ROLES=CrtkNBkEfQmNUiq5IlL5SMuGEIcabpoD8AP8YZurCRy2PZc7lCQ5Qmf8Ed1EIuyN8OJQKX9tqFyI-LxiYATbva1L2B4wWwIjmnqvIoA9nzVAZcD1ESxIaULYoC6SAuye0L83lCsDvUyu7f99P4hN5rk-emA8hF1usoAlZcRi47LS2NoyL4dxUyq4XCDj3HRnIbxspSVxJlP_NxHlMOUqZkY_XA8_Mh5JoMeOR3eQdLYUYAYQEDDAYQJvIjxO3RWQgjsd3jwuC5YMlv78IcBk8-r28FMqjfzR-kvtlr-biYcPAzxs7FExV_ilxo36ylmtuzbnISXL8lYLugSIL2dn-WZNw6K6j4iifb5KYuFGx2hmleRrLpTwG5PulOpcYaB0qDtIwFR14UdZXoC0WHbIlWVxubgmv9jQjbK5oCVDqARCQEnzL5IB6iDjAl28DRYcGrDEjPIO6pZbGX8kT9zsJgO9jfV1guFEk11QoDU1trwU1g3pSMyuv0KecPyzg41KYLpQPg2
If-Modified-Since: Wed, 23 Mar 2011 20:41:00 GMT

HTTP/1.1 304 Not Modified
Connection: close
Date: Wed, 23 Mar 2011 21:38:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=163
Expires: Wed, 23 Mar 2011 21:41:00 GMT
Last-Modified: Wed, 23 Mar 2011 20:41:00 GMT
Vary: *
----------------------------------------------------------
http://www.google-analytics.com/__utm.gif?utmwv=4.8.9&utmn=101390574&utmhn=www.cytamobile-vodafone.com&utmcs=UTF-8&utmsr=1440x900&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.1%20r102&utmdt=Cytamobile-Vodafone&utmhid=1029907452&utmr=0&utmp=%2FDefault.aspx%3FID%3D234&utmac=UA-5559015-1&utmcc=__utma%3D63534909.1332954431.1300484799.1300831988.1300914590.5%3B%2B__utmz%3D63534909.1300484799.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=D

GET /__utm.gif?utmwv=4.8.9&utmn=101390574&utmhn=www.cytamobile-vodafone.com&utmcs=UTF-8&utmsr=1440x900&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.1%20r102&utmdt=Cytamobile-Vodafone&utmhid=1029907452&utmr=0&utmp=%2FDefault.aspx%3FID%3D234&utmac=UA-5559015-1&utmcc=__utma%3D63534909.1332954431.1300484799.1300831988.1300914590.5%3B%2B__utmz%3D63534909.1300484799.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=D HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.0.19) Gecko/2010031218 Firefox/3.0.19
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.cytamobile-vodafone.com/Default.aspx?ID=234

HTTP/1.1 200 OK
Date: Wed, 23 Mar 2011 14:01:49 GMT
Content-Length: 35
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Content-Type: image/gif
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Server: GFE/2.0
----------------------------------------------------------

Open in new window



and this is my code:
-(IBAction) buttonpressed { 
    
    NSURL *url = [NSURL URLWithString:@"https://www.cytamobile-vodafone.com/miPortal/HeaderLoginBar.aspx"];
    
    ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
    [request setShouldRedirect:YES]; 
    [request setPostValue:@"&" forKey:@"__EVENTTARGET"];
    [request setPostValue:@"&" forKey:@"__EVENTARGUMENT"];
    [request setPostValue:@"%2FwEPDwUKMTY2OTQ4NzA2MA9kFgICAw9kFgICAw9kFgICAg9kFgQCAQ9kFgZmDxYCHgVzdHlsZWQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHgRUZXh0BRfOjM69zr%2FOvM6xIM6nz4HOrs%2BDz4TOt2RkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHgxFcnJvck1lc3NhZ2UFUs6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs%2BDz4TOtSDPhM6%2FIM%2BAzrXOtM6vzr8gIs6Mzr3Ov868zrEgzqfPgc6uz4PPhM63Ii5kZAIEDw8WBB4UVmFsaWRhdGlvbkV4cHJlc3Npb24FHV5bYS16QS1aXVthLXpBLVowLTlcLl17NSwxOX0kHwIFSc6kzr8gz4DOtc60zq%2FOvyAizozOvc6%2FzrzOsSDOp8%2BBzq7Pg8%2BEzrciIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus%2BFz4HOvy5kZAIDD2QWBmYPFgIfAGQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHwEFIc6az4nOtM65zrrPjM%2BCIM6gz4HPjM%2BDzrLOsc%2BDzrfPgmRkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHwIFXM6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs%2BDz4TOtSDPhM6%2FIM%2BAzrXOtM6vzr8gIs6az4nOtM65zrrPjM%2BCIM6gz4HPjM%2BDzrLOsc%2BDzrfPgiIuZGQCBA8PFgQfAwUdXlthLXpBLVpdW2EtekEtWjAtOVwuXXs1LDE5fSQfAgVTzqTOvyDPgM61zrTOr86%2FICLOms%2BJzrTOuc66z4zPgiDOoM%2BBz4zPg86yzrHPg863z4IiIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus%2BFz4HOvy5kZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUWSGVhZGVyTG9naW4xJGlidG5Mb2dpbrKGGP37YXPZFygqQ%2BdUJey3XyKr&" forKey:@"__VIEWSTATE"];
    [request setPostValue:@"%2FwEWBAL8jIKUDALw26eKDgLTorKcDgLkqLpragxv%2BSSTAdAG3T4JuaJUsUcWIB4%3D&" forKey:@"__EVENTVALIDATION"];
    [request setPostValue:@"MYUSER" forKey:@"HeaderLogin1%24CybeeUserName1%24txtUserName&"];
    [request setPostValue:@"MYPASS" forKey:@"HeaderLogin1%24CybeePassword%24txtPassword&"];
    [request setPostValue:@"0" forKey:@"HeaderLogin1%24ibtnLogin.x&"];
    [request setPostValue:@"0" forKey:@"HeaderLogin1%24ibtnLogin.y"];
    [request setDelegate:self];
    [request startAsynchronous];

Open in new window


What I am missing here?
0
 
LVL 1

Expert Comment

by:beakt
ID: 35202766
I'm a little confused... your code shows hard-coded values for EVENTTARGET, etc.  Can you post the code that shows that it inserts the values received from the website on your first request?

Also, when you say nothing happens, can you capture exactly what the website sends back when you're posting through your app?

Jeff
0
 

Author Comment

by:mavris
ID: 35202838
"Can you post the code that shows that it inserts the values received from the website on your first request?" what do you mean?

If I send the values for eventarget etc I am getting a response string(the website in txt) and it says " The service is not available at the moment.". When I am POSTing user pass and ibtnlogin values its just loading the homepage.

I attached a screenshot. I am sending back these values to the server (using Replay from Live HTTP Capture addin for Firefox" and is login!! So I need everything that send after VIEWSTATE. Headers and cookies are managed by the class according to the developer of ASIHTTPRequest. POST from Firefox POST from Firefox
0
 

Author Comment

by:mavris
ID: 35202855
It seems that something is going wrong with image.
 firefox
0
 

Author Comment

by:mavris
ID: 35202935
I want to cancel the request for closing this question
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 1

Expert Comment

by:beakt
ID: 35202975
Right, ok, I see that.  I'm not talking about headers or cookies any more.  I think we established those are ok.

And now I can see that FireFox sends the %24, and that's working.

What I'm concerned about is the value for __VIEWSTATE and __EVENTVALIDATION.  See, I have a feeling the site generates some values for these, sends them to you, and then the values checked when they come back.  __VIEWSTATE starts with a value set already in a hidden field, and it seems like the page modifies them using JavaScript when you click the login button on their page.  What I meant by "Can you post the code that shows that it inserts the values received from the website on your first request?" is this:  It seems you hard-coded values to return for those fields in your code, and this wouldn't work if the website is tracking the value it expects.  I'm wondering if you can figure a way to capture what the website sends, and return that value as a variable.

Jeff
0
 

Author Comment

by:mavris
ID: 35203028
I am not good in web development(as you can see :P) but this is the source code for login form:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><link href="../App_Themes/Default/Default.css" type="text/css" rel="stylesheet" /><title>
	Untitled Page
</title><link href="../App_Themes/Default/Default.css" type="text/css" rel="stylesheet" /></head>
<body style="background-color: white; text-align: center; padding-right: 0px; padding-left: 0px;
  padding-bottom: 0px; margin: 0px; padding-top: 0px;">
  <form name="frmHeaderLogin" method="post" action="HeaderLoginBar.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="frmHeaderLogin">
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTY2OTQ4NzA2MA9kFgICAw9kFgICAw9kFgICAg9kFgQCAQ9kFgZmDxYCHgVzdHlsZWQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHgRUZXh0BRfOjM69zr/OvM6xIM6nz4HOrs+Dz4TOt2RkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHgxFcnJvck1lc3NhZ2UFUs6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs+Dz4TOtSDPhM6/IM+AzrXOtM6vzr8gIs6Mzr3Ov868zrEgzqfPgc6uz4PPhM63Ii5kZAIEDw8WBB4UVmFsaWRhdGlvbkV4cHJlc3Npb24FHV5bYS16QS1aXVthLXpBLVowLTlcLl17NSwxOX0kHwIFSc6kzr8gz4DOtc60zq/OvyAizozOvc6/zrzOsSDOp8+Bzq7Pg8+EzrciIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus+Fz4HOvy5kZAIDD2QWBmYPFgIfAGQWAmYPZBYEZg8WAh8AZBYCAgEPDxYCHwEFIc6az4nOtM65zrrPjM+CIM6gz4HPjM+DzrLOsc+DzrfPgmRkAgEPZBYCAgEPD2QWAh8ABQx3aWR0aDoxMDBweDtkAgIPDxYCHwIFXM6gzrHPgc6xzrrOsc67z44gz4PPhc68z4DOu863z4HPjs+Dz4TOtSDPhM6/IM+AzrXOtM6vzr8gIs6az4nOtM65zrrPjM+CIM6gz4HPjM+DzrLOsc+DzrfPgiIuZGQCBA8PFgQfAwUdXlthLXpBLVpdW2EtekEtWjAtOVwuXXs1LDE5fSQfAgVTzqTOvyDPgM61zrTOr86/ICLOms+JzrTOuc66z4zPgiDOoM+Bz4zPg86yzrHPg863z4IiIM60zrXOvSDOtc6vzr3Osc65IM6tzrPOus+Fz4HOvy5kZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUWSGVhZGVyTG9naW4xJGlidG5Mb2dpbrKGGP37YXPZFygqQ+dUJey3XyKr" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['frmHeaderLogin'];
if (!theForm) {
    theForm = document.frmHeaderLogin;
}
function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
        theForm.__EVENTTARGET.value = eventTarget;
        theForm.__EVENTARGUMENT.value = eventArgument;
        theForm.submit();
    }
}
//]]>
</script>


<script src="/WebResource.axd?d=uJdRG7NcC_N8Ov8AlV8ni5nm1HId2SJLV46fH0UvVeUgE79ecIURJABsyWIHGciV6pPEQmNCJLQk3nqfeRrW1joJdSY1&amp;t=634230040036870760" type="text/javascript"></script>


<script src="/ScriptResource.axd?d=I7YDmzhufdF_AerCYKnRuUCdFwE7-hyMRgB_x9QLsFgppxnH_iPKApUuvQiEeI6testwQpoKQwGaxDdPNwGCVirPIFhfresh_uPAIAgtCp05CAprQl3rwqWzFwJWp0o_YlQ1xk4u-_rHDbr1O66gBxkGELs1&amp;t=7a880311" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=beG5VhStS1hmo2C7xm1u0SKmJ_Hqv2I9PiTAISlpaT6CrPHbAoG-qo_boRyzGc5qKSDFKZc9D3GNF-0KtmsHW1cLIxuQwKNMW7OaiAxxjHh8a7Pfqdeb0Zo9SsMojexWWcMhE8W90eTLarSAhpj_fiFpkDM1&amp;t=ffffffffcf34e83d" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=I_NiP99X73RLy5ei-P7hNa0U7CzuM38NiISfw8S2NMb7AjrXUjGHiqSaG_VEE6FUlKL0CKkTMPPdKMGFfp7CTM65a7DXCfCwjEx5dlPjM1v8bf5PNxmCbJ1SCSHO7nC-VM9_cxqyj2omkWa4Me9j53ocoKuO8PGZWuxqBHVUWh7Ex3q50&amp;t=ffffffffcf34e83d" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
function WebForm_OnSubmit() {
if (typeof(ValidatorOnSubmit) == "function" && ValidatorOnSubmit() == false) return false;
return true;
}
//]]>
</script>

<div>

	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBAL8jIKUDALw26eKDgLTorKcDgLkqLpragxv+SSTAdAG3T4JuaJUsUcWIB4=" />
</div>
    <table align="center" cellpadding="0" cellspacing="0" border="0"  style="width: 99%;
      text-align: left; background:white;">
      <tr>
        <td class="OutLinebox">
         <script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ScriptManager2', document.getElementById('frmHeaderLogin'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls([], [], [], 90);
//]]>
</script>

          
<div id="HeaderLogin1_pnlAnonymous">
	
    <table cellpadding="0" cellspacing="0" border="0" width="100%">

        <tr>
            <td>
                <table cellpadding="0" cellspacing="0" border="0" width="100%">
                    <tr>
                        <td>
                            <table cellpadding="0" cellspacing="0" border="0">
                                <tr>
                                    <td>
                                        <table id="HeaderLogin1_CybeeUserName1_MainTable" class="UserControl">

		<tr class="UserControl">
			<td align="right" class="UserControl">
      <span id="HeaderLogin1_CybeeUserName1_lblUsername" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif;font-size:11px;">¿¿¿µa ¿¿¿st¿</span>
    </td>
			<td align="left" class="UserControl">
      <input name="HeaderLogin1$CybeeUserName1$txtUserName" type="text" maxlength="20" id="HeaderLogin1_CybeeUserName1_txtUserName" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif;font-size:11px;width:100px;" />
    </td>
		</tr>

	</table>
	
<span id="HeaderLogin1_CybeeUserName1_rfvUsername" style="color:Red;display:none;"></span>
<span id="HeaderLogin1_CybeeUserName1_revUserName" style="color:Red;display:none;"></span>
                                    </td>
                                    <td>
                                        <table id="HeaderLogin1_CybeePassword1_MainTable" class="UserControl">
		<tr class="UserControl">
			<td align="right" class="UserControl">
      <span id="HeaderLogin1_CybeePassword1_lblPassword" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif;font-size:11px;">¿¿d¿¿¿¿ ¿¿¿sßas¿¿</span>

    </td>
			<td align="left" class="UserControl">
      <input name="HeaderLogin1$CybeePassword1$txtPassword" type="password" maxlength="20" id="HeaderLogin1_CybeePassword1_txtPassword" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif;font-size:11px;width:100px;" />     
    </td>
		</tr>
	</table>
	
<span id="HeaderLogin1_CybeePassword1_rfvPassword" style="color:Red;display:none;"></span>
<span id="HeaderLogin1_CybeePassword1_revPassword" style="color:Red;display:none;"></span>
                                    </td>
                                    <td class="smallLinks">

                                        <input type="image" name="HeaderLogin1$ibtnLogin" id="HeaderLogin1_ibtnLogin" src="../cmImages/login.gif" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions(&quot;HeaderLogin1$ibtnLogin&quot;, &quot;&quot;, true, &quot;&quot;, &quot;&quot;, false, false))" style="border-width:0px;" /><div id="HeaderLogin1_ValidationSummary1" style="color:Red;display:none;">

	</div>
                                    </td>
                                </tr>
                            </table>
                        </td>
                        <td class="smallLinks" width="27%" align="right">
                            <a href="/Default.aspx?id=211" target="_top" style="vertical-align: middle">

                                ¿e¿¿sate t¿¿ ¿¿d¿¿¿ sa¿;
                                <img src="/cmImages/bullet-button.gif" width="16" height="15" alt="GO" border="0"
                                    style="vertical-align: middle" /></a>
                        </td>
                    </tr>
                </table>
            </td>
            <td align="right" style="width: 95px;" class="smallLinks">
                <a href="/Default.aspx?id=212" target="_top" style="vertical-align: middle">
                    ¿GG¿¿F¿
                    <img src="/cmImages/bullet-button.gif" width="16" height="15" alt="GO" border="0"
                        style="vertical-align: middle" /></a>

            </td>
        </tr>
    </table>

</div>

        </td>
      </tr>
    </table>
  
<script type="text/javascript">
//<![CDATA[
var Page_ValidationSummaries =  new Array(document.getElementById("HeaderLogin1_ValidationSummary1"));
var Page_Validators =  new Array(document.getElementById("HeaderLogin1_CybeeUserName1_rfvUsername"), document.getElementById("HeaderLogin1_CybeeUserName1_revUserName"), document.getElementById("HeaderLogin1_CybeePassword1_rfvPassword"), document.getElementById("HeaderLogin1_CybeePassword1_revPassword"));
//]]>

</script>

<script type="text/javascript">
//<![CDATA[
var HeaderLogin1_CybeeUserName1_rfvUsername = document.all ? document.all["HeaderLogin1_CybeeUserName1_rfvUsername"] : document.getElementById("HeaderLogin1_CybeeUserName1_rfvUsername");
HeaderLogin1_CybeeUserName1_rfvUsername.controltovalidate = "HeaderLogin1_CybeeUserName1_txtUserName";
HeaderLogin1_CybeeUserName1_rfvUsername.errormessage = "¿a¿a¿a¿¿ s¿µp¿¿¿¿ste t¿ ped¿¿ \"¿¿¿µa ¿¿¿st¿\".";
HeaderLogin1_CybeeUserName1_rfvUsername.display = "None";
HeaderLogin1_CybeeUserName1_rfvUsername.evaluationfunction = "RequiredFieldValidatorEvaluateIsValid";
HeaderLogin1_CybeeUserName1_rfvUsername.initialvalue = "";
var HeaderLogin1_CybeeUserName1_revUserName = document.all ? document.all["HeaderLogin1_CybeeUserName1_revUserName"] : document.getElementById("HeaderLogin1_CybeeUserName1_revUserName");
HeaderLogin1_CybeeUserName1_revUserName.controltovalidate = "HeaderLogin1_CybeeUserName1_txtUserName";
HeaderLogin1_CybeeUserName1_revUserName.errormessage = "¿¿ ped¿¿ \"¿¿¿µa ¿¿¿st¿\" de¿ e¿¿a¿ ¿¿¿¿¿¿.";
HeaderLogin1_CybeeUserName1_revUserName.display = "None";
HeaderLogin1_CybeeUserName1_revUserName.evaluationfunction = "RegularExpressionValidatorEvaluateIsValid";
HeaderLogin1_CybeeUserName1_revUserName.validationexpression = "^[a-zA-Z][a-zA-Z0-9\\.]{5,19}$";
var HeaderLogin1_CybeePassword1_rfvPassword = document.all ? document.all["HeaderLogin1_CybeePassword1_rfvPassword"] : document.getElementById("HeaderLogin1_CybeePassword1_rfvPassword");
HeaderLogin1_CybeePassword1_rfvPassword.controltovalidate = "HeaderLogin1_CybeePassword1_txtPassword";
HeaderLogin1_CybeePassword1_rfvPassword.errormessage = "¿a¿a¿a¿¿ s¿µp¿¿¿¿ste t¿ ped¿¿ \"¿¿d¿¿¿¿ ¿¿¿sßas¿¿\".";
HeaderLogin1_CybeePassword1_rfvPassword.display = "None";
HeaderLogin1_CybeePassword1_rfvPassword.evaluationfunction = "RequiredFieldValidatorEvaluateIsValid";
HeaderLogin1_CybeePassword1_rfvPassword.initialvalue = "";
var HeaderLogin1_CybeePassword1_revPassword = document.all ? document.all["HeaderLogin1_CybeePassword1_revPassword"] : document.getElementById("HeaderLogin1_CybeePassword1_revPassword");
HeaderLogin1_CybeePassword1_revPassword.controltovalidate = "HeaderLogin1_CybeePassword1_txtPassword";
HeaderLogin1_CybeePassword1_revPassword.errormessage = "¿¿ ped¿¿ \"¿¿d¿¿¿¿ ¿¿¿sßas¿¿\" de¿ e¿¿a¿ ¿¿¿¿¿¿.";
HeaderLogin1_CybeePassword1_revPassword.display = "None";
HeaderLogin1_CybeePassword1_revPassword.evaluationfunction = "RegularExpressionValidatorEvaluateIsValid";
HeaderLogin1_CybeePassword1_revPassword.validationexpression = "^[a-zA-Z][a-zA-Z0-9\\.]{5,19}$";
var HeaderLogin1_ValidationSummary1 = document.all ? document.all["HeaderLogin1_ValidationSummary1"] : document.getElementById("HeaderLogin1_ValidationSummary1");
HeaderLogin1_ValidationSummary1.showmessagebox = "True";
HeaderLogin1_ValidationSummary1.showsummary = "False";
//]]>
</script>


<script type="text/javascript">
//<![CDATA[

var Page_ValidationActive = false;
if (typeof(ValidatorOnLoad) == "function") {
    ValidatorOnLoad();
}

function ValidatorOnSubmit() {
    if (Page_ValidationActive) {
        return ValidatorCommonOnSubmit();
    }
    else {
        return true;
    }
}
        
document.getElementById('HeaderLogin1_ValidationSummary1').dispose = function() {
    Array.remove(Page_ValidationSummaries, document.getElementById('HeaderLogin1_ValidationSummary1'));
}
Sys.Application.initialize();

document.getElementById('HeaderLogin1_CybeeUserName1_rfvUsername').dispose = function() {
    Array.remove(Page_Validators, document.getElementById('HeaderLogin1_CybeeUserName1_rfvUsername'));
}

document.getElementById('HeaderLogin1_CybeeUserName1_revUserName').dispose = function() {
    Array.remove(Page_Validators, document.getElementById('HeaderLogin1_CybeeUserName1_revUserName'));
}

document.getElementById('HeaderLogin1_CybeePassword1_rfvPassword').dispose = function() {
    Array.remove(Page_Validators, document.getElementById('HeaderLogin1_CybeePassword1_rfvPassword'));
}

document.getElementById('HeaderLogin1_CybeePassword1_revPassword').dispose = function() {
    Array.remove(Page_Validators, document.getElementById('HeaderLogin1_CybeePassword1_revPassword'));
}
//]]>
</script>
</form>
</body>
</html>

Open in new window

0
 
LVL 1

Expert Comment

by:beakt
ID: 35203082
Yes, that code you just posted is exactly what I was referring to.  Apparently, the __VIEWSTATE variable has a fixed value, because all that jibberish on line 12 is exactly what I see when I access the page.  So it's static.  Same for __EVENTVALIDATION (a little lower in the source code).

You know, looking at it again, FireFox only sent back __VIEWSTATE and __EVENTVALIDATION, and you did send those in your code.

Maybe it is working, though, but having problems with a redirection.  Can you capture the headers sent back to your app after you POST the data, and then post it here?

Jeff
0
 

Author Comment

by:mavris
ID: 35203128
This is the result:
2011-03-24 00:39:44.128 cybee[2669:207] Output = <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>ErrorPage</title>
  <link href="App_Themes/Default/Default.css" rel="stylesheet" type="text/css" />
  <meta http-equiv="Content-Type" content="text/html; charset=windows-1253"/>
</head>
<body>
  <table cellspacing="0" cellpadding="5" width="100%" border="0">
    <tr align="center">
      <td valign="middle">
        <table id="Table1" cellspacing="0" cellpadding="3" border="0">
          <tr>
            <td>
              &nbsp;</td>
          </tr>
          <tr>
            <td>
              <img alt="" src="../miPortal/cmImages/header1/dual-logo.jpg" /></td>
          </tr>
          <tr style="height: 15">
            <td>
            </td>
          </tr>
          <tr>
            <td align="left">
              <span class="br2">The service is not available at the moment.<br />
              </span>Please try again later ïr Contact Cyta call center at 132.
            </td>
          </tr>
          <tr style="height: 35">
            <td>
            </td>
          </tr>
          <tr>
            <td align="left">
              <span class="br2">Ç õðçñåóßá äåí åßíáé äéáèÝóéìç áõôÞ ôç óôéãìÞ.<br />
              </span>Ðáñáêáëþ äïêéìÜóôå áñãüôåñá Þ åðéêïéíùíÞóôå ìå ôï ÊÝíôñï ÔçëåöùíéêÞò ÅîõðçñÝôçóçò
              Ðåëáôþí Cyta óôï 132.
            </td>
          </tr>
        </table>
      </td>
    </tr>
  </table>
</body>
</html>

Open in new window

If it was ok it should redirect and response the redirected site. I check it yesterday with another website and it was working fine(simple login).
Maybe is the syntax in my code?
0
 
LVL 1

Expert Comment

by:beakt
ID: 35203204
OK, this is interesting.  It's definitely responding.  Did you see the HTTP code the server sent in the header, before the Error Page?  Just curious if it's a 500 code or anything.

Not sure how syntax in your code would generate something saying service is not available.  But, if it always does this with your app, and never on another browser, it must be something with the way it's presenting the information.

Jeff
0
 

Author Comment

by:mavris
ID: 35203275
OK I have disable the redirection and I am getting when I request status code:

2011-03-24 01:01:52.052 cybee[3050:207] Output = HTTP/1.1 302 Found

I dont know if this or good but this is what the server have to response right?

When I am requesting the response string(wiht redirection turned off) I am getting this:

011-03-24 01:03:25.107 cybee[3086:207] Output = <html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fErrorPage.htm%3faspxerrorpath%3d%2fmiPortal%2fHeaderLoginBar.aspx">here</a>.</h2>
</body></html>
0
 
LVL 1

Expert Comment

by:beakt
ID: 35203289
Yeah, so it definitely looks deliberate on their part.  Can you communicate with the web server's programmers and find out what would cause them to generate this error page?

I'm at a loss at this point.  It must be something in there, but it seems like your code is sending everything right.  Unless we're just missing something.

Jeff
0
 

Author Comment

by:mavris
ID: 35203360
I have check my old POST and this VIEWSTATE had a different value. Anw the point is that know have the same value and something is going wrong!
0
 
LVL 1

Expert Comment

by:beakt
ID: 35203472
Can you communicate with the server owner?
0
 

Author Comment

by:mavris
ID: 35203480
I will try but cyta-voda is like AT&T for US so...
Bytheway 302 found is for redirecting..
0
 
LVL 1

Expert Comment

by:beakt
ID: 35203512
OK, I didn't realize that about cyta-voda.

Yes, the 302 is the same in this situation as 200.  I was curious if it showed 403 or something.

Sorry I couldn't help you get to the solution here.  Please post again if you figure anything else out.  We must be close.

Jeff

0
 

Author Comment

by:mavris
ID: 35203566
OK Jeff thanks for the help. You help me a lot. I think you diserve the points!
0
 

Author Closing Comment

by:mavris
ID: 35203582
Excellent and very helpful
0
 

Author Comment

by:mavris
ID: 35203590
Btw can enyone remove my second comment because I forgot to replace my credentials with mypass or myuseR?
0
 
LVL 1

Expert Comment

by:beakt
ID: 35207340
Thanks mavris.  I hope you get it working.

I think you should just change your password on that site if you really did post your real one on here!

Jeff
0
 

Author Comment

by:mavris
ID: 35208057
I have already change it!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
Ever wanted to watch videos in your computer from the bed without the need of standing up and shutting down the computer?  Is your computers operating system Windows XP, Windows Vista or Windows 7?  Do you own a iOS device? If all the answers were y…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now