I have a little problem: I need to get the source of a website in an android app, but to view the website I have to be logged in. I tried some ways, but it is not working. It is a little bit complicated, because it must work like this:
1. Log in on domain abcd.ef
2. Go to ghij.kl/internal
3. Go to ghij.kl/secure/data.php
3. Go to ghij.kl/secure/data/1.html and save source as string
I already tried to login via POST on abcd.ef, save cookies etc and use them on a new connection to ghij.kl, but that is not working, I receive error 403 from the website. I think the website checks the referrer, but I am not sure and I really need help of (or from?) some experts.
Sincerely,
atom_dad
Related
We use AWS to store aduio/video content for our website.
We us the Signed Cookies Using a Canned Policy:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-canned-policy.html
So we have 3 cookies set for each request to retrieve the data:
CloudFront-Policy;
CloudFront-Signature;
CloudFront-Key-Pair-Id;
And it is used to access a resource URL like http://cloudfront.org_name.com/2016%2F7%2F1%2FStanding+Meditation_updated+91615.mp3
All three cookies are set by the server (Java-based) for each request anew to a correct pre-set value.
It all works most of the time for most of the content, but for some resources it just fails with a 403 Forbidden error.
If I open two contents (one working, one not) in separate browser tabs, all the cookies and the rest look exactly the same, except for the resource URL.
And yet - one works, while the other does not.
What is even more confusing, sometimes the same resource requested from the same physical client machine, once in FF, other time in Chrome, works in one browser but fails in other one.
Also, sometimes clearing user browser cookies works, the other time it fails, with no discernible pattern.
It's been driving me insane as I struggle to see what's wrong.
Can anyone provide any insight as to what the reason could be and what remedies could be tried?
Okay, the answer is in my reply to Michael:
I noticed later on that the resource URLs for working and failing content were different. Pretty close to not spot the difference on the first sight, but diffrent. Everything was the same - cookes, headers, other parameters. But I was comparing 2 different contents. First URL always worked, second always failed.
Lesson learnt: carefully curl the two resources and analyse the uRLS to see what actually is different.
A tip: use Chrome's development tools to derive curl commands:
Right click on the failing URL -> Copy-> Copy as cURL. Then paste in command line to test.
BTW, we just re-uploaded the failing resource and updated the referring web page - everything works again.
I am requesting an url https://openload.co/embed/igJtWFnw8Jk/
from android which is consisting of ads this link automatically redirects to an ad page but not getting the original link.I have searched it every where but no help.can anyone give me a solution for this kind of problem
That redirecting is not up to you. I guess it is implemented on the server side (PHP etc.), so that you have no influence on that. It is supposed to behave that way.
I guess the only thing you can do is to get the redirected address and block the redirecting, as soon as the address changes.
I'm working on a Java application that need's to be able to connect to my University's websites containing my student information. I'm not exactly sure how to go about doing this as the websites framework is Seam which I don't have any experience with.
This is the main link
https://elion.psu.edu/
and after clicking on student this is the link that I actually need to login to.
https://webaccess.psu.edu/?cosign-elionnx.ais.psu.edu&https://elionnx.ais.psu.edu/eLionStudent/secure/elionHome.seam
Does anyone know how to open the second link (student login page) and programmatically enter the username/password, thne 'click' log in?
There's a lot more stuff that needs to be done after the log in but I'm sure I can figure it out if someone could shed a little light on how I should go about doing this.
Thanks,
-Justin
Basically it looks like an application/x-www-form-urlencoded 'POST' to the URL:
https://webaccess.psu.edu/?cosign-elionnx.ais.psu.edu&https://elionnx.ais.psu.edu/eLionStudent/secure/elionHome.seam
It could be reproduced programatically by making an HTTP POST request (ensure to set the Content-Type Header to application/x-www-form-urlencoded) to that address, and posting the encoded form data. Which would look like this if you tried to submit the login 'asd' and password 'sdf':
ref=https%3A%2F%2Felionnx.ais.psu.edu%2FeLionStudent%2Fsecure%2FelionHome.seam&service=cosign-elionnx.ais.psu.edu&required=&login=asd&password=sdf
A good way to figure out this information (If you are using Chrome) is open the developer-tools and go to the network tab. Check the 'preserve-log' box and then try to submit something on the web page. The very first thing in the list for me was the POST request it attempted to login. By clicking on that you can see lots of detailed information about the actual request itself.
Hope this helps!
I am trying to update an app that I wrote for Android that will automatically log a user into a captive portal at my university. The app worked fine last year with the portal URL hard coded in, however this year that won't work because they changed the server URL, I know what the URL is, so I simply changed it in my program ... which sort of works
There are two main problems, for me, with this approach.
hard coding is a pain in the ass to do every year, I also want to be able to make it future proof, so that hard coding the URL won't be necessary
for some unexplainable reason there are actually buildings on campus that will direct to the OLD authentication server, it truly boggles my mind why it would do that
I would like to be able to make an HTTP request and get the URL of the captive portal that is redirected to, how is that done?
Captive portals generally will intercept users' HTTP requests and issue a "fake" redirect to the portal's authentication page. Or they can simply replace the actual response with the login page.
If yours is a redirect-to-login, then simply do something like trying to load http://google.com, which can reasonably be expected to be truly available for at least the next few years. If the response comes in as a redirect to some totally different site, the redirect url is highly likely to be the portal's login page.
If it's a replace-the-response-with-login, then you should try to contact a known page with some known content, and see what you get back. if the response you got doesn't match you should have gotten, then you've gotten the login page and can try tearing apart the response and finding the login form via DOM operations.
Captivate portals uses 2 methods.
as described above. http redirect so the gateway takes you to another address.
ICMP - sending "better route" message
Still from my exprience on cases where non simple redirect happens the approach of expecting the redirect won't work.
I am working on a homework assignment that is due shortly and I have searched and searched and searched for the answer to this and I just don't know where to go at this point.
I am using Eclipse Juno, with Tomcat 7.0 and a MySql database. I have to develop a web application for a pizza place. I have pretty much everything working so will only post the code here if requested since there is a ton.
My problem is I have a login form that calls the j_security_check, which works just fine. However, when the user is logged in they are taken to a customer form which is supposed to display their name, address, phone number and give them the option of editing any of it or just starting their order. My problem is I need to get the j_username and pull the customer information from my database to populate the form when the user is redirected from the login page to the customer.jsp page. We are not supposed to use <% ----- %> in our code if we can help it and to keep that in servlets. I just am lost on how to get that j_username and then call a servlet to populate the form (I can do the population if I can get the data).
HELP PLEASE!!! I know I am missing something really simple here and it is driving me nuts.
Ok I have tried the demo you sent and actually found another demo with the FORM like my project. I still cannot get it to work. I am a little lost. When I do the demo exactly as they have it the servlet generates text and outputs it. I was able to change it to a requestDispatcher and send it to the page I need it to go to on the login. The demo just has it going to the url host.../YourProject/test not an actual page. I am lost on how to get it to call the servlet so I can grab the header information with my project. I have the servlet LoginUser I want the user to login on login.jsp and there is a login_error.jsp in case of an error. When the user successfully log's in they should be taken to customer.jsp and the fields on the page populated with their data. I need to change this to use SSL too but haven't got there yet I am still trying to get the data for the customer.
I suspect what you're using is basic authentication in Tomcat. Check out this post for instructions. In summary, you'll need to grab the authentication header from the servlet request and parse it to grab the username (first you'll likely need to base64 decode it). Then you can use that username to look up the necessary information in the database.