473,604 Members | 2,481 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Is this possible? Login to remote site using cURL, then pass credentials to browser.

JDS
So, I'd like to create the following scenario:

1) Use cURL library within PHP (cURL + "Cookie Jar", et.al) to create a
virtual browser session that "logs in" to a remote site. (For example:

here:
http://curl.haxx.se/libcurl/php/examples/cookiejar.html

and here:
http://curl.haxx.se/libcurl/php/exam...bay_login.html
2) Save the login credentials -- cookies, session vars, whatever -- and
pass that to the web browser so that now the web browser is logged in.

Is that possible?

How can one take the values in the cookie jar and create the same cookies
in the browser session?

etc.

Thanks!

--
JDS

May 15 '07 #1
3 10354
On May 15, 6:01 pm, JDS <jeff...@invali d.addresswrote:
So, I'd like to create the following scenario:

1) Use cURL library within PHP (cURL + "Cookie Jar", et.al) to create a
virtual browser session that "logs in" to a remote site. (For example:

here:http://curl.haxx.se/libcurl/php/examples/cookiejar.html

and here:http://curl.haxx.se/libcurl/php/exam...bay_login.html

2) Save the login credentials -- cookies, session vars, whatever -- and
pass that to the web browser so that now the web browser is logged in.

Is that possible?

How can one take the values in the cookie jar and create the same cookies
in the browser session?

etc.

Thanks!

--
JDS
in the traditional model of client<->server1.com<->server2.com the
credentials (if stored as cookies) will only be valid for domain
server1.com, so you cannot hand off the credentials to the client

however if you use some client side scripting to map only part of
server2.com's domain space to server1.com the rest making a straight
through connection to server2.com then it is possible under certain
circumstances. (those being that server2.com uses the session id as an
authentication token)

For instance: foxy proxy within firefox, which proxies a request for a
URL matching server2.com/login.php via a machine on which server1.com
runs AND vhost server2.com, and which has a DNS/host entry for
server2.com pointing to itself. This machine makes a cURL requests
logging on to server2.com using its real IP address. It returns the
credentials to the client back though the proxy, meanwhile all the
images and so forth have been downloaded from the server2.com to the
client unproxied. The cookie would then appear to have been sent by a
header from the correct host and now you can continue using
server2.com from the client and the client will send the correct
cookie.

I have tested this and use it routinely to overcome same domain
restrictions in order to inject code into the webpages I view to make
the user experience better for me, removing adverts or simply
returning a larger dataset, etc... for fun rather than for profit.

There are of course situations in which this technique would not work,
but give it a go.

May 15 '07 #2
JDS
On Tue, 15 May 2007 10:16:35 -0700, shimmyshack wrote:
>
in the traditional model of client<->server1.com<->server2.com the
credentials (if stored as cookies) will only be valid for domain
server1.com, so you cannot hand off the credentials to the client


Okay, so, I think I have my original answer: "NO"

That's okay. I found an acceptable workaround. Note: This workaround may
not be acceptable to everyone as it uses JavaScript and depends on client
side behavior!

Solution:

1) Create PHP script that gathers creds and maps them to the proper
username/password.

2) Embed an HTML form that mimics the POST form I need to circumvent

3) Use the onload() and submit() events to submit creds via POST method

This works! Yay!
--
JDS | je*****@example .invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/
May 21 '07 #3
On May 21, 10:43 pm, JDS <jeff...@exampl e.invalidwrote:
On Tue, 15 May 2007 10:16:35 -0700, shimmyshack wrote:
in the traditional model of client<->server1.com<->server2.com the
credentials (if stored as cookies) will only be valid for domain
server1.com, so you cannot hand off the credentials to the client

Okay, so, I think I have my original answer: "NO"

That's okay. I found an acceptable workaround. Note: This workaround may
not be acceptable to everyone as it uses JavaScript and depends on client
side behavior!

Solution:

1) Create PHP script that gathers creds and maps them to the proper
username/password.

2) Embed an HTML form that mimics the POST form I need to circumvent

3) Use the onload() and submit() events to submit creds via POST method

This works! Yay!
--
JDS | jeff...@example .invalid
|http://www.newtnotes.com
DJMBS |http://newtnotes.com/doctor-jeff-master-brainsurgeon/
now this /is/ possible as you describe, however it isnt a virtual
session, but rather, a real one, directly between the browser and the
site.
You can of course write a proxy routine, that posts the data using
cURL, and hands back not the session id, but the protected content,
and integrate that into the pages. This would work well where you
control both the site you /were/ on and the site that needs to be
"logged in to" you can mix and match data scross domains this way
although it is not recommended as it's basically XSS and is bound to
be gradually harder to pull off under tighter models in the furture.

May 21 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
1829
Directory listing of a remote site.
by: cshennan | last post by:
Hi, I'm not sure if this can be done, but here goes. I'm currently trying writing an activex component to allow me to browse a directory held on a remote machine. I've been looking into the FileSystemObject, and I've managed to get this running on local drives and network drives. Is it possible to also use this on remote site via URL i.e. http://www.mysite.com/folder, and if so, do you have any pointers about what to do, or is it...
Visual Basic 4 / 5 / 6
1
2397
How to call a page in a remote site and get the result within your page with javascript
by: nabilo | last post by:
I want to know if it's possible to call, within my cgi page, using javascript, a remote url and get the result without changing my actual page. To say more, I have a page result appaired to the customer. And I want to call, during this, a remote server to send the result of the operation (ok/nok). I don't want to use 'window.open' because it can be blocked by the browser (pop-up).
Javascript
9
2621
Is it possible to "remember" log in credentials? (Many MDB's sharing one MDW)
by: Mike Von Stein | last post by:
Maybe I'm missing something obvious, but if I several MDB's that use the same secure workgroup MDW file and the user logs into one of them is there a way through code that I can open other databases using his/her credentials that were validated when the first database was opened? (I want to open a new physical instance of Access, not a ADOX connection or DAO workspace. Basically trying to avoid making them put in their User Name and...
Microsoft Access / VBA
6
10218
appending local table to remote table using pass-through query
by: Access Newbie | last post by:
I'm using Access 2000 and I'm trying to create a pass-through query to append all the data from a local table to a remote table. I'm using the SQL query editor in MS Access to create the query (I don't want to do this in VB code). I've set up the ODBC connection string in the query properties, which has been tested and works: ODBC;DSN=dev001 student99;Description=dev001...
Microsoft Access / VBA
0
1211
How can I pass credentials (of a different userid) when trying to access a remote share?
by: Craig Burkett | last post by:
I am needing to access a remote share using a set of credentials (ie a userid and a password that are not what I am logged in with) with a UNC name (I am not allowed to access the share by mounting it). How do I accomplish this? Thank you in advance, Craig Burkett
Visual Basic .NET
0
1389
Opening remote site is very slow - copying files?
by: mlfblom | last post by:
Hi, I am running visual studio 2005 on a Vista Ultimate client. I have created a remote site on a Windows 2003 R2 server. This site has about 100 aspx, many App_Code files and several references to DLL's. When I open the remote site within VS 2005 on the client machine, I takes very, very long before the site is opened and the solutione explorer shows all files. In the mean time the status bar shows a message like it is copying files...
ASP.NET
3
6291
Site login using cURL(libcurl)
by: buzz2050 | last post by:
Hi all, I am using cURL for the first time. I need to login to a site and my cURL code to do the same is as follows: //curlScript.php <?php function getContent($url, $referer, $cookie_file_name, $post_fields='') {
PHP
2
2122
display images from remote site
by: csihosting | last post by:
I would like to dispaly some images from a remote site (I have permission) on my asp.net page. The site required authentication. How do I retrieve the images and send the credentials without the user being prompted for it at page load? I was hoping to avoid downloading the images and saving them locally. There's potential thousands of pictures. I guess I could write a clean up script to delete the downloaded pictures month and an if file...
ASP.NET
0
7997
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
7929
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8280
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
6739
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
5882
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5441
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
3907
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
3955
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
1526
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us