By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,614 Members | 1,662 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,614 IT Pros & Developers. It's quick & easy.

How can I catch a session cookie ?

P: 4
I am writing a php script that login to apple.com , to do that I use a http analyzer to monitor normal login process I see to login I need open 3 connection

1:
https://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/wa/QSLID?nnmm=acct&mco=85437DAC
in the header respond I get "set-cookie asbid=sAJ2YF2CYUPDJDYYX; expires=Wed, 11-Feb-2037 22:08:04 GMT; path=/; domain=.apple.com;" so I get asbid=sAJ2YF2CYUPDJDYYX out it will be used in next connection., there are a "/1-800-MY-APPLE/WebObjects/AppleStore.woa/6954002/wa/PSLID?nnmm=acct&mco=85437DAC&wosid=o4MGqgvXZlFz3Gz a44T1tBEEfIx" in header too so this is the next connection.

2
I will connect to store.apple.com//1-800-MY-APPLE/WebObjects/AppleStore.woa/6954002/wa/PSLID?nnmm=acct&mco=85437DAC&wosid=o4MGqgvXZlFz3Gz a44T1tBEEfIx
in the header respond I get some cookie and after mix these cookie each other I get the link to post user and password.

3
connect link:
https://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/6954002/wo/o4MGqgvXZlFz3Gza44T1tBEEfIx/1.0.21.3.0.8.13.0.0.2.1.1.0
here is where i get "An error has occurred during your session. Please return to the Store Menu to continue shopping."

I test with the IE browser and capture all cookie here is the right cookie:
asrec=InNybV9zZXNuX2lkIiA9ICJvNE1HcWd2WFpsRnozR3ph NDRUMXRCRUVmSXgiOwoic3JtX3N2ayIgPSB7fTsKInNybV91cm kiID0gImh0dHA6Ly9zdG9yZS5hcHBsZS5jb20vMS04MDAtTVkt QVBQTEUvV2ViT2JqZWN0cy9BcHBsZVN0b3JlIjsKInNybV9hcH Bfbm0iID0gIkFwcGxlU3RvcmUiOwoic3JtX2luc3RfbmJyIiA9 ICI2OTU0MDAyIjsKInNybV9leHBpcmVzIiA9ICIyMDA3LzAyLz ExLTIyOjIzOjA1IjsK; s_cc=true; s_sq=applesuperglobal%3D%2526pid%253DAOS%25253A%25 2520Login%2526pidt%253D1%2526oid%253Dhttps%25253A//store.apple.com/AppleConnect/US-EN/buttonloginlime.gif%2526ot%253DIMAGE%2526oi%253D10 4; asbid=sAJ2YF2CYUPDJDYYX; s_vi=[CS]v1|45D0044E00001101-A000C4B0000498E[CE]

the strange part is :
s_cc=true;
s_sq=applesuperglobal%3D%2526pid%253DAOS%25253A%25 2520Login%2526pidt%253D1%2526oid%253Dhttps%25253A//store.apple.com/AppleConnect/US-EN/buttonloginlime.gif%2526ot%253DIMAGE%2526oi%253D10 4;
and s_vi=[CS]v1|45D0044E00001101-A000C4B0000498E[CE]

s_cc=true; and s_sq= is static the only dynamic is s_vi=[CS]v1|45D0044E00001101-A000C4B0000498E[CE] with all other cookie I get the "set cookie" in header respond so I can capture them but I don't see s_vi= in any header respond so how can I capture it ? this is where I stuck T_T, my friend suggest me use curl but I don't want to use because it not support in all php hosting.
Please help me
Feb 12 '07 #1
Share this Question
Share on Google+
4 Replies


Motoma
Expert 2.5K+
P: 3,235
If I understand your problem correctly, you are trying to capture the cookies from a site, however, you haven't been able to read one of the necessary cookies, as you can't capture the transaction that sets it.

What you forget to realize is that Javascript can also be used to set, read, and erase cookie information, and if this was a method for setting a cookie, you wouldn't capture it in network traffic.

This is just a shot in the dark, but I hope it helps.
Feb 12 '07 #2

P: 4
I can see some light but still confused ^^
I using httpanalyzer to monitor the login process so I know where all other cookie com from so I can capture and post back to server when I click login button the cookie s_vi=[CS]v1|45D0044E00001101-A000C4B0000498E[CE] is generated and appear in header of the action post username and password so now I must look to all javascript on that page and find out how to create a cookie like s_vi= ?
Feb 12 '07 #3

Motoma
Expert 2.5K+
P: 3,235
I can see some light but still confused ^^
I using httpanalyzer to monitor the login process so I know where all other cookie com from so I can capture and post back to server when I click login button the cookie s_vi=[CS]v1|45D0044E00001101-A000C4B0000498E[CE] is generated and appear in header of the action post username and password so now I must look to all javascript on that page and find out how to create a cookie like s_vi= ?
Yes, from the way you describe it, it sounds that way to me.
Feb 12 '07 #4

P: 1
Yes, from the way you describe it, it sounds that way to me.

Did you got any solution for this?

Pratap
Aug 5 '08 #5

Post your reply

Sign in to post your reply or Sign up for a free account.