Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back to urlopen. The second method was to
use the cookiehandler method add_cookie_head er. But in both cases,
before sending out the 2nd request, it seems to have empty headers --
which indicates to me that the necessary cookies have not been
attacked.
I also tryed messing with the policy quite a bit, thinking that might
be causing the cookies not to be returned. First I used the default,
then set some flags on the default, then even overrode methods on the
default to make it as lenient as possible. This had no apparent
effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full
code file. Apologies for all the comments, but I wanted to show what I
had tried.
-----------------
RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
the_url =
"http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp "
req = urllib2.Request (the_url)
#print "headers:", req.headers
#cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY,
# NO COOKIES RETURNED?
print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
-----------------
FULL CODE
#!/usr/bin/python
import urllib
import urllib2
import re
import os
from cookielib import *
class MyCookiePolicy( DefaultCookiePo licy):
def __init__(self):
DefaultCookiePo licy.__init__(s elf, rfc2965=True,
hide_cookie2=Fa lse, strict_ns_domai n=DefaultCookie Policy.DomainLi beral)
def set_ok(self, cookie, request):
return True
def return_ok(self, cookie, request):
return True
def domain_return_o k(self, cookie, request):
return True
def path_return_ok( self, cookie, request):
return True
the_url = 'http://www.dpreview.co m/forums/login_post.asp'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
values = {
'email' : '****',
'password' : '****',
#"remember" : "checked", # <- create permanent cookie
'jump' : "/forums/"
}
# also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO
headers = { 'User-Agent' : user_agent }
data = urllib.urlencod e(values)
req = urllib2.Request (the_url, data, headers)
# COOKIE POLICY
# tried using several configurations of the default cookie policy
#policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse,
strict_ns_domai n=DefaultCookie Policy.DomainLi beral)
# tried using my own custom cookie policy
#policy = MyCookiePolicy( )
policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse)
# CREATE COOKIE JAR WITH POLICY
cj = MozillaCookieJa r()
cj.set_policy(p olicy)
# CREATE OPENER, AND OPEN PAGE
opener = urllib2.build_o pener(urllib2.H TTPCookieProces sor(cj))
urllib2.install _opener(opener)
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE
for c in cj:
print "COOKIE:", c
print "URL:", handle.geturl()
print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN
for line in the_page.split( '\n'):
line = line.strip()
if re.search("Welc ome to the", line):
print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
# - tried using the install_opener above
# - tried using add_cookie_head er
# - either way, can't seem to get cookies in the header of this request
the_url =
"http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp "
req = urllib2.Request (the_url)
#print "headers:", req.headers
#cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY
print "headers:", req.headers
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST
for line in the_page.split( '\n'):
line = line.strip()
if re.search("To access", line):
print "MESSAGE:", line
print "URL:", handle.geturl()
print "INFO:", handle.info()
2  2245 
NEVERMIND. My friend pointed out that I am simply hitting the wrong
URL when trying to "test" whether I am logged in or not. The correct
one is: http://www.dpreview.com/forums/editprofile.asp
But I still have one question, if anyone knows -- why is it that when I
print out the headers on my request object, they are empty? I thought
that I should find the cookies there which are being sent back. This
is what I thought the problem was. Thanks if anyone can explain how
that works.
John
(PS i have stopped attacking the cookies now) jo**********@gm ail.com wrote: Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back to urlopen. The second method was to
use the cookiehandler method add_cookie_head er. But in both cases,
before sending out the 2nd request, it seems to have empty headers --
which indicates to me that the necessary cookies have not been
attacked.
I also tryed messing with the policy quite a bit, thinking that might
be causing the cookies not to be returned. First I used the default,
then set some flags on the default, then even overrode methods on the
default to make it as lenient as possible. This had no apparent
effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full
code file. Apologies for all the comments, but I wanted to show what I
had tried.
-----------------
RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
the_url =
"http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp "
req = urllib2.Request (the_url)
#print "headers:", req.headers
#cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY,
# NO COOKIES RETURNED?
print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
-----------------
FULL CODE
#!/usr/bin/python
import urllib
import urllib2
import re
import os
from cookielib import *
class MyCookiePolicy( DefaultCookiePo licy):
def __init__(self):
DefaultCookiePo licy.__init__(s elf, rfc2965=True,
hide_cookie2=Fa lse, strict_ns_domai n=DefaultCookie Policy.DomainLi beral)
def set_ok(self, cookie, request):
return True
def return_ok(self, cookie, request):
return True
def domain_return_o k(self, cookie, request):
return True
def path_return_ok( self, cookie, request):
return True
the_url = 'http://www.dpreview.co m/forums/login_post.asp'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
values = {
'email' : '****',
'password' : '****',
#"remember" : "checked", # <- create permanent cookie
'jump' : "/forums/"
}
# also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO
headers = { 'User-Agent' : user_agent }
data = urllib.urlencod e(values)
req = urllib2.Request (the_url, data, headers)
# COOKIE POLICY
# tried using several configurations of the default cookie policy
#policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse,
strict_ns_domai n=DefaultCookie Policy.DomainLi beral)
# tried using my own custom cookie policy
#policy = MyCookiePolicy( )
policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse)
# CREATE COOKIE JAR WITH POLICY
cj = MozillaCookieJa r()
cj.set_policy(p olicy)
# CREATE OPENER, AND OPEN PAGE
opener = urllib2.build_o pener(urllib2.H TTPCookieProces sor(cj))
urllib2.install _opener(opener)
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE
for c in cj:
print "COOKIE:", c
print "URL:", handle.geturl()
print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN
for line in the_page.split( '\n'):
line = line.strip()
if re.search("Welc ome to the", line):
print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
# - tried using the install_opener above
# - tried using add_cookie_head er
# - either way, can't seem to get cookies in the header of this request
the_url =
"http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp "
req = urllib2.Request (the_url)
#print "headers:", req.headers
#cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY
print "headers:", req.headers
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST
for line in the_page.split( '\n'):
line = line.strip()
if re.search("To access", line):
print "MESSAGE:", line
print "URL:", handle.geturl()
print "INFO:", handle.info()
NEVERMIND. My friend pointed out that I am simply hitting the wrong
URL when trying to "test" whether I am logged in or not. The correct
one is: http://www.dpreview.com/forums/editprofile.asp
But I still have one question, if anyone knows -- why is it that when I
print out the headers on my request object, they are empty? I thought
that I should find the cookies there which are being sent back. This
is what I thought the problem was. Thanks if anyone can explain how
that works.
John
(PS i have stopped attacking the cookies now) jo**********@gm ail.com wrote: Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back to urlopen. The second method was to
use the cookiehandler method add_cookie_head er. But in both cases,
before sending out the 2nd request, it seems to have empty headers --
which indicates to me that the necessary cookies have not been
attacked.
I also tryed messing with the policy quite a bit, thinking that might
be causing the cookies not to be returned. First I used the default,
then set some flags on the default, then even overrode methods on the
default to make it as lenient as possible. This had no apparent
effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full
code file. Apologies for all the comments, but I wanted to show what I
had tried.
-----------------
RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
the_url =
"http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp "
req = urllib2.Request (the_url)
#print "headers:", req.headers
#cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY,
# NO COOKIES RETURNED?
print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
-----------------
FULL CODE
#!/usr/bin/python
import urllib
import urllib2
import re
import os
from cookielib import *
class MyCookiePolicy( DefaultCookiePo licy):
def __init__(self):
DefaultCookiePo licy.__init__(s elf, rfc2965=True,
hide_cookie2=Fa lse, strict_ns_domai n=DefaultCookie Policy.DomainLi beral)
def set_ok(self, cookie, request):
return True
def return_ok(self, cookie, request):
return True
def domain_return_o k(self, cookie, request):
return True
def path_return_ok( self, cookie, request):
return True
the_url = 'http://www.dpreview.co m/forums/login_post.asp'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
values = {
'email' : '****',
'password' : '****',
#"remember" : "checked", # <- create permanent cookie
'jump' : "/forums/"
}
# also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO
headers = { 'User-Agent' : user_agent }
data = urllib.urlencod e(values)
req = urllib2.Request (the_url, data, headers)
# COOKIE POLICY
# tried using several configurations of the default cookie policy
#policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse,
strict_ns_domai n=DefaultCookie Policy.DomainLi beral)
# tried using my own custom cookie policy
#policy = MyCookiePolicy( )
policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse)
# CREATE COOKIE JAR WITH POLICY
cj = MozillaCookieJa r()
cj.set_policy(p olicy)
# CREATE OPENER, AND OPEN PAGE
opener = urllib2.build_o pener(urllib2.H TTPCookieProces sor(cj))
urllib2.install _opener(opener)
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE
for c in cj:
print "COOKIE:", c
print "URL:", handle.geturl()
print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN
for line in the_page.split( '\n'):
line = line.strip()
if re.search("Welc ome to the", line):
print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
# - tried using the install_opener above
# - tried using add_cookie_head er
# - either way, can't seem to get cookies in the header of this request
the_url =
"http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp "
req = urllib2.Request (the_url)
#print "headers:", req.headers
#cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY
print "headers:", req.headers
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST
for line in the_page.split( '\n'):
line = line.strip()
if re.search("To access", line):
print "MESSAGE:", line
print "URL:", handle.geturl()
print "INFO:", handle.info() This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: yukon |
last post by:
Hi there
the next is my platform
IIS5
windows 2000
asp vbscript
My working area has the next virtual directoy:
testAc (corrective ambient)
testAe (evolutionary ambient)
|
by: Dan Meehan |
last post by:
I created a music website that allows people to sign up and post
messages on some message boards and update their profiles and such.
The login script uses cookies, so when they Log Into the site it does
something like:
Response.cookies("ID") = RS.fields("UserID").value
Response.cookies("USERNAME") = RS.fields("Username").value
Response.cookies("LEVEL") = RS.fields("ULevel").value
and from there, I have a header include that will...
|
by: Mark Anderson |
last post by:
Sorry if this is a rookie mistake... I've been through all the FAQs and the
books I have but I can't see the mistake so I guess it's something simple
<g> - I'm an occasional JS user.
I've got some code (in an external JS file) attached to a number of links
off a query result page. The code it checks if there are any ticked items on
the page and adds them to a lightbox (cart) before going the next called
result page. The idea is to stop...
|
by: Bennett F. Dill |
last post by:
Thanks for reading. I'm having problems with cookies from asp to asp.net
and back!
It seems like I can set a cookie in asp.net fine, and alter it at will, as
soon as asp touches it, asp.net won't have anything to do with it. Can
someone please help!
The code below, going from aspx to aspx, works great the cookie as expected
goes from qwerty to zxcvb and back. As soon as you hit the asp page, the
cookie goes to asdfg and stays there...
|
by: Ravi |
last post by:
Hi ,
i am trying to pass the same session Id to all the webrequest, but
sometimes the response.cookies returns zero and sometimes one. is this to do
something with cookies expire. In this sample code the line
Console.WriteLine("cookies1 count : " + firstResponse.Count.ToString()); and
Console.WriteLine("second Cookie : " +
secondResponse.Cookies.Count.ToString());
| | |
by: Mike |
last post by:
1. For some reason after the session has ended and the authentication cookie has expired I'm not being redirected to the login page. Insted I'm be assigned a new authentication cookie? Anyone have any ideas as to what may be causing this? (I'm using Microsoft's example
2. I'm also transferring a forms authentication cookie recieved from a web service (SQL Reporting Services) thru my app to the client. For some reason the expired cookie is...
|
by: ltt19 |
last post by:
Hi Folks,
I'm just beggining with asp.net, and I'm doing a webpage to learn it. In the
main page, there is a text by default written in Portuguese, that the user
can change it it English by clicking on a button. When you click in this
button it writes a cookie with your chosen language, and then the page loads
again to change the text. However I'm having two problems, first, the cookie
doens't work, second, to fix the cookie problem, i...
|
by: john.lehmann |
last post by:
Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back...
|
by: Gridlock |
last post by:
I'm trying to read the cookies using HttpContext.Current.Request.Cookies, but
the only cookie that I get is the ASP.NET SessionId cookie. There are many
cookies on the machine, why am I only getting the one cookie?
Thanks,
- Stew
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
