Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back to urlopen. The second method was to
use the cookiehandler method add_cookie_head er. But in both cases,
before sending out the 2nd request, it seems to have empty headers --
which indicates to me that the necessary cookies have not been
attacked.
I also tryed messing with the policy quite a bit, thinking that might
be causing the cookies not to be returned. First I used the default,
then set some flags on the default, then even overrode methods on the
default to make it as lenient as possible. This had no apparent
effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full
code file. Apologies for all the comments, but I wanted to show what I
had tried.
-----------------
RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
the_url =
"http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp "
req = urllib2.Request (the_url)
#print "headers:", req.headers
#cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY,
# NO COOKIES RETURNED?
print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
-----------------
FULL CODE
#!/usr/bin/python
import urllib
import urllib2
import re
import os
from cookielib import *
class MyCookiePolicy( DefaultCookiePo licy):
def __init__(self):
DefaultCookiePo licy.__init__(s elf, rfc2965=True,
hide_cookie2=Fa lse, strict_ns_domai n=DefaultCookie Policy.DomainLi beral)
def set_ok(self, cookie, request):
return True
def return_ok(self, cookie, request):
return True
def domain_return_o k(self, cookie, request):
return True
def path_return_ok( self, cookie, request):
return True
the_url = 'http://www.dpreview.co m/forums/login_post.asp'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
values = {
'email' : '****',
'password' : '****',
#"remember" : "checked", # <- create permanent cookie
'jump' : "/forums/"
}
# also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO
headers = { 'User-Agent' : user_agent }
data = urllib.urlencod e(values)
req = urllib2.Request (the_url, data, headers)
# COOKIE POLICY
# tried using several configurations of the default cookie policy
#policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse,
strict_ns_domai n=DefaultCookie Policy.DomainLi beral)
# tried using my own custom cookie policy
#policy = MyCookiePolicy( )
policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse)
# CREATE COOKIE JAR WITH POLICY
cj = MozillaCookieJa r()
cj.set_policy(p olicy)
# CREATE OPENER, AND OPEN PAGE
opener = urllib2.build_o pener(urllib2.H TTPCookieProces sor(cj))
urllib2.install _opener(opener)
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE
for c in cj:
print "COOKIE:", c
print "URL:", handle.geturl()
print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN
for line in the_page.split( '\n'):
line = line.strip()
if re.search("Welc ome to the", line):
print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
# - tried using the install_opener above
# - tried using add_cookie_head er
# - either way, can't seem to get cookies in the header of this request
the_url =
"http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp "
req = urllib2.Request (the_url)
#print "headers:", req.headers
#cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY
print "headers:", req.headers
#handle = opener.open(req )
handle = urllib2.urlopen (req)
the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST
for line in the_page.split( '\n'):
line = line.strip()
if re.search("To access", line):
print "MESSAGE:", line
print "URL:", handle.geturl()
print "INFO:", handle.info() 2 2246
NEVERMIND. My friend pointed out that I am simply hitting the wrong
URL when trying to "test" whether I am logged in or not. The correct
one is: http://www.dpreview.com/forums/editprofile.asp
But I still have one question, if anyone knows -- why is it that when I
print out the headers on my request object, they are empty? I thought
that I should find the cookies there which are being sent back. This
is what I thought the problem was. Thanks if anyone can explain how
that works.
John
(PS i have stopped attacking the cookies now) jo**********@gm ail.com wrote: Attacked is a piece of code which first hits the login page successfully and receives back login cookies. But then when I attempt to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies to the header portion of the this request. I have tried 2 methods which should both work I think. The first was to use install_opener to attach the cookie handler back to urlopen. The second method was to use the cookiehandler method add_cookie_head er. But in both cases, before sending out the 2nd request, it seems to have empty headers -- which indicates to me that the necessary cookies have not been attacked.
I also tryed messing with the policy quite a bit, thinking that might be causing the cookies not to be returned. First I used the default, then set some flags on the default, then even overrode methods on the default to make it as lenient as possible. This had no apparent effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full code file. Apologies for all the comments, but I wanted to show what I had tried. ----------------- RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE the_url = "http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp " req = urllib2.Request (the_url) #print "headers:", req.headers #cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY, # NO COOKIES RETURNED? print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE #handle = opener.open(req ) handle = urllib2.urlopen (req) the_page = handle.read()
----------------- FULL CODE
#!/usr/bin/python
import urllib import urllib2 import re import os from cookielib import *
class MyCookiePolicy( DefaultCookiePo licy): def __init__(self): DefaultCookiePo licy.__init__(s elf, rfc2965=True, hide_cookie2=Fa lse, strict_ns_domai n=DefaultCookie Policy.DomainLi beral) def set_ok(self, cookie, request): return True def return_ok(self, cookie, request): return True def domain_return_o k(self, cookie, request): return True def path_return_ok( self, cookie, request): return True
the_url = 'http://www.dpreview.co m/forums/login_post.asp' user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)' values = { 'email' : '****', 'password' : '****', #"remember" : "checked", # <- create permanent cookie 'jump' : "/forums/" } # also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO headers = { 'User-Agent' : user_agent } data = urllib.urlencod e(values) req = urllib2.Request (the_url, data, headers)
# COOKIE POLICY # tried using several configurations of the default cookie policy #policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse, strict_ns_domai n=DefaultCookie Policy.DomainLi beral) # tried using my own custom cookie policy #policy = MyCookiePolicy( ) policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse)
# CREATE COOKIE JAR WITH POLICY cj = MozillaCookieJa r() cj.set_policy(p olicy)
# CREATE OPENER, AND OPEN PAGE opener = urllib2.build_o pener(urllib2.H TTPCookieProces sor(cj)) urllib2.install _opener(opener) #handle = opener.open(req ) handle = urllib2.urlopen (req) the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE for c in cj: print "COOKIE:", c print "URL:", handle.geturl() print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN for line in the_page.split( '\n'): line = line.strip() if re.search("Welc ome to the", line): print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE # - tried using the install_opener above # - tried using add_cookie_head er # - either way, can't seem to get cookies in the header of this request the_url = "http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp " req = urllib2.Request (the_url) #print "headers:", req.headers #cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY print "headers:", req.headers #handle = opener.open(req ) handle = urllib2.urlopen (req) the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST for line in the_page.split( '\n'): line = line.strip() if re.search("To access", line): print "MESSAGE:", line
print "URL:", handle.geturl() print "INFO:", handle.info()
NEVERMIND. My friend pointed out that I am simply hitting the wrong
URL when trying to "test" whether I am logged in or not. The correct
one is: http://www.dpreview.com/forums/editprofile.asp
But I still have one question, if anyone knows -- why is it that when I
print out the headers on my request object, they are empty? I thought
that I should find the cookies there which are being sent back. This
is what I thought the problem was. Thanks if anyone can explain how
that works.
John
(PS i have stopped attacking the cookies now) jo**********@gm ail.com wrote: Attacked is a piece of code which first hits the login page successfully and receives back login cookies. But then when I attempt to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies to the header portion of the this request. I have tried 2 methods which should both work I think. The first was to use install_opener to attach the cookie handler back to urlopen. The second method was to use the cookiehandler method add_cookie_head er. But in both cases, before sending out the 2nd request, it seems to have empty headers -- which indicates to me that the necessary cookies have not been attacked.
I also tryed messing with the policy quite a bit, thinking that might be causing the cookies not to be returned. First I used the default, then set some flags on the default, then even overrode methods on the default to make it as lenient as possible. This had no apparent effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full code file. Apologies for all the comments, but I wanted to show what I had tried. ----------------- RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE the_url = "http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp " req = urllib2.Request (the_url) #print "headers:", req.headers #cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY, # NO COOKIES RETURNED? print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE #handle = opener.open(req ) handle = urllib2.urlopen (req) the_page = handle.read()
----------------- FULL CODE
#!/usr/bin/python
import urllib import urllib2 import re import os from cookielib import *
class MyCookiePolicy( DefaultCookiePo licy): def __init__(self): DefaultCookiePo licy.__init__(s elf, rfc2965=True, hide_cookie2=Fa lse, strict_ns_domai n=DefaultCookie Policy.DomainLi beral) def set_ok(self, cookie, request): return True def return_ok(self, cookie, request): return True def domain_return_o k(self, cookie, request): return True def path_return_ok( self, cookie, request): return True
the_url = 'http://www.dpreview.co m/forums/login_post.asp' user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)' values = { 'email' : '****', 'password' : '****', #"remember" : "checked", # <- create permanent cookie 'jump' : "/forums/" } # also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO headers = { 'User-Agent' : user_agent } data = urllib.urlencod e(values) req = urllib2.Request (the_url, data, headers)
# COOKIE POLICY # tried using several configurations of the default cookie policy #policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse, strict_ns_domai n=DefaultCookie Policy.DomainLi beral) # tried using my own custom cookie policy #policy = MyCookiePolicy( ) policy = DefaultCookiePo licy(rfc2965=Tr ue, hide_cookie2=Fa lse)
# CREATE COOKIE JAR WITH POLICY cj = MozillaCookieJa r() cj.set_policy(p olicy)
# CREATE OPENER, AND OPEN PAGE opener = urllib2.build_o pener(urllib2.H TTPCookieProces sor(cj)) urllib2.install _opener(opener) #handle = opener.open(req ) handle = urllib2.urlopen (req) the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE for c in cj: print "COOKIE:", c print "URL:", handle.geturl() print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN for line in the_page.split( '\n'): line = line.strip() if re.search("Welc ome to the", line): print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE # - tried using the install_opener above # - tried using add_cookie_head er # - either way, can't seem to get cookies in the header of this request the_url = "http://www.dpreview.co m/forums/login.asp?jump= editprofile.asp " req = urllib2.Request (the_url) #print "headers:", req.headers #cj.add_cookie_ header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY print "headers:", req.headers #handle = opener.open(req ) handle = urllib2.urlopen (req) the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST for line in the_page.split( '\n'): line = line.strip() if re.search("To access", line): print "MESSAGE:", line
print "URL:", handle.geturl() print "INFO:", handle.info() This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: yukon |
last post by:
Hi there
the next is my platform
IIS5
windows 2000
asp vbscript
My working area has the next virtual directoy:
testAc (corrective ambient)
testAe (evolutionary ambient)
|
by: Dan Meehan |
last post by:
I created a music website that allows people to sign up and post
messages on some message boards and update their profiles and such.
The login script uses cookies, so when they Log Into the site it does
something like:
Response.cookies("ID") = RS.fields("UserID").value
Response.cookies("USERNAME") = RS.fields("Username").value
Response.cookies("LEVEL") = RS.fields("ULevel").value
and from there, I have a header include that will...
|
by: Mark Anderson |
last post by:
Sorry if this is a rookie mistake... I've been through all the FAQs and the
books I have but I can't see the mistake so I guess it's something simple
<g> - I'm an occasional JS user.
I've got some code (in an external JS file) attached to a number of links
off a query result page. The code it checks if there are any ticked items on
the page and adds them to a lightbox (cart) before going the next called
result page. The idea is to stop...
|
by: Bennett F. Dill |
last post by:
Thanks for reading. I'm having problems with cookies from asp to asp.net
and back!
It seems like I can set a cookie in asp.net fine, and alter it at will, as
soon as asp touches it, asp.net won't have anything to do with it. Can
someone please help!
The code below, going from aspx to aspx, works great the cookie as expected
goes from qwerty to zxcvb and back. As soon as you hit the asp page, the
cookie goes to asdfg and stays there...
|
by: Ravi |
last post by:
Hi ,
i am trying to pass the same session Id to all the webrequest, but
sometimes the response.cookies returns zero and sometimes one. is this to do
something with cookies expire. In this sample code the line
Console.WriteLine("cookies1 count : " + firstResponse.Count.ToString()); and
Console.WriteLine("second Cookie : " +
secondResponse.Cookies.Count.ToString());
| |
by: Mike |
last post by:
1. For some reason after the session has ended and the authentication cookie has expired I'm not being redirected to the login page. Insted I'm be assigned a new authentication cookie? Anyone have any ideas as to what may be causing this? (I'm using Microsoft's example
2. I'm also transferring a forms authentication cookie recieved from a web service (SQL Reporting Services) thru my app to the client. For some reason the expired cookie is...
|
by: ltt19 |
last post by:
Hi Folks,
I'm just beggining with asp.net, and I'm doing a webpage to learn it. In the
main page, there is a text by default written in Portuguese, that the user
can change it it English by clicking on a button. When you click in this
button it writes a cookie with your chosen language, and then the page loads
again to change the text. However I'm having two problems, first, the cookie
doens't work, second, to fix the cookie problem, i...
|
by: john.lehmann |
last post by:
Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back...
|
by: Gridlock |
last post by:
I'm trying to read the cookies using HttpContext.Current.Request.Cookies, but
the only cookie that I get is the ASP.NET SessionId cookie. There are many
cookies on the machine, why am I only getting the one cookie?
Thanks,
- Stew
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |