Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies
to the header portion of the this request. I have tried 2 methods
which should both work I think. The first was to use install_opener to
attach the cookie handler back to urlopen. The second method was to
use the cookiehandler method add_cookie_header. But in both cases,
before sending out the 2nd request, it seems to have empty headers --
which indicates to me that the necessary cookies have not been
attacked.
I also tryed messing with the policy quite a bit, thinking that might
be causing the cookies not to be returned. First I used the default,
then set some flags on the default, then even overrode methods on the
default to make it as lenient as possible. This had no apparent
effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full
code file. Apologies for all the comments, but I wanted to show what I
had tried.
-----------------
RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
the_url =
"http://www.dpreview.com/forums/login.asp?jump=editprofile.asp"
req = urllib2.Request(the_url)
#print "headers:", req.headers
#cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY,
# NO COOKIES RETURNED?
print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
-----------------
FULL CODE
#!/usr/bin/python
import urllib
import urllib2
import re
import os
from cookielib import *
class MyCookiePolicy(DefaultCookiePolicy):
def __init__(self):
DefaultCookiePolicy.__init__(self, rfc2965=True,
hide_cookie2=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal )
def set_ok(self, cookie, request):
return True
def return_ok(self, cookie, request):
return True
def domain_return_ok(self, cookie, request):
return True
def path_return_ok(self, cookie, request):
return True
the_url = 'http://www.dpreview.com/forums/login_post.asp'
user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
values = {
'email' : '****',
'password' : '****',
#"remember" : "checked", # <- create permanent cookie
'jump' : "/forums/"
}
# also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO
headers = { 'User-Agent' : user_agent }
data = urllib.urlencode(values)
req = urllib2.Request(the_url, data, headers)
# COOKIE POLICY
# tried using several configurations of the default cookie policy
#policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False,
strict_ns_domain=DefaultCookiePolicy.DomainLiberal )
# tried using my own custom cookie policy
#policy = MyCookiePolicy()
policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False)
# CREATE COOKIE JAR WITH POLICY
cj = MozillaCookieJar()
cj.set_policy(policy)
# CREATE OPENER, AND OPEN PAGE
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(c j))
urllib2.install_opener(opener)
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE
for c in cj:
print "COOKIE:", c
print "URL:", handle.geturl()
print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN
for line in the_page.split('\n'):
line = line.strip()
if re.search("Welcome to the", line):
print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE
# - tried using the install_opener above
# - tried using add_cookie_header
# - either way, can't seem to get cookies in the header of this request
the_url =
"http://www.dpreview.com/forums/login.asp?jump=editprofile.asp"
req = urllib2.Request(the_url)
#print "headers:", req.headers
#cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY
print "headers:", req.headers
#handle = opener.open(req)
handle = urllib2.urlopen(req)
the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST
for line in the_page.split('\n'):
line = line.strip()
if re.search("To access", line):
print "MESSAGE:", line
print "URL:", handle.geturl()
print "INFO:", handle.info() 2 2204
NEVERMIND. My friend pointed out that I am simply hitting the wrong
URL when trying to "test" whether I am logged in or not. The correct
one is: http://www.dpreview.com/forums/editprofile.asp
But I still have one question, if anyone knows -- why is it that when I
print out the headers on my request object, they are empty? I thought
that I should find the cookies there which are being sent back. This
is what I thought the problem was. Thanks if anyone can explain how
that works.
John
(PS i have stopped attacking the cookies now) jo**********@gmail.com wrote: Attacked is a piece of code which first hits the login page successfully and receives back login cookies. But then when I attempt to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies to the header portion of the this request. I have tried 2 methods which should both work I think. The first was to use install_opener to attach the cookie handler back to urlopen. The second method was to use the cookiehandler method add_cookie_header. But in both cases, before sending out the 2nd request, it seems to have empty headers -- which indicates to me that the necessary cookies have not been attacked.
I also tryed messing with the policy quite a bit, thinking that might be causing the cookies not to be returned. First I used the default, then set some flags on the default, then even overrode methods on the default to make it as lenient as possible. This had no apparent effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full code file. Apologies for all the comments, but I wanted to show what I had tried. ----------------- RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE the_url = "http://www.dpreview.com/forums/login.asp?jump=editprofile.asp" req = urllib2.Request(the_url) #print "headers:", req.headers #cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY, # NO COOKIES RETURNED? print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE #handle = opener.open(req) handle = urllib2.urlopen(req) the_page = handle.read()
----------------- FULL CODE
#!/usr/bin/python
import urllib import urllib2 import re import os from cookielib import *
class MyCookiePolicy(DefaultCookiePolicy): def __init__(self): DefaultCookiePolicy.__init__(self, rfc2965=True, hide_cookie2=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal ) def set_ok(self, cookie, request): return True def return_ok(self, cookie, request): return True def domain_return_ok(self, cookie, request): return True def path_return_ok(self, cookie, request): return True
the_url = 'http://www.dpreview.com/forums/login_post.asp' user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)' values = { 'email' : '****', 'password' : '****', #"remember" : "checked", # <- create permanent cookie 'jump' : "/forums/" } # also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO headers = { 'User-Agent' : user_agent } data = urllib.urlencode(values) req = urllib2.Request(the_url, data, headers)
# COOKIE POLICY # tried using several configurations of the default cookie policy #policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal ) # tried using my own custom cookie policy #policy = MyCookiePolicy() policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False)
# CREATE COOKIE JAR WITH POLICY cj = MozillaCookieJar() cj.set_policy(policy)
# CREATE OPENER, AND OPEN PAGE opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(c j)) urllib2.install_opener(opener) #handle = opener.open(req) handle = urllib2.urlopen(req) the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE for c in cj: print "COOKIE:", c print "URL:", handle.geturl() print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN for line in the_page.split('\n'): line = line.strip() if re.search("Welcome to the", line): print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE # - tried using the install_opener above # - tried using add_cookie_header # - either way, can't seem to get cookies in the header of this request the_url = "http://www.dpreview.com/forums/login.asp?jump=editprofile.asp" req = urllib2.Request(the_url) #print "headers:", req.headers #cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY print "headers:", req.headers #handle = opener.open(req) handle = urllib2.urlopen(req) the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST for line in the_page.split('\n'): line = line.strip() if re.search("To access", line): print "MESSAGE:", line
print "URL:", handle.geturl() print "INFO:", handle.info()
NEVERMIND. My friend pointed out that I am simply hitting the wrong
URL when trying to "test" whether I am logged in or not. The correct
one is: http://www.dpreview.com/forums/editprofile.asp
But I still have one question, if anyone knows -- why is it that when I
print out the headers on my request object, they are empty? I thought
that I should find the cookies there which are being sent back. This
is what I thought the problem was. Thanks if anyone can explain how
that works.
John
(PS i have stopped attacking the cookies now) jo**********@gmail.com wrote: Attacked is a piece of code which first hits the login page successfully and receives back login cookies. But then when I attempt to hit a page which is restricted to logged in users only, I fail.
That seems to be because I am not successfully re-attaching the cookies to the header portion of the this request. I have tried 2 methods which should both work I think. The first was to use install_opener to attach the cookie handler back to urlopen. The second method was to use the cookiehandler method add_cookie_header. But in both cases, before sending out the 2nd request, it seems to have empty headers -- which indicates to me that the necessary cookies have not been attacked.
I also tryed messing with the policy quite a bit, thinking that might be causing the cookies not to be returned. First I used the default, then set some flags on the default, then even overrode methods on the default to make it as lenient as possible. This had no apparent effect.
Thanks a lot!
Below I have pasted the most relevant code section, as well as my full code file. Apologies for all the comments, but I wanted to show what I had tried. ----------------- RELEVANT CODE (snipped from full code)
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE the_url = "http://www.dpreview.com/forums/login.asp?jump=editprofile.asp" req = urllib2.Request(the_url) #print "headers:", req.headers #cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY - BUT THEY ARE EMPTY, # NO COOKIES RETURNED? print "headers:", req.headers
# THIS OPEN FAILS - I GET - "NEED TO LOGIN" PAGE #handle = opener.open(req) handle = urllib2.urlopen(req) the_page = handle.read()
----------------- FULL CODE
#!/usr/bin/python
import urllib import urllib2 import re import os from cookielib import *
class MyCookiePolicy(DefaultCookiePolicy): def __init__(self): DefaultCookiePolicy.__init__(self, rfc2965=True, hide_cookie2=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal ) def set_ok(self, cookie, request): return True def return_ok(self, cookie, request): return True def domain_return_ok(self, cookie, request): return True def path_return_ok(self, cookie, request): return True
the_url = 'http://www.dpreview.com/forums/login_post.asp' user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)' values = { 'email' : '****', 'password' : '****', #"remember" : "checked", # <- create permanent cookie 'jump' : "/forums/" } # also "remember" : "remember"
# INITIAL REQUEST WITH USER INFO headers = { 'User-Agent' : user_agent } data = urllib.urlencode(values) req = urllib2.Request(the_url, data, headers)
# COOKIE POLICY # tried using several configurations of the default cookie policy #policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal ) # tried using my own custom cookie policy #policy = MyCookiePolicy() policy = DefaultCookiePolicy(rfc2965=True, hide_cookie2=False)
# CREATE COOKIE JAR WITH POLICY cj = MozillaCookieJar() cj.set_policy(policy)
# CREATE OPENER, AND OPEN PAGE opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(c j)) urllib2.install_opener(opener) #handle = opener.open(req) handle = urllib2.urlopen(req) the_page = handle.read()
# SHOW COOKIES COLLECTED - LOOKS GOOD HERE for c in cj: print "COOKIE:", c print "URL:", handle.geturl() print "INFO:", handle.info()
#DEMONSTRATE WE'RE LOGGED IN for line in the_page.split('\n'): line = line.strip() if re.search("Welcome to the", line): print "MESSAGE:", line
# NOW GO TO PAGE RESTRICTED TO LOGGED IN PEOPLE # - tried using the install_opener above # - tried using add_cookie_header # - either way, can't seem to get cookies in the header of this request the_url = "http://www.dpreview.com/forums/login.asp?jump=editprofile.asp" req = urllib2.Request(the_url) #print "headers:", req.headers #cj.add_cookie_header(req)
# EXPECT THESE HEADERS TO BE NON-EMPTY print "headers:", req.headers #handle = opener.open(req) handle = urllib2.urlopen(req) the_page = handle.read()
# THIS ALSO PROVES LOGIN-STATE WAS LOST for line in the_page.split('\n'): line = line.strip() if re.search("To access", line): print "MESSAGE:", line
print "URL:", handle.geturl() print "INFO:", handle.info() This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: yukon |
last post by:
Hi there
the next is my platform
IIS5
windows 2000
asp vbscript
My working area has the next virtual directoy:
testAc (corrective ambient)
testAe (evolutionary ambient)
|
by: Dan Meehan |
last post by:
I created a music website that allows people to sign up and post
messages on some message boards and update their profiles and such.
The login script uses cookies, so when they Log Into the site it...
|
by: Mark Anderson |
last post by:
Sorry if this is a rookie mistake... I've been through all the FAQs and the
books I have but I can't see the mistake so I guess it's something simple
<g> - I'm an occasional JS user.
I've got...
|
by: Bennett F. Dill |
last post by:
Thanks for reading. I'm having problems with cookies from asp to asp.net
and back!
It seems like I can set a cookie in asp.net fine, and alter it at will, as
soon as asp touches it, asp.net...
|
by: Ravi |
last post by:
Hi ,
i am trying to pass the same session Id to all the webrequest, but
sometimes the response.cookies returns zero and sometimes one. is this to do
something with cookies expire. In this sample...
|
by: Mike |
last post by:
1. For some reason after the session has ended and the authentication cookie has expired I'm not being redirected to the login page. Insted I'm be assigned a new authentication cookie? Anyone have...
|
by: ltt19 |
last post by:
Hi Folks,
I'm just beggining with asp.net, and I'm doing a webpage to learn it. In the
main page, there is a text by default written in Portuguese, that the user
can change it it English by...
|
by: john.lehmann |
last post by:
Attacked is a piece of code which first hits the login page
successfully and receives back login cookies. But then when I attempt
to hit a page which is restricted to logged in users only, I fail....
|
by: Gridlock |
last post by:
I'm trying to read the cookies using HttpContext.Current.Request.Cookies, but
the only cookie that I get is the ASP.NET SessionId cookie. There are many
cookies on the machine, why am I only...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: Vimpel783 |
last post by:
Hello!
Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
|
by: jfyes |
last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Defcon1945 |
last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
|
by: af34tf |
last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
| |