You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by lsacco <oc...@gmail.com> on 2010/05/04 00:47:59 UTC
Getting past authentication to Flickr/Yahoo
I've been working on a program to access the TOS from Flickr
(http://www.flickr.com/services/api/tos/), but to get to it, you have to log
in with a valid Yahoo account.
I thought this should be pretty easy to do with HTTPClient, but what I'm
finding out is that you are redirected several times (eventually to the
Yahoo login page) and that on the login form there are several hidden fields
you would need to include in order to authenticate. I see how one might
post that but what I'm finding difficult is how to get a handle on the page
you're ultimately redirected to.
Does anyone know of a concise way to use HTTPClient to get past the Yahoo
login screen?
Thanks!
--
View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28440624.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by lsacco <oc...@gmail.com>.
At last...success! A buddy of mine turned me onto Tamper Data, which lead me
to the right combination. Here it is for others that might find this
useful:
String strU = StringUtils.substringBetween(_strGetRspBody,
"<input type=\"hidden\" name=\".u\" value=\"", "\">");
String strChallenge = StringUtils.substringBetween(_strGetRspBody,
"<input type=\"hidden\" name=\".challenge\" value=\"", "\">");
String strDone = StringUtils.substringBetween(_strGetRspBody,
"<input type=\"hidden\" name=\".done\" value=\"", "\">");
String strPD = StringUtils.substringBetween(_strGetRspBody,
"<input type=\"hidden\" name=\".pd\" value=\"", "\">");
NameValuePair[] nvPairs = new NameValuePair[26];
nvPairs[0] = new NameValuePair("login", user);
nvPairs[1] = new NameValuePair("passwd", password);
nvPairs[2] = new NameValuePair(".tries", "1");
nvPairs[3] = new NameValuePair(".src", "flickr");
nvPairs[4] = new NameValuePair(".md5", "");
nvPairs[5] = new NameValuePair(".hash", "");
nvPairs[6] = new NameValuePair(".js", "");
nvPairs[7] = new NameValuePair(".last", "");
nvPairs[8] = new NameValuePair("promo", "");
nvPairs[9] = new NameValuePair(".intl", "us");
nvPairs[10] = new NameValuePair(".bypass", "");
nvPairs[11] = new NameValuePair(".partner", "");
nvPairs[12] = new NameValuePair(".u", strU);
nvPairs[13] = new NameValuePair(".v", "0");
nvPairs[14] = new NameValuePair(".challenge", strChallenge);
nvPairs[15] = new NameValuePair(".yplus", "");
nvPairs[16] = new NameValuePair(".emailCode", "");
nvPairs[17] = new NameValuePair("pkg", "");
nvPairs[18] = new NameValuePair("stepid", "");
nvPairs[19] = new NameValuePair(".ev", "");
nvPairs[20] = new NameValuePair("hasMsgr", "0");
nvPairs[21] = new NameValuePair(".chkP", "Y");
nvPairs[22] = new NameValuePair(".done", strDone);
nvPairs[23] = new NameValuePair(".pd", strPD);
nvPairs[24] = new NameValuePair(".save", "Sign+In");
nvPairs[25] = new NameValuePair(".persistent", "y");
--
View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28481073.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by lsacco <oc...@gmail.com>.
John Smith-151 wrote:
>
> In Wireshark : Show the capture options -> Capture filter -> tcp port http
> or host target_ip
>
> I think it'll help
>
>
But how can you use Wireshark when the login site is HTTPS. Wireshark can
only sniff traffic in the clear unless you have the private key for the Web
server which I obviously don't. Wireshark just shows me the redirects, but
not the actual form submittal.
--
View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28469500.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by John Smith <de...@gmail.com>.
On Thu, May 6, 2010 at 1:26 AM, Jeff Davis <je...@flyingdiamond.com> wrote:
> sebb wrote:
>
> Perfect advice, the only thing I have to add is that Wireshark isn't much
> help for https - if you can also log in on http then that will work great.
>
In Wireshark : Show the capture options -> Capture filter -> tcp port http
or host target_ip
I think it'll help
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by Jeff Davis <je...@FlyingDiamond.com>.
sebb wrote:
> On 05/05/2010, lsacco <oc...@gmail.com> wrote:
>
>> olegk wrote:
>> >
>> > Yahoo as well as other high profile sites intentionally make it very
>> > difficult to script their login process.
>> >
>>
>>
>> Yeah, no kidding! Here's my code...I basically combed there form and create
>> new NameValuePairs for them. They also have hash function onSubmit to MD5
>> the password and challenge phrase and so I just do that in Java. Still
>> after all my efforts, I can't get passed the login form. Anything you see
>> below that I might be missing? Thanks!
>>
>
> Try comparing the HTTP traffic for a successful session from a browser
> with what your application is sending, and then tweak the code as
> needed.
>
> A protocol analyser such as Wireshark can help with this.
>
Perfect advice, the only thing I have to add is that Wireshark isn't
much help for https - if you can also log in on http then that will
work great.
Otherwise you'll need a browser plugin to sniff the packets before they
get encrypted. Here is a few options:
http://http-sniffer-plugin.qarchive.org/
>
>> String url = "https://login.yahoo.com";
>> int port = 443;
>>
>> HttpClient _client = new HttpClient();
>> _client.getHostConfiguration().setHost(url, port, "https");
>> _client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
>>
>> GetMethod authget = new GetMethod(url);
>>
>> try {
>> _client.executeMethod(authget);
>> } catch (IOException i) {
>> i.printStackTrace();
>> }
>>
>> // Read the response body.
>> byte[] responseBody = authget.getResponseBody();
>> String _strGetRspBody = authget.getResponseBodyAsString();
>> _logger.debug("GetRspBody: " + _strGetRspBody);
>>
>> // release any connection resources used by the method
>> authget.releaseConnection();
>>
>> // Get the .u value
>> int intUStart = _strGetRspBody
>> .indexOf("<input type=\"hidden\" name=\".u\"");
>> intUStart = intUStart + 38;
>> String strU = _strGetRspBody.substring(intUStart, intUStart + 13);
>> _logger.debug("U value from Get: " + strU);
>>
>> // Get the .challenge value
>> int intChallengeStart = _strGetRspBody
>> .indexOf("<input type=\"hidden\" name=\".challenge\"");
>> intChallengeStart = intChallengeStart + 46;
>> String strChallenge = _strGetRspBody.substring(intChallengeStart,
>> intChallengeStart + 28);
>> _logger.debug("Challenge value from Get: " + strChallenge);
>>
>> //JS Function in Yahoo! form to hash password onSubmit
>> // function hash2(form){var passwd=form.passwd.value
>> // if(!form.passwd.value){return false;}
>> // if(ok_password(passwd)){return true;}
>> // var challenge=form[".challenge"].value;
>> // var fullhash=MD5(MD5(passwd)+challenge);
>> // form.passwd.value=fullhash;
>> // form[".md5"].value=1;form[".hash"].value=1;form[".js"].value=1;
>> // return true;}
>> String hashPwd = MD5(MD5(password) + strChallenge);
>> _logger.debug("hashPwd value from Get: " + hashPwd);
>>
>> NameValuePair[] nvPairs = new NameValuePair[24];
>> nvPairs[0] = new NameValuePair("username", user);
>> nvPairs[1] = new NameValuePair("passwd", hashPwd);
>> nvPairs[2] = new NameValuePair(".tries","1");
>> nvPairs[3] = new NameValuePair(".src","flickr");
>> nvPairs[4] = new NameValuePair(".md5","1");
>> nvPairs[5] = new NameValuePair(".hash","1");
>> nvPairs[6] = new NameValuePair(".js","1");
>> nvPairs[7] = new NameValuePair(".last","");
>> nvPairs[8] = new NameValuePair("promo","");
>> nvPairs[9] = new NameValuePair(".intl","us");
>> nvPairs[10] = new NameValuePair(".bypass","");
>> nvPairs[11] = new NameValuePair(".partner","");
>> nvPairs[12] = new NameValuePair(".u",strU);
>> nvPairs[13] = new NameValuePair(".v","0");
>> nvPairs[14] = new NameValuePair(".challenge",strChallenge);
>> nvPairs[15] = new NameValuePair(".yplus","");
>> nvPairs[16] = new NameValuePair(".emailCode","");
>> nvPairs[17] = new NameValuePair("pkg","");
>> nvPairs[18] = new NameValuePair("stepid","");
>> nvPairs[19] = new NameValuePair(".ev","");
>> nvPairs[20] = new NameValuePair("hasMsgr","0");
>> nvPairs[21] = new NameValuePair(".chkP","Y");
>> nvPairs[22] = new
>> NameValuePair(".done","http://www.flickr.com/services/api/tos/");
>> nvPairs[23] = new NameValuePair(".pd","_ver=0&c=&ivt=&sg=");
>>
>> String strLogonUrl = "https://login.yahoo.com/config/login?";
>> PostMethod authpost = new PostMethod(strLogonUrl);
>>
>> // Prepare login parameters
>> authpost.setRequestBody(nvPairs);
>>
>> try {
>> _client.executeMethod(authpost);
>> } catch (IOException i) {
>> i.printStackTrace();
>> }
>>
>> String strStatusLine = authpost.getStatusLine().toString();
>> System.out.println("Login form post: " + strStatusLine);
>>
>> String _strPostRspBody = authpost.getResponseBodyAsString();
>> _logger.debug("Response Body from Post: \n" + _strPostRspBody);
>>
>> // release any connection resources used by the method
>> authpost.releaseConnection();
>>
>>
>> --
>> View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28466685.html
>>
>> Sent from the HttpClient-User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>>
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by sebb <se...@gmail.com>.
On 05/05/2010, lsacco <oc...@gmail.com> wrote:
>
>
> olegk wrote:
> >
> > Yahoo as well as other high profile sites intentionally make it very
> > difficult to script their login process.
> >
>
>
> Yeah, no kidding! Here's my code...I basically combed there form and create
> new NameValuePairs for them. They also have hash function onSubmit to MD5
> the password and challenge phrase and so I just do that in Java. Still
> after all my efforts, I can't get passed the login form. Anything you see
> below that I might be missing? Thanks!
Try comparing the HTTP traffic for a successful session from a browser
with what your application is sending, and then tweak the code as
needed.
A protocol analyser such as Wireshark can help with this.
> String url = "https://login.yahoo.com";
> int port = 443;
>
> HttpClient _client = new HttpClient();
> _client.getHostConfiguration().setHost(url, port, "https");
> _client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
>
> GetMethod authget = new GetMethod(url);
>
> try {
> _client.executeMethod(authget);
> } catch (IOException i) {
> i.printStackTrace();
> }
>
> // Read the response body.
> byte[] responseBody = authget.getResponseBody();
> String _strGetRspBody = authget.getResponseBodyAsString();
> _logger.debug("GetRspBody: " + _strGetRspBody);
>
> // release any connection resources used by the method
> authget.releaseConnection();
>
> // Get the .u value
> int intUStart = _strGetRspBody
> .indexOf("<input type=\"hidden\" name=\".u\"");
> intUStart = intUStart + 38;
> String strU = _strGetRspBody.substring(intUStart, intUStart + 13);
> _logger.debug("U value from Get: " + strU);
>
> // Get the .challenge value
> int intChallengeStart = _strGetRspBody
> .indexOf("<input type=\"hidden\" name=\".challenge\"");
> intChallengeStart = intChallengeStart + 46;
> String strChallenge = _strGetRspBody.substring(intChallengeStart,
> intChallengeStart + 28);
> _logger.debug("Challenge value from Get: " + strChallenge);
>
> //JS Function in Yahoo! form to hash password onSubmit
> // function hash2(form){var passwd=form.passwd.value
> // if(!form.passwd.value){return false;}
> // if(ok_password(passwd)){return true;}
> // var challenge=form[".challenge"].value;
> // var fullhash=MD5(MD5(passwd)+challenge);
> // form.passwd.value=fullhash;
> // form[".md5"].value=1;form[".hash"].value=1;form[".js"].value=1;
> // return true;}
> String hashPwd = MD5(MD5(password) + strChallenge);
> _logger.debug("hashPwd value from Get: " + hashPwd);
>
> NameValuePair[] nvPairs = new NameValuePair[24];
> nvPairs[0] = new NameValuePair("username", user);
> nvPairs[1] = new NameValuePair("passwd", hashPwd);
> nvPairs[2] = new NameValuePair(".tries","1");
> nvPairs[3] = new NameValuePair(".src","flickr");
> nvPairs[4] = new NameValuePair(".md5","1");
> nvPairs[5] = new NameValuePair(".hash","1");
> nvPairs[6] = new NameValuePair(".js","1");
> nvPairs[7] = new NameValuePair(".last","");
> nvPairs[8] = new NameValuePair("promo","");
> nvPairs[9] = new NameValuePair(".intl","us");
> nvPairs[10] = new NameValuePair(".bypass","");
> nvPairs[11] = new NameValuePair(".partner","");
> nvPairs[12] = new NameValuePair(".u",strU);
> nvPairs[13] = new NameValuePair(".v","0");
> nvPairs[14] = new NameValuePair(".challenge",strChallenge);
> nvPairs[15] = new NameValuePair(".yplus","");
> nvPairs[16] = new NameValuePair(".emailCode","");
> nvPairs[17] = new NameValuePair("pkg","");
> nvPairs[18] = new NameValuePair("stepid","");
> nvPairs[19] = new NameValuePair(".ev","");
> nvPairs[20] = new NameValuePair("hasMsgr","0");
> nvPairs[21] = new NameValuePair(".chkP","Y");
> nvPairs[22] = new
> NameValuePair(".done","http://www.flickr.com/services/api/tos/");
> nvPairs[23] = new NameValuePair(".pd","_ver=0&c=&ivt=&sg=");
>
> String strLogonUrl = "https://login.yahoo.com/config/login?";
> PostMethod authpost = new PostMethod(strLogonUrl);
>
> // Prepare login parameters
> authpost.setRequestBody(nvPairs);
>
> try {
> _client.executeMethod(authpost);
> } catch (IOException i) {
> i.printStackTrace();
> }
>
> String strStatusLine = authpost.getStatusLine().toString();
> System.out.println("Login form post: " + strStatusLine);
>
> String _strPostRspBody = authpost.getResponseBodyAsString();
> _logger.debug("Response Body from Post: \n" + _strPostRspBody);
>
> // release any connection resources used by the method
> authpost.releaseConnection();
>
>
> --
> View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28466685.html
>
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by lsacco <oc...@gmail.com>.
olegk wrote:
>
> Yahoo as well as other high profile sites intentionally make it very
> difficult to script their login process.
>
Yeah, no kidding! Here's my code...I basically combed there form and create
new NameValuePairs for them. They also have hash function onSubmit to MD5
the password and challenge phrase and so I just do that in Java. Still
after all my efforts, I can't get passed the login form. Anything you see
below that I might be missing? Thanks!
String url = "https://login.yahoo.com";
int port = 443;
HttpClient _client = new HttpClient();
_client.getHostConfiguration().setHost(url, port, "https");
_client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY);
GetMethod authget = new GetMethod(url);
try {
_client.executeMethod(authget);
} catch (IOException i) {
i.printStackTrace();
}
// Read the response body.
byte[] responseBody = authget.getResponseBody();
String _strGetRspBody = authget.getResponseBodyAsString();
_logger.debug("GetRspBody: " + _strGetRspBody);
// release any connection resources used by the method
authget.releaseConnection();
// Get the .u value
int intUStart = _strGetRspBody
.indexOf("<input type=\"hidden\" name=\".u\"");
intUStart = intUStart + 38;
String strU = _strGetRspBody.substring(intUStart, intUStart + 13);
_logger.debug("U value from Get: " + strU);
// Get the .challenge value
int intChallengeStart = _strGetRspBody
.indexOf("<input type=\"hidden\" name=\".challenge\"");
intChallengeStart = intChallengeStart + 46;
String strChallenge = _strGetRspBody.substring(intChallengeStart,
intChallengeStart + 28);
_logger.debug("Challenge value from Get: " + strChallenge);
//JS Function in Yahoo! form to hash password onSubmit
// function hash2(form){var passwd=form.passwd.value
// if(!form.passwd.value){return false;}
// if(ok_password(passwd)){return true;}
// var challenge=form[".challenge"].value;
// var fullhash=MD5(MD5(passwd)+challenge);
// form.passwd.value=fullhash;
// form[".md5"].value=1;form[".hash"].value=1;form[".js"].value=1;
// return true;}
String hashPwd = MD5(MD5(password) + strChallenge);
_logger.debug("hashPwd value from Get: " + hashPwd);
NameValuePair[] nvPairs = new NameValuePair[24];
nvPairs[0] = new NameValuePair("username", user);
nvPairs[1] = new NameValuePair("passwd", hashPwd);
nvPairs[2] = new NameValuePair(".tries","1");
nvPairs[3] = new NameValuePair(".src","flickr");
nvPairs[4] = new NameValuePair(".md5","1");
nvPairs[5] = new NameValuePair(".hash","1");
nvPairs[6] = new NameValuePair(".js","1");
nvPairs[7] = new NameValuePair(".last","");
nvPairs[8] = new NameValuePair("promo","");
nvPairs[9] = new NameValuePair(".intl","us");
nvPairs[10] = new NameValuePair(".bypass","");
nvPairs[11] = new NameValuePair(".partner","");
nvPairs[12] = new NameValuePair(".u",strU);
nvPairs[13] = new NameValuePair(".v","0");
nvPairs[14] = new NameValuePair(".challenge",strChallenge);
nvPairs[15] = new NameValuePair(".yplus","");
nvPairs[16] = new NameValuePair(".emailCode","");
nvPairs[17] = new NameValuePair("pkg","");
nvPairs[18] = new NameValuePair("stepid","");
nvPairs[19] = new NameValuePair(".ev","");
nvPairs[20] = new NameValuePair("hasMsgr","0");
nvPairs[21] = new NameValuePair(".chkP","Y");
nvPairs[22] = new
NameValuePair(".done","http://www.flickr.com/services/api/tos/");
nvPairs[23] = new NameValuePair(".pd","_ver=0&c=&ivt=&sg=");
String strLogonUrl = "https://login.yahoo.com/config/login?";
PostMethod authpost = new PostMethod(strLogonUrl);
// Prepare login parameters
authpost.setRequestBody(nvPairs);
try {
_client.executeMethod(authpost);
} catch (IOException i) {
i.printStackTrace();
}
String strStatusLine = authpost.getStatusLine().toString();
System.out.println("Login form post: " + strStatusLine);
String _strPostRspBody = authpost.getResponseBodyAsString();
_logger.debug("Response Body from Post: \n" + _strPostRspBody);
// release any connection resources used by the method
authpost.releaseConnection();
--
View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28466685.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2010-05-04 at 09:58 -0700, lsacco wrote:
> I've been using LiveHTTPHeaders/Wireshark to analyze it. I see 3 redirects.
> This part works fine for HTTPClient. The problem is posting the resulting
> Yahoo login form. There's a bunch of hidden fields with GUIDs and it has a
> hash function onSubmit() of the form. It seems like I'd need to hack their
> form in order to passthru the login page.
>
> Anybody attempt this?
>
Yahoo as well as other high profile sites intentionally make it very
difficult to script their login process.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by lsacco <oc...@gmail.com>.
I've been using LiveHTTPHeaders/Wireshark to analyze it. I see 3 redirects.
This part works fine for HTTPClient. The problem is posting the resulting
Yahoo login form. There's a bunch of hidden fields with GUIDs and it has a
hash function onSubmit() of the form. It seems like I'd need to hack their
form in order to passthru the login page.
Anybody attempt this?
sebb-2-2 wrote:
>
> I suggest you use a browser addon to log the HTTP requests which are
> needed.
>
> Alternatively, use a protocol analyser such as Wireshark.
>
> On 03/05/2010, lsacco <oc...@gmail.com> wrote:
>>
>> I've been working on a program to access the TOS from Flickr
>> (http://www.flickr.com/services/api/tos/), but to get to it, you have to
>> log
>> in with a valid Yahoo account.
>>
>> I thought this should be pretty easy to do with HTTPClient, but what I'm
>> finding out is that you are redirected several times (eventually to the
>> Yahoo login page) and that on the login form there are several hidden
>> fields
>> you would need to include in order to authenticate. I see how one might
>> post that but what I'm finding difficult is how to get a handle on the
>> page
>> you're ultimately redirected to.
>>
>> Does anyone know of a concise way to use HTTPClient to get past the
>> Yahoo
>> login screen?
>>
>> Thanks!
>>
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28440624.html
>> Sent from the HttpClient-User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28450324.html
Sent from the HttpClient-User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Getting past authentication to Flickr/Yahoo
Posted by sebb <se...@gmail.com>.
I suggest you use a browser addon to log the HTTP requests which are needed.
Alternatively, use a protocol analyser such as Wireshark.
On 03/05/2010, lsacco <oc...@gmail.com> wrote:
>
> I've been working on a program to access the TOS from Flickr
> (http://www.flickr.com/services/api/tos/), but to get to it, you have to log
> in with a valid Yahoo account.
>
> I thought this should be pretty easy to do with HTTPClient, but what I'm
> finding out is that you are redirected several times (eventually to the
> Yahoo login page) and that on the login form there are several hidden fields
> you would need to include in order to authenticate. I see how one might
> post that but what I'm finding difficult is how to get a handle on the page
> you're ultimately redirected to.
>
> Does anyone know of a concise way to use HTTPClient to get past the Yahoo
> login screen?
>
> Thanks!
>
>
> --
> View this message in context: http://old.nabble.com/Getting-past-authentication-to-Flickr-Yahoo-tp28440624p28440624.html
> Sent from the HttpClient-User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org