Jump to content

Recommended Posts

You also need to send the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. Can you show us your current curl script?

Hi, that i have done but the challenge is to get the scritp name that handle this form and whether the username and password when being sent, what are the exact name tied to them e.g "username or uname or user" as well as the password that is sent whether "password or pass or pword" etc as they form the query string to the server.

There is a wonderful ad-ons for firefox, it's called - Life HTTP Headers, which, you can use to get a form login credential. So, I made a fake request to this site and this is what I get:

 

 

https://www.23andme.com/user/signin/
POST /user/signin/ HTTP/1.1
Host: www.23andme.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Referer: https://www.23andme.com/user/signin/
Cookie: vs=251a25c3e3682b78605fbed2456d57921555d7bd|622c4ef2dfca44189a69fad19dcb628e; ab="RqWvqdnJfAdafLHHoryy-YBGqPI93jt6qpECzyuZAoA="; uuid=5dfe2db79c7a51ce630f44f18f4a0f8a86564a09|1f7fbdbe3e8a4adea186cca31c06c656; NSC_xxx-wjq-ttm-gps-dtx=ffffffff09090e0345525d5f4f58455e445a4a42378b; optly_new=true; optly_new_session=true; optimizelySegments=%7B%22288246438%22%3A%22none%22%2C%22172166249%22%3A%22direct%22%2C%22172196495%22%3A%22ff%22%2C%22566394325%22%3A%22true%22%2C%22172021755%22%3A%22false%22%7D; optimizelyEndUserId=oeu1402226740580r0.45816714093541944; optimizelyBuckets=%7B%221118350307%22%3A%221194051135%22%7D; __utma=172634208.740909486.1402226741.1402226741.1402226741.1; __utmb=172634208.7.10.1402226741; __utmc=172634208; __utmz=172634208.1402226741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cvo_sid1=N5JJATSNEUBK
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 286
username=jazzman&password=password&redirect=&source_flow=&__source_node__=start&__context__=IhEcX2ivtGzK30cuk0eODNsNcX7FHNZJWPaEIYtdQT12OIx41EALfWWl4eTEIKDMJ-tQ9LhFIui8U0dpV0sBIipLq5jLnCJmworArmgt_QkbbfLczY_T8_6WR7-B4QxZRn8zxfTWKKvZI8nyQaVHmA%3D%3D&__form__=login&redirect=&button=Log+In

 

The first line is the action of the login form, the last one is the login credentials and you need to send this data in exactly same way as the browser does.

There is a wonderful ad-ons for firefox, it's called - Life HTTP Headers, which, you can use to get a form login credential. So, I made a fake request to this site and this is what I get:

 

 

The first line is the action of the login form, the last one is the login credentials and you need to send this data in exactly same way as the browser does.

Hi jazzman, so if i were to include this suggestion on my cURL script below, will this work out

 

<?php

error_reporting(E_ALL);

 

$username = 'myusername';

$password = 'mypassword';

$loginUrl = 'https://www.23andme.com/user/signin/';

 

//init curl

$ch = curl_init();

 

//Set the URL to work with

curl_setopt($ch, CURLOPT_URL, $loginUrl);

 

// ENABLE HTTP POST

curl_setopt($ch, CURLOPT_POST, 1);

 

//Set the post parameters

curl_setopt($ch, CURLOPT_POSTFIELDS, 'username='.$username.'&password='.$password.'&redirect=&source_flow=&__source_node__=start&__context__=IhEcX2ivtGzK30cuk0eODNsNcX7FHNZJWPaEIYtdQT12OIx41EALfWWl4eTEIKDMJ-tQ9LhFIui8U0dpV0sBIipLq5jLnCJmworArmgt_QkbbfLczY_T8_6WR7-B4QxZRn8zxfTWKKvZI8nyQaVHmA%3D%3D&__form__=login&redirect=&button=Log+In');

 

//Handle cookies for the login

curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$store = curl_exec($ch);

if($store !=true){

    die('Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch));

}else{

//the login is now done and you can continue to get the protected content.

 

//set the URL to the protected file

curl_setopt($ch, CURLOPT_URL, 'https://www.23andme.com/you/download');

 

//execute the request

$content = curl_exec($ch);

echo $content;

 

}

//if($store == true){

    //echo "Login success";

    

    //the login is now done and you can continue to get the

//protected content.

 

//set the URL to the protected file

//curl_setopt($ch, CURLOPT_URL, 'http://www.example.com/protected/download.zip');

 

//execute the request

//$content = curl_exec($ch);

 

//save the data to disk

//file_put_contents('~/download.zip', $content);

//}else{

// echo"Login fails......";

// echo "Last known error code: " . curl_errno($ch) . "\n";

// echo "Last known error text: " . curl_error($ch) . "\n";

 

//}

?>

Please, use the forum's code tags when providing code next time! Did you test it? Try my script it would be something like this,

$data = array('username'=>'user',
'password'=>'pass',
'redirect'=>'',
'source_flow'=>'',
'__source_node__'=>'start',
'__context__'=>'IhEcX2ivtGzK30cuk0eODNsNcX7FHNZJWPaEIYtdQT12OIx41EALfWWl4eTEIKDMJ-tQ9LhFIui8U0dpV0sBIipLq5jLnCJmworArmgt_QkbbfLczY_T8_6WR7-B4QxZRn8zxfTWKKvZI8nyQaVHmA%3D%3D',
'__form__'=>'login',
'redirect'=>'',
'button'=>'Log%20In');

$curl_cookie = "cookies.txt";

$fp = fopen("example_homepage.txt", "w");

// create a new cURL resource
$ch = curl_init();

// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, 'https://www.23andme.com/user/signin/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $curl_cookie); // Read cookie file
curl_setopt($ch, CURLOPT_COOKIEJAR,  $curl_cookie); // Write cookie file
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_FILE, $fp);
// grab URL and pass it to the browser
$output = curl_exec($ch);

$info = curl_getinfo($ch);

curl_close($ch);

fclose($fp);

Double check the login credentials. If everything is fine with the server permissions, you would be able to find the content of the requested, then redirected form page inside example_homepage.txt file. 

Edited by jazzman1

Sorry, i forgot to put an ampersand (&) in front of every html form field name in array data. When I run the login test I got a html error page. Next script works for me:

$data = array(
'username'=>'email%40gmail.com',
'&password'=>'pass',
'&redirect'=>'',
'&source_flow'=>'',
'&__source_node__'=>'start',
'&__context__'=>'dG7hxHue89rxYi1En6avVefzAKAQDAVFfmXJ0fbZP8OrIAoW22b9ImZz6j_j5B-7KAUc7ijL7dwkY-tsC9U1aUpQfCATLtAvxcSsb6FPTFwZkB2_ATGv7uZO6s5l8QF-KrnFfkcX3qB5OvsjnbhMlA%3D%3D',
'&__form__'=>'login',
'&redirect'=>'',
'&button'=>'Log%20In');
 
$curl_cookie = "cookies.txt";
 
//$fp = fopen("example_homepage.txt", "w");
 
// create a new cURL resource
$ch = curl_init();
 
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, 'https://www.23andme.com/user/signin/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $curl_cookie); // Read cookie file
curl_setopt($ch, CURLOPT_COOKIEJAR, $curl_cookie); // Write cookie file
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
//curl_setopt($ch, CURLOPT_FILE, $fp);
// grab URL and pass it to the browser
$output = curl_exec($ch);
 
$info = curl_getinfo($ch);
 
curl_close($ch);
 
//fclose($fp);

post-124152-0-41528600-1402244775_thumb.png

Edited by jazzman1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.