[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] OT: perl https download script?

Subject: [ale] OT: perl https download script?
From: meuon at geeklabs.com (Mike Harrison)
Date: Wed, 25 Jul 2007 20:35:08 -0400 (EDT)
In-reply-to: <[email protected]>

> Seems to be more complex.  Web form handles the login, not a pop up.

actually, it's usally simpler but most web programmers don't understand 
"simple auth" or have the tools to use it. 

Instead, they are faking a real login/auth and are probably using 
cookies and/or a session ID that get set. Actually usually much simpler 
and easier to fake auth, 

and often, you can fake up the cookies (even with wget) 
if they are something you can just copy, or replicate the calculated 
values. if you are using Firefox, the Web Developer Toolbar 
is useful for examining and setting cookies once logged in. 

For example, a competitors of one my my projects can be bypassed by 
setting two session cookies

  login=dave     (or any valid user)
  auth=passed

References:
- [ale] OT: perl https download script?
  - From: Robert.L.Harris at rdlg.net (Robert L. Harris)

Prev by Date: [ale] OT: perl https download script?
Next by Date: [ale] Perl https download
Previous by thread: [ale] OT: perl https download script?
Next by thread: [ale] OT: perl https download script?
Index(es):
- Date
- Thread