When developing endpoints I need to follow a rather complex/cumbersome login process to authenticate with our gatekeeper.
For this I open the developer login page in Paw. It opens inside paw and renders the content properly. If I then click the button to actually login and an external browser is opened causing Paw to loose track of the proper cookies.
I wonder if it would be possible to keep the request inside Paws embedded browser so the cookies are not lost and I can continue testing my endpoints.
To be able to login using cookie-based auth, in Paw 2.1, you can use this hack: go to your web browser with developer mode enabled and login on the website. Then, in the Inspector / Debugger, go to Cookies (in Chrome/Safari: inspector is Cmd+Option+I, then tab "Resources" then "Cookies"). Copy the session/login cookie. Go back to Paw and add a "Cookie: mySessionCookie=value" header. It should do the trick.
Note: that's a hacky method. As mentioned in my earlier comment, a nicer way is to come.
Related
I installed some chrome extension that pop ups a modal box when I'm on a certain domain.
If I click the button in that box, I see in the Network tab of chrome developer tools, that the extension makes an HTTP Post request to the website.
The request contains some request cookies from the domain: A,B,C,D.
And response cookies from the domain: A,B,C - without D.
When the request is done (and the extension finished doing its "magic"), I discovered that the value of cookie D has changed, even though D was not in the response cookies. I tested it several times.
How is this possible? Can the extension make something in the background that is hidden from the network tab, that will cause the cookie D from the domain to change?
I want to be able to capture and document this Cookie D generation behavior, and don't know how to do that.
Using the chrome.cookies API, a Chrome extension can manipulate the cookies that are stored in the browser without the need to perform an HTTP request. The extension will need the cookies permission to access this API.
You will not be able to capture, or intercept, the extension's calls to the chrome.cookies API.
In addition, through the chrome.webRequest API, a chrome extension can modify the request headers, including cookies, which are sent or received without directly changing the cookies which are stored in the browser. The extension will need the webRequest and webRequestBlocking permissions to make such changes.
I want to automate logging into a website and retrieving certain data.
I thought the way to do this would be to sniff the HTTP requests so I know where the login form is being POSTed to so I can do the same using NodeJS/Java/Python.
However I can't seem to find the HTTP request that handles it.
The site seems to use some Java-applet and a lot of Javascript.
This is the site: link
Should I have a different approach?
Also also wonder about storing a cookie session, and sending it with each HTTP request after logging in.
I'm sorry if I am not to clear, I will try to explain myself further and edit this post if needed.
You can use the developer console (hit F12) in Chrome (this works also in other browsers) and then click the "Network" tab. There you see all network calls.
To detect what http requests are performed from a mobile device, you can use a proxy like Charles Proxy.
Also be aware that if you post from nodejs the cookies won't be set in the users browser.
I have an application in ASP.Net that use cookies for store some information.I want to open a form only first time when a user enter into the site.I created a cookie and I wrote something in that .The next time I enter the site, I read this information,if something is wrote in there that means that it's not necessary to open the form again.It works fine if I use the same browser, but if first I open with Internet Explorer the site ,I make the cookie , wrote something in it , I close the browser and then I open site with Mozzila Firefox the application can't see the cookie that i created with Internet Exlorer(the read cookie is null) .I create the cookie with Mozilla , i open application with Chrome , this also doesn't see the cookie.If I wrote something in the cookie with one browser , I can read this value only if i use the same browser. What should I do to see cookie content with all the browsers, to can read the cookie content with all browsers?
No! You can't and Check this question Can two different browser share on cookie?
That is not possible with regular cookies, what I know of. Each browser store and keep track of their own cookies, and does not share them.
I haven't tried it myself, but there are examples where Flash cookies and JavaScript are being used to create something like a cross-browser cookie.
I have an ASP.Net application where I am using Windows authentication to deny access to some components via roles. When using IE, the site pops up the "Authentication Required" box once, allows the user to enter their username/password for Active Directory, and all is fine.
HOWEVER, when using Firefox, it's "Authentication Required" box pops up, but when you click 'ok', it comes up again! It stays up a few dozen times! If you click cancel to all of them, it fails properly, denying access to the site. If you click cancel to all but 1 (Which you authenticate properly), it acts like you were properly authenticated.
My goal here is to have Firefox act like IE, and only ask the user once.
This forum post recommends updating your web.config to allow anon on WebResource.axd: http://forums.asp.net/p/1295804/2515478.aspx#2515478
Not ideal - I don't really understand WHY axd requests are behaving like this.
NOTE: NTLM requires keep-alive, if you install fiddler or firebug you should be able to see the "Connection: keep-alive" messages in the request header: http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication
you could get Firefox to behave exacylt like IE by adding the site to
about:config >>
network.automatic-ntlm-auth.trusted-uris
then firefox will use Windows Auth for the site
Maybe it would be best to redesign your login/authentication system such that authentication is asked only when the user first views/logs-in to the website (i.e. a login.aspx page) so that after that the users's credentials are cached throughout your website.
I have a Drupal site with user logins. Embedded within this site is a Flash application that shows some data to everybody but allows extra functionality if the user is logged on. From within Flash, I'm using XMLRPC to access the system.check method (to determine whether the user is logged in) and the user.login method (to log in a user from within Flash).
Within Flash, everything works fine. However the Flash login state does not seem to correspond to the rest of the site. For example, if I invoke user.login via XMLRPC, subsequent calls to system.check show that I am logged in, but the Drupal user page still says I'm logged out. Or if I am logged in both places and then I log out via the Drupal user page, the next call to system.check still indicates that I am logged in.
How can I make the login state consistent between the Drupal GUI and my embedded Flash app?
(Note: I am not using any XMLRPC library, I am just constructing the requisite XML manually and sending POST methods using a URLRequest object.)
EDIT: I have confirmed via this question and also via testing with a Web Proxy that the SESS cookie returned by the user login page is being picked up and sent back by the flash application.
EDIT: And now I have shown experimentally that even though Flash (via Safari) is sending the same cookie, it gets back a DIFFERENT cookie when it connects to the XMLRPC service than when it requests and HTML page. In other words, Drupal just doesn't support this kind of synchronization and I'm stuck. I'm accepting the answer below that put me on the right track.
EDIT: AMHPHP is not fully released for Drupal6 as of this writing, but it turned out to be installed on the site anyway. Using the DrupalSite library, I was very easily able to log into and out of the site from flash, and the login remained consistent between flash and HTML.
I'm not terribly familar with Flash, but do the URLRequest objects "inherit" state from the browser session, including the user login cookies? If not, you'll need to explicitly send the login cookie with your hand-built request or Drupal will think that it's just coming from another web browser at the same IP address.
If you're not quite sure, using the Firebug plugin might be useful. It lets you inspect any requests that are being piped through the browser, examine their headers, and look at the raw HTTP response object that comes back.
Update: Even more important than the flash widget getting a session cookie is the flash widget getting the SAME session cookie as the web browser itself. Drupal allows users to log in from multiple machines simultaneously, so if the browser is creating one session and the flash widget is creating another, you'd see the behavior you're describing...
It can't be done.
(For details, please see my final edit to the original question and the equivalent information in my comment to #Eaton.)