I'm trying to log in to a site using the requests module, and can't figure out how the site's login page actually works. Here's the relevant form:
<form class="ui-corner-all" method="POST" id="login" target="_top">
<div id="lift__noticesContainer__"></div>
<label for="username">Username</label><br>
<input value="" id="username" type="text" name="F783713994214KVBZZQ">
<label for="password">Password</label><br>
<input value="" id="password" type="password" name="F7837139942151QISNM">
<p><a data-at="e45a1d" href="/forgot_pwd">Forgot password?</a></p><br>
<button class="btn btn-primary" type="submit" name="F783714094216F0PPFD" value="_">LOGIN</button>
</form>
I think the name of the fields are both randomly generated (F783713994214KVBZZQ and F7837139942151QISNM), so I parse those out, but I'm not sure what to do with that information. There's no login page url specified that I can see. I've tried constructing a payload of the above strings and correct login info and posting it with no result.
When I watch the network activity in chrome's inspector, after I click the login button I can see a post to the site but there's no query string parameters (where I would expect to see the username & password).
Does anyone know what else I should be looking at to figure out where the username and password are going and how to access that via requests?
Full login page html: https://pastebin.com/vP1s9esZ
My code: https://pastebin.com/4jG13WfW
The page includes a login.js in the header, but it's only this:
$(document).ready(function() {
$("#username").focus();
// Centers the div
$("#login").position({
of: window,
at: "center center"
});
});
Thanks in advance for any help!
You're looking for Selenium if you want to automate the login flow. But, if you want to make a request to the site, start with the network monitor. Click login and grab the request that goes to the site. They would either send it as a form or a payload.
Read more of the same at What's the difference between "Request Payload" vs "Form Data" as seen in Chrome dev tools Network tab
Related
In my form, I have a user enter in a link, and my goal is to redirect to that link. However, my problem is that whenever I try and get the user to redirect, the form wont redirect to the page. Several people have recommended this:
<form>
<input type="text" name="blah blah blah" id="url">
<input type="submit" onclick="return submit_form()">
</form>
function submit_form(){
window.location.href="a url";
return false;
}
However, when I do this, my server does not receive the input by the user. How can I fix this?
Edit:
I have also tried this:
function submit(){
url = getElementById("url").value;
window.location.href = "url";
}
When you use browser javascript to set window.location.href to a URL, your browser immediately navigates to that URL without intervention from your server. It's similar to typing a URL into the browser's location bar.
If you want your server to do the navigation you need a more complex setup. On your browser, something like this.
<form action="/your/server/route">
<input type=hidden" name="redirect" value="https://example.com/where/to/redirect">
<input type="text" name="blah blah blah">
<input type="submit" >
</form>
Then in your node code handling /your/server/route ...
if (req.body.redirect) res.redirect(req.body.redirect)
That way your server tells the browser to redirect as part of handling the post of your form.
Security tip cybercreeps can misuse the situation where you pass a redirect URL from a browser to your server. Always validate req.body.redirect to make sure it matches what you expect before you use it to actually redirect.
I am making a webpage that has a login functionality in it say www.newpage.com.
Below is the code of the page for reference.
<form name="login">
Username<input type="text" name="userid"/>
Password<input type="password" name="pswrd"/>
<input type="button" onclick="check(this.form)" value="Login"/>
<input type="reset" value="Cancel"/>
</form>
<script language="javascript">
function check(form)
{
if(form.userid.value == "user" && form.pswrd.value == "password")
{
window.open('file:///C:/Users/target.html', "_self")
window.open('https://webmail.sas.rutgers.edu/')
}
alert("Error Password or Username")
}
}
Now what I want is after i have logged in to this webpage it should automatically login to my local Zimbra server. The look and feel of zimbra server is like this : https://webmail.sas.rutgers.edu/
I am learning Javascript so not sure what is the way of doing it.
I read that it can be done by:
1) iframes (again don't know much about them)
2) cookies
Is there a way to do it more conveniently, preferring to do in Javascript. I am stuck with some important project please help.
The question is too broad and is not easy to be answered in short. But let's say you want to login into one particular existing mailbox/account, then one of the easiest ways to do it is to use the zimbra's preauth service and once you log's in your site you could redirect to that service url with specific request parameters which in turn creates and verifies a preauth key and redirects you to your mailbox. Of course you need to configure the preauth properly first. Here is the official guide for it https://wiki.zimbra.com/wiki/Preauth
I have created few forms in laravel 5.1, now i am using those forms on another site using IFrame. Those forms works in all browsers except Safari. When i try to submit/post data after filling up forms, i get error "CSRF Token Mismatch", I dont know what the issue here, csrf token is also being created and sent. This is only happening in case of safari browser.
Can someone guide me that how i can get rid of this issue??
Steps To Reproduce:
create a form and then use it via IFrame. after form is submitted, CSRF Token Mismatch error is generated.
How to solve this? Please help!
CODE SAMPLE:
<form method="post" action="/step1/{{$voucher->user_id}}" accept-charset="UTF-8">
<input name="_method" type="hidden" value="post">
{!! csrf_field() !!}
<div class="row" style="margin-top:15px; margin-bottom:15px;">
<div class="col-md-4 col-xs-5 hidden">
<input name="voucher_id" type="hidden" value="{{$voucher->id}}" id="voucher_id">
<input class="form-control spin text-center qty1" name="qty" id="qty" type="text" value="1" >
<input name="r_full_name" type="hidden" value="" id="r_full_name">
</div>
<div class="col-md-3 col-xs-3">
<button type="submit" class="btn btn-theme"><i class="fa fa-shopping-cart" aria-hidden="true"></i> | BUY</button>
</div>
</form>
this is sample code... AGAIN all this works perfect in any other browser (FF, Chrome) but when I put this forms into iframe in another site then I get TokenMissmatch error...
This is most likely related to how Safari handles cookies and iframes, please see the answer from this question which quotes what seems like an older version of the Safari Developer FAQ which states
Safari ships with a conservative cookie policy which limits cookie
writes to only the pages chosen ("navigated to") by the user. This
default conservative policy may confuse frame based sites that attempt
to write cookies and fail.
That would explain why you are having trouble with this.
The second answer to that question proposes a solution which can be found here. This is basically the same thing as doing a redirect to the domain that owns the cookies, setting the session and redirecting back, which is another solution which is mentioned here.
The csrf token is to prevent cross site request forgery and that's what you are doing when you use an iFrame! The token prevents random websites from submitting a form to your site. So a form using Laravel and a token is not going to work in an iFrame!
If you want to publish the form on other site, either disable the csrf token for that form or handle the submit request in your way so that it pass all the security check according to your need.
I think this post can help you, You can change your cookie politics.
Csfr token problem
send token for each request
$.ajaxSetup({headers: {'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content') } });
Test if browser is Safari and page is home page and session is not started, If yes then redirect window top url to iframe parent url
Steps to fix Laravel Token Mismatch issue with iframe on Safari using redirect is as below:
1) Add route
Route::get('/start-session', 'HomeController#startSession');
2) Add controller action
public function startSession() {
session()->put('isSessionStarted', true);
return redirect('http://www.iframeparentsite.com'); // redirect to website where iframe is hosted
}
3) Install jenssegers/agent module to detect Safari browser https://github.com/jenssegers/agent
composer require jenssegers/agent
4) Use it in controller
use Jenssegers\Agent\Agent;
5) Pass isSafari, isHomepage and isSessionStarted to view in homepage controller action
public function index()
{
$agent = new Agent();
$this->data['isSafari'] = $agent->is('Safari') && !$agent->is('Chrome');
$this->data['isHomepage'] = true;
$this->data['isSessionStarted'] = session()->get('isSessionStarted');
return view('home', $this->data);
}
6) Add blade/javascript code in page layout head section
#if ($isSafari && !empty($isHomepage) && empty($isSessionStarted))
window.top.location = "{{ url('/start-session') }}";
#endif
Redirect will happen once on homepage and will take 1/2 seconds
I have searched for answers with no luck on my problem and thus I hope you can provide me with some help.
My company is using Ember.js, which I have very little knowledge of, and one of our current user stories is to make it possible to show the user something else than a blank page on cancelled login prompt. I have tried making cancel actions etc in the ex-button-Component and login-controller (sorry but cannot show that code), but with no visible change.
The solution could either be a redirection to a page ("you pressed cancel!"), some sort of alert ("ey, you cancelled!") or simply go back to the login prompt.
I provide you with the code for the login template below:
<form class="form-signin" role="form">
<h2 class="form-signin-heading">{{t 'logon.title' logonIdBinding="logonId"}}</h2>
{{#if logonFailed}}
{{show-alert error=true message=errorMessage}}
{{/if}}
{{input type="text" value=logonId placeholder=(t "logon.username") class="form-control"}}
{{input type="password" value=password placeholder=(t "logon.password") class="form-control"}}
{{ex-button icon="fa fa-upload" type="submit" _type="primary" clicked="logon" isLoading=isLoading text=(t 'button.login')}}
</form>
I have the following constantcontact form they provided, After they click on submit, it opens a constant contact page. However I would like that it redirect also to a page after they click on submit
<form name="ccoptin" action="http://visitor.r20.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:2;">
<input type="hidden" name="llr" value="cjdttecab">
<input type="hidden" name="m" value="1101813878050">
<input type="hidden" name="p" value="oi">
<font style="font-weight: normal; font-family:Arial; font-size:12px; color:#000000;">Email:</font> <input type="text" name="ea" size="20" value="" style="font-size:10pt; border:1px solid #999999;">
<input type="submit" name="go" value="Submit" class="submit" style="font-family:Verdana,Geneva,Arial,Helvetica,sans-serif; font-size:10pt;">
</form>
<form onsubmit="setTimeout(function() {location.replace('thanks.html');},100)"
name="ccoptin"
action="http://visitor.r20.constantcontact.com/d.jsp"
target="_blank"
method="post"
style="margin-bottom:2;">
Alternatively go here
http://community.constantcontact.com/t5/Documentation/Constant-Contact-Signup-Form-Generator-CCSFG/ba-p/25033
download the form generator and fill in the success url !!!
Found via this page
http://community.constantcontact.com/t5/User-Community/ct-p/userdiscussion
Since you're using JSP to parse the response, couldnt you just, at the end of your code that handles the form insert this:
response.sendRedirect("your/URL/here");
and just do this the normal way? or is there a reason you need to do this with javascript?
ahhhh n/m I just realized that you do not have control of the receiving script at constant contact - Don't they have a setting you can send to have the browser redirected back to a page of your choosing? I would look into that.
EDIT:
The timeout function below will work but it assumes the end user has javascript enabled. Furthermore, 100ms is not a lot of time to wait - if the network lags for any reason the post will not be sent so it will not work 100% of the time and thats a promise.
The proper way to do this, would be to use this:
http://community.constantcontact.com/t5/Documentation/Constant-Contact-Signup-Form-Generator-CCSFG/ba-p/25033
To set up a privately hosted solution that uses the api. This requires pretty little programming knowledge at all and you'd still be able to skin the form you generate to match your site. It does run in PHP so your server would have to support that, but most do these days.