You are here

Login using curl from shell (linux)

Submitted by vandresv on Sun, 09/29/2013 - 22:33

Forums:

Hello,
I am trying to write a small shell script using curl. The purpose of it, is to monitor Luminis WebServer from another server. I've found a script written in perl by another member but it does not work at my school. I am not sure if it works for this version of Luminis 4. Taking a look on the response from the webserver when a request to /cp/home/displaylogin happens I found that 3 values are sent to the server, user, pass and uuid, this last one generated in luminis before sent to the client.
I grep this uuid value and together with the user/password I sent it to luminis using curl, but it does not login (invalid pair username/password error is received instead).
Taking a look at the javascript code in the page I see that a cookie is created just before the document.cplogin.submit statement (query=). Based on this I guess that I also have to send that cookie to the server. Is that right?
Anyway, I tried using firebug to catch the moment of creation of that cookie by the javascript but firebug does not show it. I placed a breakpoint after the document.cookie statement and no new cookie is created, or at least shown by firebug. Is that an issue of firebug or is an issue with my understanding of the logic of the javascript.
Any help would be greatly appreciated,
Thank you very much,
Andres

Luminis Version:

I was missing the option --location in the curl command. I was able to login into Luminis already. I will post script when I finishes it.
Best regards,
Andres

Hi,
This is the script I was working with. It is kind of crude. I think that at least it should be improved by adding some logic to increase the number of attempts before notifying the failure. I have it croned every 5 minutes and it should be placed in a different server.

---rm /home/monitor_web/MYCOOKIE.txt
# 1-Create cookie file and get uuid in response page:
curl -A "Mozilla/4.0" -b /home/monitor_web/MYCOOKIE.txt -c /home/monitor_web/MYCOOKIE.txt https://school.edu/cp/home/displaylogin >/home/monitor_web/displaylogin.htm

#2)extract uuid from displaylogin page
uuid=`grep cplogin.uuid /home/monitor_web/displaylogin.htm | head -1 | awk -F "\"" '{print $2}'`
curl --location -A "Mozilla/4.0" -b "query=" -c /home/monitor_web/MYCOOKIE.txt https://school.edu/cp/home/login -d "user=username&pass=Password&uuid=$uuid" >/home/monitor_web/page2

#3)Render page (the new page comes in the window.top.location command inside page2)
url=`cat /home/monitor_web/page2 | grep location | awk -F "\"" '{print $2}'`

curl --location -i -s -k -A "Mozilla/4.0" -b /home/monitor_web/MYCOOKIE.txt -c /home/monitor_web/MYCOOKIE.txt $url >/home/monitor_web/page3

#4 Get message of logged in from server response:
welcome=`grep "You are currently logged in" /home/monitor_web/page3 | cut -c 42-68`

#Analyze response
if [ "${welcome:-unset}" = "You are currently logged in" ]
then
echo "YOU HAVE SUCCESFULLY LOGGED IN" >/dev/null
# Now logging out
sleep 15
curl --location -i -s -k -A "Mozilla/4.0" -c /home/monitor_web/MYCOOKIE.txt "https://school.edu/up/Logout?uP_tparam=frm&frm=" >/home/monitor_web/page_out.html

else
echo "ERROR LOGGING IN" >/dev/null
mail -s "Error logging into Luminis" email_address@yourdomain.com /null 2>&1

-----

I hope it helps somebody who'd like to automate the login process without too much programming.
Best regards,
Andres

Hi Andres,

Good job putting this together and thanks for sharing it with the community.
I generated something a while back using cURL and PHP and felt it was too specific to be very helpful but this is something I could see people finding more useful.

FYI, if your Luminis installation utilizes the UUID field in the login page you should be able to authenticate using the static value of '0xACA021' which would certainly simplify step 2 in your process.

Thanks!
Tom

Thank you Tom,
Yes definitively having a static value for UUID simplify the already simple script :-)
Do you know why would the login script is fooled with a static value? I mean, I was under the impression that having a uuid generated by Luminis specifically for the client was something useful for avoiding some kind of replay attack (just guessing here).

Best regards,
Andres