Detailed explanation of Linux curl form login or submission and cookie usage

Preface

This article mainly explains how to implement form submission login through curl. A single form submission is similar to a form login, so I won't discuss them separately.

Note: Login via curl form submission is not applicable to all websites because some websites have restrictions or other checks in the background. We don't know the specific restrictions or verification mechanisms behind these websites, so direct curl form login may not work.

Of course, the following case can be logged in using curl.

Case: LeanCloud Login

Requirements and Results

Requirements: After logging in through curl, you can access the application page of leancloud normally.

The login page link is as follows:

1 https://leancloud.cn/dashboard/login.html#/signin

The following pages can be accessed normally:

1 https://leancloud.cn/dashboard/applist.html#/apps

Browser access effect:

Access results directly without logging in. Access results through a browser

The access link in the red box 403 in the above figure is as follows:

1 https://leancloud.cn/1.1/clients/self/apps

Verify login via curl

[root@iZ28xbsfvc4Z ~]# curl -i https://leancloud.cn/1.1/clients/self/apps
HTTP/1.1 403 Forbidden
Server: openresty
Date: Sun, 14 Jul 2019 11:35:28 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache,no-store
Pragma: no-cache

{"code":1,"error":"User doesn't sign in."}

Get form field information

Get the form submission link

The link information for form submission can be obtained through the figure below. The details are as follows:

1 https://leancloud.cn/1.1/signin

curl form login and save cookie information

1 curl -v -c leancloud1.info -X POST -F 'email=yourname' -F 'password=yourpassword' https://leancloud.cn/1.1/signin
2 # or 3 curl -v -c leancloud3.info -X POST -d 'email=yourname&password=yourpassword' https://leancloud.cn/1.1/signin

View cookie information

[root@iZ28xbsfvc4Z 20190714_02]# ll
total 32
-rw-r--r-- 1 root root 337 Jul 14 19:45 leancloud1.info
-rw-r--r-- 1 root root 335 Jul 14 19:46 leancloud3.info
[root@iZ28xbsfvc4Z 20190714_02]# cat leancloud1.info 
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_leancloud.cn FALSE / TRUE 1563709522 uluru_user Ff1IPOiMX%2F6ipevuxy0OOg%3D%3D
leancloud.cn FALSE / TRUE 1563709522 XSRF-TOKEN 5647dc84bd6eaea37eca2d07ae0e401cca4ba76803989c8559XXXXX7283da
[root@iZ28xbsfvc4Z 20190714_02]# cat leancloud3.info 
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_leancloud.cn FALSE / TRUE 1563709591 uluru_user arTwQm6JylzLjBaQt7TpiQ%3D%3D
leancloud.cn FALSE / TRUE 1563709591 XSRF-TOKEN 751e12827c7c046408541bc1bf962b5912ac35b0d07f88120XXXXXX40704704

Description of each column field:

domain: The domain name where the variable is created and can be read.
flag: A TRUE/FALSE value indicating whether all machines in a given domain can access the variable. This value is set automatically by the browser, depending on the value you set for the domain.
path: The path in the domain where the variable is valid.
secure: A TRUE/FALSE value indicating whether a secure connection to the domain is required to access the variable.
expiration: The UNIX time at which the variable will expire. UNIX time is defined as the number of seconds since January 1, 1970 00:00:00 GMT.
name: variable name
value: variable value

Verify whether the login is successful

Please compare these two access methods: direct access and access with cookies.

Direct access

[root@iZ28xbsfvc4Z 20190714_02]# curl -i https://leancloud.cn/1.1/clients/self/apps
HTTP/1.1 403 Forbidden
Server: openresty
Date: Sun, 14 Jul 2019 11:52:47 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache,no-store
Pragma: no-cache

{"code":1,"error":"User doesn't sign in."}

Access with cookie files

# Using cookies
[root@iZ28xbsfvc4Z 20190714_02]# curl -i -b leancloud1.info https://leancloud.cn/1.1/clients/self/apps 
## or [root@iZ28xbsfvc4Z 20190714_02]# curl -i -b leancloud3.info https://leancloud.cn/1.1/clients/self/apps
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 14 Jul 2019 11:53:29 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache,no-store
Pragma: no-cache
Strict-Transport-Security: max-age=31536000

[{"app_domain":null,"description":null,"archive_status":0,"biz_type":"dev","master_key": ………………

Copy your browser's cookies to access

[root@iZ28xbsfvc4Z 20190720]# curl -i -H 'cookie: _ga=GA1.2.2055706705.1560005524; …………' https://leancloud.cn/1.1/clients/self/apps
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 20 Jul 2019 08:11:37 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache,no-store
Pragma: no-cache
Strict-Transport-Security: max-age=31536000

[{"app_domain":null,"description":null,"archive_status":0,"biz_type":"dev","master_key": ………………

From the above, we can see that curl login is successful.

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM.

You may also be interested in:

Linux exposes Sudo privilege escalation vulnerability, any user can also run root commands
How to use the Linux text operation command ed to escalate privileges nov5 detailed explanation
Detailed explanation of non-interactive privilege escalation in Linux
Linux uses UDF library to realize Mysql privilege escalation
A trick for Linux privilege escalation
Batch extract all directories and file names under a folder in Linux
Linux uses suid vim.basic file to achieve privilege escalation

<<: How to automatically delete records before a specified time in Mysql

>>: Detailed steps for installing and configuring MySQL 8.0 on CentOS

Detailed explanation of Linux curl form login or submission and cookie usage

CSS warped shadow implementation code

Getting Started Tutorial for Beginners: Domain Name Resolution and Binding

How to limit access frequency, download rate and number of concurrent connections in Nginx

Details of Linux file descriptors, file pointers, and inodes

Native JS to implement image carousel JS to implement small advertising plug-in

The use of setState in React and the use of synchronous and asynchronous

JavaScript immediate execution function usage analysis

Mycli is a must-have tool for MySQL command line enthusiasts

Implementation of built-in modules and custom modules in Node.js

The role and opening of MySQL slow query log

Recommend

Detailed installation tutorial of mysql5.7.19 decompressed version (with pure cracked Chinese version SQLYog)

The tdwidth setting of the table in multiple divs is the same and cannot be aligned

How to install OpenSuse on virtualbox

Timeline implementation method based on ccs3

Detailed explanation of js's event loop event queue in the browser

How to install and configure the decompressed version of MySQL database under Linux system

Analysis of the process of building a LAN server based on http.server

HTML multimedia application: inserting flash animation and music into web pages

An article to help you understand the basics of VUE

js to realize login and registration functions

A brief discussion on which fields in Mysql are suitable for indexing

Vue implements click feedback instructions for water ripple effect

Detailed analysis of GUID display issues in Mongodb

JavaScript realizes the effect of mobile modal box