Linux login with curl

Login site using cURL

I am trying to login from cURL command line with the command curl —data «username=user&password=pass&submit=Login» http://www.ip.com:8080/LoginApplication/Login.jsp And after that trying to access inner page using

curl http://www.ip.com:8080/LoginApplication/Success.jsp 

But I am getting redirected to error page because of not logged in. What I am missing in my first command so that it can maintain the session? I have my website locally hosted

1 Answer 1

Well, you’ll need to store the session data in a cookie. You can use -c cookie_filename to create the cookie (add this to your login command). And then, for the other requests, you can read from the cookie with -b cookie_filename .

curl -s loginpage -c cookiefile -d "user=myself&pass=secure" curl -s secretpage -b cookiefile 

Notice many times loginpage is not the page you open with your web browser where you introduce your user and password. You’ll have to check where the form is posting that data to (search the tag in the source code and the action=. attribute). So, for example, if you want to log in to https://criticker.com, loginpage is https://www.criticker.com/authenticate.php and not https://www.criticker.com/signin.php, which is the one you open with your browser.

A tampering plugin/extension for your browser may help you find the correct loginpage and all the data that is being posted to it (like hidden input fields in the form).

Источник

How to enter login information for a website from the linux command line

My internet connection is provided by the university. It is protected to a username/password combination. This means when I start up my computer, I have to start a web browser and open an arbitrary website. I am then redirected to a page, which (among other things) contains two forms. In these I have to input username and password. I managed to do this with firefox (which can save the password) and also with links (which loads faster and from the command line). Is there any way to automate the login process using a bash script? This would allow doing the login when booting, so that it is already there when I start the X server.

Many Universities also offer a network that uses «Enterprise Authentication» (i.e. using a username/password for the network connection itself, instead of waiting until you try to access a page to ask for credentials). The ability to store such network credentials is built in the OS. It’s also much more secure because it means that it’s harder for others to snoop on your connection. If your University supports that, you should switch to it.

It would also help us if you can give an (anonymized) example of the URL you are redirected to when you log in. (Anonymized here means that you should remove your MAC Address and/or IP address from the URL if they are there, but leave everything else, including the name of the University.)

6 Answers 6

You can try it out with curl, you can Simply use curl like this to login to web page :

curl --user name:password http://somesite.com -v 

You can pass Data to website like this from Stackoverflow answer

 curl -b cookies.txt -c cookies.txt --data "Username=xx&Password=xx&Login=Login" [urlthatyour form submits] 

you need cookies if you want to make another curl request after logging in. the session id in cookies will help next curl request authorized.

If you don’t want cookies you can use

curl --data "Username=xx&Password=xx&Login=Login" [url that your form submits] 

You can additionally refer here for Special Commands

I am not able to try this right now, but I expect that this will only work when there is a dialog box asking for the password when opening the site. In my case there are just two forms. One for the name and one for the password. I will change the question to make this clearer.

@Tim added how to pass data,normally You would need to find out what page the page requests to (or the action value of the page).

This sounded as if it could work, but sadly it didn’t. When looking at the output of curl suggests that the Username field is correctly filled with the correct value, but the Password field is not (this may be correct as a security measure). I am not sure if the submit button was actually triggered. Does it matter what value is passed to Login ?

I finally found a way to automatically log in using elinks . It works and it is even easy to configure!

Two options need to be set. This can done by adding the following lines in ~/.elinks/elinks.conf (if the file is not there, create one) or by changing the values at the respective positions in the options dialog within elinks :

 # Save username and password for later use set document.browse.forms.show_formhist = 1 # Do not ask for confirmation before a form is submitted set document.browse.forms.confirm_submit = 0 

Steps for a scriptable autologin are then:

• Set those two options
• Open the login page in elinks , fill the forms and submit them.
• Choose to remember name and password for later use.
• Close elinks
• Run elinks -auto-submit http://somesite.com

The latter command should perform the automatic login without further user interaction.

I actually use timeout 1m elinks -auto-submit http://somesite.com & , so that I do not have an idling elinks process running in the background all the time.

A simple way to script this is with Selenium.

You can use their Firefox «Test Recorder» plugin to record a test of yourself logging in to the network, and then play back the test.

Yes, there is a very simple way to login to your university’s internet.You can use the ‘Lynx’ web browser which is a text-based browser, designed for use on terminal. So, here is the way:

$ echo "username=myname&password=mypassword" | lynx "url of the form" -post_data 

where, ‘username‘ is the name of the field corresponding to the user name in the form and ‘password‘ is the name of the field corresponding to the password field and ‘myname‘ and ‘mypassword‘ are the corresponding values to be filled in the form. You can find field name by using ‘Inspect Element’ from any browser. I tried with curl as directed in the answer by BlueBerry — Vignesh4303 but didn’t work.

Источник

Curl With Basic Auth

Basic Access Authentication is an HTTP authentication scheme, which consists in a client providing a username and a password when making a request to a server, to prove who they claim to be in order to access protected resources. Note that performing Basic Access Authentication with cURL differs from the idea of authorization in the sense that the latter is performed by the server in order to determine users’ access rights — i.e. authorization is what happens after authentication.

The short answer

To perform Basic Access Authentication with [.inline-code]cURL[.inline-code], you can use the [.inline-code]-u[.inline-code] option flag (short for [.inline-code]—user[.inline-code]) as follows:

 $ curl -u username:password url

Where the [.inline-code]username[.inline-code] and the [.inline-code]password[.inline-code] are separated by a colon character ([.inline-code]:[.inline-code]).

Alternatively, if you only specify the [.inline-code]username[.inline-code], [.inline-code]cURL[.inline-code] will prompt you for a password:

[#insert-authorization]Using this command inserts an “Authorization” header under the hood[#insert-authorization]

[.inline-code]cURL[.inline-code] will encode the [.inline-code]username:password[.inline-code] string using the Base64URL encoding scheme and include this value in the [.inline-code]Basic[.inline-code] authorization header of the HTTP request. For example, the [.inline-code]johndoe:password[.inline-code] string will be converted by [.inline-code]cURL[.inline-code] into the following HTTP header:

 Authorization: Basic am9obmRvZTpwYXNzd29yZA==

[#recall-syntax]Remind yourself of the syntax using AI Command Search[#recall-syntax]

If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Search feature:

Entering [.inline-code]basic authentication curl[.inline-code] in the AI Command Search prompt results in exactly [.inline-code]curl -u username:password url[.inline-code], which you can then quickly insert into your shell by doing [.inline-code]CMD+ENTER[.inline-code].

[#escaping-special-chars]Escaping special characters in [.inline-code]curl[.inline-code] (such as your password)[#escaping-special-chars]

When using cURL for authentication, you may need to escape certain characters in your username or password.

To escape special characters, you can either use a backslash character ([.inline-code]\[.inline-code]).

 $ curl -u johndoe:h\&llo https://example.com

Or you can wrap your string in single quotes, which will cause all special characters to lose their meaning and prevent the shell from performing expansions.

 $ curl -u johndoe:'h&llo' https://example.com

Here are some characters that should be escaped:

• Colon ([.inline-code]:[.inline-code]): the colon is used to separate the username and the password; note that this character shouldn’t exist in your [.inline-code]username[.inline-code], and should be escaped if it exists in your [.inline-code]password[.inline-code].
• Ampersand ([.inline-code]&[.inline-code]): the ampersand is used by the shell to send a process to the background.
• Percent ([.inline-code]%[.inline-code]): the percent sign is used to encode special characters in URLs, which may cause encoding errors.
• Space: the space character is used by the shell to separate command-line arguments and options.

[#use-https]Use HTTPS (not HTTP) with your [.inline-code]curl[.inline-code] requests[#use-https]

Generally speaking, it is never a good idea to pass your credentials in clear text over the network using an unsecured protocol such as HTTP.

When available, you should always use the HTTPS endpoint of the service you are trying to authenticate to, by specifying the [.inline-code]https[.inline-code] scheme in the target URL as follow:

 $ curl -u username:password https://example.com

This will add a strong layer of encryption on top of HTTP that guarantees that your credentials are safe even if they were to fall into the wrong hands.

[#secure-curl-credentials]Secure your [.inline-code]curl[.inline-code] credentials in a [.inline-code].netrc[.inline-code] file[#secure-curl-credentials]

In general, performing an authentication by typing your credentials in clear text in the command-line constitutes a significant security risk.

The reason for that lies in the fact that, just like your browser saves the searches you perform, the shell keeps an internal history list of all the commands you run.

These commands are temporarily stored in the RAM until you log out of your current shell session, which will cause the history list to be physically written to the disk in a file located in your home directory (e.g. [.inline-code].bash_history[.inline-code] for Bash, [.inline-code].zsh_history[.inline-code] for ZSH, etc).

Because of that, other users registered on the system might be able to access this file and steal your credentials.

You can of course clear specific entries of the history before it is written to the disk using the [.inline-code]history[.inline-code] command:

However, a better way to secure your credentials is to retrieve them from a file only you can access.

[#netrc]The .netrc file[#netrc]

In order to avoid passing your credentials in clear text to the [.inline-code]cURL[.inline-code] command, you can store them in a file named [.inline-code].netrc[.inline-code] located in your home directory:

 default login john@example.com password h3lloJ0hn

And then use the [.inline-code]-n[.inline-code] option flag (short for [.inline-code]—netrc[.inline-code]) to perform an authentication:

Note that if you want to keep this file in another directory, you can use the [.inline-code]—netrc-file[.inline-code] option flag instead to specificity its path:

 $ curl --netrc-file path/to/file url

For obvious security reasons, this file should only be readable and writable by you, which can be achieved using the following [.inline-code]chmod[.inline-code] command:

You can learn more about changing the access rights and ownership of files on Linux by reading our articles on the chmod command and the chown command.

Источник