I have this POST request to login to a website:
http://xxxx.net-kont.it/ POST / HTTP/1.1 Host: xxxx.net-kont.it User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: */* Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=utf-8 Referer: http://xxxx.net-kont.it/ Content-Length: 1904 Cookie: ASP.NET_SessionId=s44bymd3lm4dsykvymjljv5s Connection: keep-alive HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 Set-Cookie: SSOAuth=EDCCFF8CD40064D70B3377CD0389FF7F807F0B774F2CE1CA6C015314911D3D69AB819EAB9938C14608842D25991D11D8F1A5A94090DB926BD7001C526B1920A51AC986182EB016C323983716720E8F345B54E02E44C65753E9183843D23F569EF3FE52C03FC8567E809A77387B8C; path=/; HttpOnly X-Powered-By: ASP.NET Date: Sun, 22 Oct 2017 12:26:40 GMT Content-Length: 714 ---------------------------------------------------------- http://xxxx.net-kont.it/aspx/Empty.aspx?ControllaRichieste=true&CheckCode=29a29a891a7d4d7773f480064e5c869929bcca40e7c84812111f9affbc3be4628a3b7defe8fb9b14f9911be9c6545e7cd31c2fc04b79a8d1e7280e0277264bdcec7428037a43961c3dda5bbd54a2e7ae&wsid=1a57f5e6-bf68-4f2f-9a71-c43e8e8bfbaf&wsnew=false GET /aspx/Empty.aspx?ControllaRichieste=true&CheckCode=29a29a891a7d4d7773f480064e5c869929bcca40e7c84812111f9affbc3be4628a3b7defe8fb9b14f9911be9c6545e7cd31c2fc04b79a8d1e7280e0277264bdcec7428037a43961c3dda5bbd54a2e7ae&wsid=1a57f5e6-bf68-4f2f-9a71-c43e8e8bfbaf&wsnew=false HTTP/1.1 Host: xxxx.net-kont.it User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://xxxx.net-kont.it/ Cookie: ASP.NET_SessionId=s44bymd3lm4dsykvymjljv5s; SSOAuth=EDCCFF8CD40064D70B3377CD0389FF7F807F0B774F2CE1CA6C015314911D3D69AB819EAB9938C14608842D25991D11D8F1A5A94090DB926BD7001C526B1920A51AC986182EB016C323983716720E8F345B54E02E44C65753E9183843D23F569EF3FE52C03FC8567E809A77387B8C Connection: keep-alive Upgrade-Insecure-Requests: 1 HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Sun, 22 Oct 2017 12:26:40 GMT Content-Length: 95935 ----------------------------------------------------------
The post request header requires the following fields:
'__LASTFOCUS' => '', '__EVENTTARGET' => '', '__EVENTARGUMENT' => '', '__VIEWSTATE' => $viewstate, '__VIEWSTATEGENERATOR' => $viewstategenerator, 'ctl00$hwsid' => $hwsid, 'ctl00$PageSessionId' => $pagesessionid, 'ctl00$DefaultUrl' => $defaulturl, 'ctl00$GenericErrorUrl' => $genericerrorurl, 'ctl00$PopupElement' => '', 'ctl00$PollingTimeoutSecs' => $pollingtimeoutsecs, 'ctl00$bodyContent$txtUser' => $user, 'ctl00$bodyContent$txtPassword' => $password, '__CALLBACKID' => '__Page', '__CALLBACKPARAM' => '"hwsid="'.$hwsid.'"&PageSessionId="'.$pagesessionid.'"&DefaultUrl="'.$defaulturl.'"&GenericErrorUrl="'.$genericerrorurl.'"&PopupElement="'.'"&PollingTimeoutSecs="'.$pollingtimeoutsecs.'"&txtUser="'.$user.'"&txtPassword="'.$password, '__EVENTVALIDATION' => $eventvalidation
From an analysis of the post request, you notice that by sending the first cookie obtained from the website “ASP.NET_SessionId=”, you immediately get an additional authentication cookie “SSOAuth=” How can I get the second cookie “SSOAuth=” so that I can get access to the site? I tried this code:
$user = "xx"; $password = "xx"; $url = 'http://xxx.it/Default.aspx'; $contents = file_get_contents($url); $dom = new DOMDocument; $dom->loadHTML($contents); $xpath = new DOMXpath($dom); $eventvalidation = $xpath->query('//*[@name="__EVENTVALIDATION"]')->item(0)->getAttribute('value'); $viewstate = $xpath->query('//*[@name="__VIEWSTATE"]')->item(0)->getAttribute('value'); $viewstategenerator = $xpath->query('//*[@name="__VIEWSTATEGENERATOR"]')->item(0)->getAttribute('value'); $hwsid = $xpath->query('//*[@name="ctl00$hwsid"]')->item(0)->getAttribute('value'); $pagesessionid = $xpath->query('//*[@name="ctl00$PageSessionId"]')->item(0)->getAttribute('value'); $defaulturl = $xpath->query('//*[@name="ctl00$DefaultUrl"]')->item(0)->getAttribute('value'); $genericerrorurl = $xpath->query('//*[@name="ctl00$GenericErrorUrl"]')->item(0)->getAttribute('value'); $pollingtimeoutsecs = $xpath->query('//*[@name="ctl00$PollingTimeoutSecs"]')->item(0)->getAttribute('value'); $cookies = array_filter( $http_response_header, function($v) {return strpos($v, "Set-Cookie:") === 0;} ); $headers = [ "Accept-language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3", "Content-Type: application/x-www-form-urlencoded; charset=utf-8", "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0", ]; foreach ($cookies as $cookie) { $headers[] = preg_replace("/^Set-/", "", $cookie); } $request = array( 'http' => array( 'method' => 'POST', 'timeout' => 0, 'header'=> $headers, 'content' => http_build_query(array( '__LASTFOCUS' => '', '__EVENTTARGET' => '', '__EVENTARGUMENT' => '', '__VIEWSTATE' => $viewstate, '__VIEWSTATEGENERATOR' => $viewstategenerator, 'ctl00$hwsid' => $hwsid, 'ctl00$PageSessionId' => $pagesessionid, 'ctl00$DefaultUrl' => $defaulturl, 'ctl00$GenericErrorUrl' => $genericerrorurl, 'ctl00$PopupElement' => '', 'ctl00$PollingTimeoutSecs' => $pollingtimeoutsecs, 'ctl00$bodyContent$txtUser' => $user, 'ctl00$bodyContent$txtPassword' => $password, '__CALLBACKID' => '__Page', '__CALLBACKPARAM' => '"hwsid="'.$hwsid.'"&PageSessionId="'.$pagesessionid.'"&DefaultUrl="'.$defaulturl.'"&GenericErrorUrl="'.$genericerrorurl.'"&PopupElement="'.'"&PollingTimeoutSecs="'.$pollingtimeoutsecs.'"&txtUser="'.$user.'"&txtPassword="'.$password, '__EVENTVALIDATION' => $eventvalidation, 'ctl00$bodyContent$btnLogin' => 'Conferma' )), ) ); echo "<hr/>"; $context = stream_context_create($request); $data = file_get_contents($url, false, $context); echo htmlentities($data);
But I get the following output of “Authentication failed”:
<Notification><Error Code="" Alert="True" ClosePopup="True" Fatal="False" Message="Autenticazione fallita." /></Notification>
Advertisement
Answer
I have solved! was easier than expected….in this I simply had to delete the quotes ” :
'__CALLBACKPARAM' => '"hwsid="'.$hwsid.'"&PageSessionId="'.$pagesessionid.'"&DefaultUrl="'.$defaulturl.'"&GenericErrorUrl="'.$genericerrorurl.'"&PopupElement="'.'"&PollingTimeoutSecs="'.$pollingtimeoutsecs.'"&txtUser="'.$user.'"&txtPassword="'.$password,
converted to:
'__CALLBACKPARAM' => 'hwsid='.$hwsid.'&PageSessionId='.$pagesessionid.'&DefaultUrl='.$defaulturl.'&GenericErrorUrl='.$genericerrorurl.'&PopupElement='.'&PollingTimeoutSecs='.$pollingtimeoutsecs.'&txtUser='.$user.'&txtPassword='.$password,