You don't need Wireshark for this. Firebug is perfectly capable of tearing apart requests and responses right from Firefox.
How to save POST&GET headers of a web page with "Wireshark"?
I've been trying to find a python code that would log in to my mail box on yahoo.com from "Google App Engine". I was given this code:
import urllib, urllib2, cookielib url = "https://login.yahoo.com/config/login?" form_data = {'login' : 'my-login-here', 'passwd' : 'my-password-here'} jar = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) form_data = urllib.urlencode(form_data) # data returned from this pages contains redirection resp = opener.open(url, form_data) # yahoo redirects to http://my.yahoo.com, so lets go there instead resp = opener.open('http://mail.yahoo.com') print resp.read()
The author of this script looked into HTML script of yahoo log-in form and came up with this script.
That log-in form contains two fields, one for users' Yahoo! ID and another one is for users' password.
However, when I tried this code out (substituting mu real Yahoo login for 'my-login-here' and my real password for 'my-password-here'), it just return the log-in form back to me, which means that something didn't work right.
Another supporter suggested that I should send an MD5 hash of my password, rather than a plain password.
He also noted that in that log-in form there are a lot other hidden fields besides login and password fields (he called them "CSRF protections") that I would also have to deal with:
<input type="hidden" name=".tries" value="1"> <input type="hidden" name=".src" value="ym"> <input type="hidden" name=".md5" value=""> <input type="hidden" name=".hash" value=""> <input type="hidden" name=".js" value=""> <input type="hidden" name=".last" value=""> <input type="hidden" name="promo" value=""> <input type="hidden" name=".intl" value="us"> <input type="hidden" name=".bypass" value=""> <input type="hidden" name=".partner" value=""> <input type="hidden" name=".u" value="bd5tdpd5rf2pg"> <input type="hidden" name=".v" value="0"> <input type="hidden" name=".challenge" value="5qUiIPGVFzRZ2BHhvtdGXoehfiOj"> <input type="hidden" name=".yplus" value=""> <input type="hidden" name=".emailCode" value=""> <input type="hidden" name="pkg" value=""> <input type="hidden" name="stepid" value=""> <input type="hidden" name=".ev" value=""> <input type="hidden" name="hasMsgr" value="0"> <input type="hidden" name=".chkP" value="Y"> <input type="hidden" name=".done" value="http://mail.yahoo.com">
He said that I should do the following:
- Simulate normal login and save login page that I get;
- Save POST&GET headers with "Wireshark";
- Compare login page with those headers and see what fields I need to include with my request;
I really don't know how to carry out the first two of these three steps. I have just downloaded "Wireshark" and have tried capturing some packets there. However, I don't know how to "simulate normal login and save the login page". Also, I don't how to save POST$GET headers with "Wireshark". Can anyone, please, guide me through these two steps in "Wireshark"? Or at least tell me what I should start with. Thank You.
2 Antworten auf die Frage
When you were asked to
simulate normal login and save the login page
it was a a request for you to login to your Yahoo account as you would do normally from a Web Browser and save the page.
As for HTTP POST/GET variables & saving them, I don't have experience but you should probably have a look at this SO answer
Seems you're the OP for the Q in SO -.-
Verwandte Probleme
-
1
So deaktivieren Sie den HTTP Referer-Header in Safari
-
4
Verwenden Sie öffentliche Terminals, um sich mit Ihren persönlichen Zugangsdaten anzumelden
-
1
Melden Sie sich bei thunderbird3.0B2 für Newsgroups an, für die kein Login erforderlich ist
-
2
Deaktivieren der Funktion "Ungelesene Nachrichten" auf dem Windows XP-Anmeldebildschirm
-
6
Führen Sie automatisch ein Skript aus, wenn Sie sich bei Windows anmelden
-
4
Windows XP ist gesperrt, Sie müssen wieder rein
-
1
Was sind die Lösungen für die Herausforderung von Ha.ckers.org?
-
4
Melden Sie sich bei Windows XP an, ohne dass eine Tastatur angeschlossen ist
-
6
Linux Benutzername @ Server verschwindet nach dem Anmelden als root
-
2
So löschen Sie den Anmeldeverlauf von Messenger: Mac