I want to identify the login url for a particular website and autologin.
The view source shows the form tag as follows:
<form id="signIn" onsubmit="return false;" action="/f1/logon" method="post">
How do i identify the url and pass the requested paramters?
I tried the suggestions below but no help. More suggestions?
Install Fiddler and submit the form. It will tell you what URL was requested and what parameters were passed with it.
The form can be submitted from javascript code. Look for using signIn element, for example may be javascript,
var form = document.getElementById("signIn");
form.action = "<URL>";
form.submit();
The another method to get URL and parameters it is browser plugins, like HttpWatch (for IE) or HttpFox (for FireFox). They can monitor request and response.
Related
I have a URL say abc.com/somecontroller?someparam=1 which renders a form. Form on submit sends the form params to /ajaxAction
Is there a way I could get this abc.com/somecontroller?someparam=1 (i.e. the form URL?)
I am more interested in getting the someparam value from the URL of the form.
PS: the above URL abc.com/somecontroller?someparam=1 is dynamically generated, so I can not access it otherwise.
And request.forwardURI will give me /ajaxAction (i.e. the URL of the action in form and not the url of the form itself).
EDIT:
I have no control over form as it is also dynamic and user has hundreds of templates to select from. Each template has different no. of fields.
So if I would prefer some other way to get the URL.
Why don't you use javascript in form and add to ajax request array with GET params? (or with the url of the action which generated form)
You can get them from original request f.e. by this script.
While rendering the GSP of your form, you can do like this:
myaction.gsp
<html>
<body>
<!-- Your content -->
<script>
var paramsString = '${params.collect { k, v-> "$k=$v" }.join("&") }';
</script>
</body>
</html>
So, when you GSP is rendered, the script tag will have something like this (for a URL abc.com/somecontroller?someparam=1&foo=2:
var paramsString = 'someparam=1&foo=2';
Now, in your AJAX code, you can pass that string as the query arguments:
$.ajax({
url: '/ajaxAction?' + paramsString
/* rest of the AJAX code */
});
Now, in your ajax controller action, you can simply do the params.someparam.
EDIT
Well, I just realized that you don't have to any GSP stuff I mentioned above. Simply do the AJAX call like this:
$.ajax({
url: '/ajaxAction' + location.search
/* rest of the AJAX code */
});
The location.search will give you the direct string: ?someparam=1&foo=2
I ended up using flash to store the someparam
In my controller which is being used to render the form at abc.com/somecontroller?someparam=1 I use flash as this:
flash.put("someparam", params.someparam)
This worked as a quick workaround to the issue. I feel this would work well in situations where I have no control over the gsp.
If anyone finds any issue, please comment otherwise I will mark this as the answer.
So I'm trying to log in to a webpage using Jaunt. The first thing to mention is that the webpage is .aspx and the submit button has an option onclick="javascript:WebForm_DoP..." and as far as I know Jaunt doesn't support Javascript right?
In case I'm wrong, the code I'm using is the one in the examples of Jaunt:
Form form = userAgent.doc.getForm(0);
form.setTextField("Login1$UserName","USER");
form.setPassword("Login1$Password","PASSWORD");
form.setCheckBox("Login1$RememberMe",false);
form.submit("GO");
System.out.println(userAgent.getLocation());
All the names and values are correct, and the user and password works since I can log in using the web browser. After I execute the code, in the output I get this:
message: UserAgent.sendPOST; Connection error requestUrl:
http://webpagehere.com/default.aspx [posting
__VIEWSTATE=%2FwEPDwUJLTk5MDc0NjQ2ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgURTG9naW4xJFJlbWVtYmVyTWUFF0xvZ2luMSRMb2dpbkltYWdlQnV0dG9upWcarODJIwpeMt8HCmfaBn6iMWI%3D&__VIEWSTATEGENERATOR=CA0B0334&Login1%24UserName=USER&Login1%24Password=PASSWORD&Login1%24LoginButton=GO]
response: [none]
The form div is this one:
<form name="form1" method="post" action="Default.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="form1" style="text-align:center">
Any ideas what could be my problem? In case Jaunt doesn't allow me to do this login, could someone please recommend me a library for web scraping and interaction? Thanks!
Seems like you are stuck. Actually .aspx pages uses AJAX pagination. You will have to extract the values of __VIEWSTATE, __VIEWSTATEGENERATOR and all other form values and then send them with POST method in the request body. You can use Fiddler to get the request body which contains all these hidden variables and your entries to the form.
In Java you can use Selenium Or HTMLUnit which are Java GUI-Less browser, supporting JavaScript, to run agains web pages.
edit: You can use Jaunt-api as well, I just tried it with it, all you do is send a POST request alongwith the request-body, you can easily check it with Fiddler, and it works!!
Form values in HTTP POSTs are sent in the request body, in the same format as the querystring. You can find the request body of a link by inspecting it using the Fiddler and then copy request body from Textview and send the encoded data as request body.
UserAgent userAgent = new UserAgent();
userAgent.sendPOST("<your link to form page>","<request body>");
I have a JSP which is rendered after it is forwarded from a servlet. Now that I have a HTML from JSP I want to post this page in order to generate a PDF.
As per my understanding the submit button only submits a form. But, I need to submit raw HTML to eventually use FlyingSaucer or similiar PDF creator library.
What is the way to use my HTML and then save the PDF to a file?
Please chime in to correct if I am wrong and what you think about my approach. Any advice would be greatly appreciated.
Edit: Sorry I have posted no code but at the moment I have hit a wall in the servlet in my quest to get around this.
You've basically 2 options:
Let JS set the current HTML DOM tree as a (hidden) request parameter on submit.
<form method="post" action="pdfservlet">
<input type="hidden" name="source" />
<input type="submit" value="generate" onclick="this.form.source.value = document.documentElement.outerHTML;" />
</form>
It's in pdfservlet available as request.getParameter("source").
Let pdfservlet request the desired page programmatically using URL/URLConnection.
InputStream source = new URL("http://localhost:8080/context/someservlet").openStream();
// ...
Set if necessary JSESSIONID cookie with current session ID if you need it to run in same session.
URLConnection connection = new URL("http://localhost:8080/context/someservlet").openConnection();
connection.setRequestProperty("Cookie", "JSESSIONID=" + request.getSession().getId());
InputStream source = connection.getInputStream();
// ...
I have a login form with username and password. It works, but after the request I see on the web browser something like "...login?user=myUser&password=myPassword".
Given that the form has a password field that hides the password while it's typed, it would not be funny to see the password on the address bar.
Is it possible to avoid this?
The user verification is done on the server with a custom java web server.
Set your HTTP form method to a POST, instead of a GET. This eliminates the form to append the parameters on the url.
Secure your page to use HTTPS instead of HTTP. That way, an eavesdropper cannot read unencrypted HTTP POST message.
The only way that this can be done is by not using the GET method of form submission. You need to use the POST method. More information can be found here http://www.cs.tut.fi/~jkorpela/forms/methods.html
Your form will look like this
<form method="post" action="somepage.php">
</form>
Your form is using the GET not POST. Passing variables via a query-string in the URL (GET) can be dangerous as users can see and modify these values. Change your form's method to POST. In standard HTML this would look like:
<form method="GET" action="......
...to...
<form method="POST" action=".....
You can encode the password, which will obscure it.
However using a POST form instead will hide all its fields.
Yes, use a POST request instead of GET.
Convert your form to use the HTTP "POST" method instead of "GET", e.g.:
<form action="/login" method="post">
Also consider obscuring the password before it is transmitted, e.g. using a scheme such as Base64 or MD5.
Change the 'method' attribute on the form from "get" to "post" -- and send the request over HTTPS, preferably.
When you see a "login?user=myUser&password=myPassword" in your address bar this means that your Login form is using the GET request method:
<form id="login" action="some_file" method="get">
The easiest way of hiding this info would be to change from GET to POST method:
<form id="login" action="some_file" method="post">
You can read more about both of these methods here:
When to use POST and GET?
However, note that POST is not much safer than GET. You can read more about this here:
POST and GET in terms of Security
i've a login page when you successfuly login by entering username and password you are directed to home.jsp
on home.jsp..i've used request.getParameter() for both id and passwd,which checks and then only let it enters..
but when i'm usind a simple href html link for home..it always shows me nullexception as id and password is not there and request.getParameter() shows error..
but when i'm usind a simple href html link for home..it always shows me nullexception as id and password is not there and request.getParameter() shows error..
It is because your request doesn't hold username password when you make simple GET using a href.
Passing username & password in URL isn't good. Why don't you use Session to hold current logged user's data.
If your tag looks like
click me
`
then indeed, you aren't passing the parameters
It needs to look like
click me
NOTE: As pointed out by others, there are many security reasons why this kind of structure should be used with care.
If you use a <a href=""/> like you specified it, the HTML form content containing username and password will not be submitted. It will create a HTTP GET request and not send any form parameters.
If you use a 'submit' button, it will create a HTTP POST request and send the form parameters to the server.
If you want to keep the link as <a href=""/> then you can add an 'onclick' javascript to your href and call a submit() on your form.