Detailed explanation of Linux curl form login or submission and cookie usage

Preface

This article mainly explains how to implement form submission login through curl. A single form submission is similar to a form login, so I won't discuss them separately.

Note: Login via curl form submission is not applicable to all websites because some websites have restrictions or other checks in the background. We don't know the specific restrictions or verification mechanisms behind these websites, so direct curl form login may not work.

Of course, the following case can be logged in using curl.

Case: LeanCloud Login

Requirements and Results

Requirements: After logging in through curl, you can access the application page of leancloud normally.

The login page link is as follows:

1 https://leancloud.cn/dashboard/login.html#/signin

The following pages can be accessed normally:

1 https://leancloud.cn/dashboard/applist.html#/apps

Browser access effect:

Access results directly without logging in. Access results through a browser

The access link in the red box 403 in the above figure is as follows:

1 https://leancloud.cn/1.1/clients/self/apps

Verify login via curl

[root@iZ28xbsfvc4Z ~]# curl -i https://leancloud.cn/1.1/clients/self/apps
HTTP/1.1 403 Forbidden
Server: openresty
Date: Sun, 14 Jul 2019 11:35:28 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache,no-store
Pragma: no-cache

{"code":1,"error":"User doesn't sign in."}

Get form field information

Get the form submission link

The link information for form submission can be obtained through the figure below. The details are as follows:

1 https://leancloud.cn/1.1/signin

curl form login and save cookie information

1 curl -v -c leancloud1.info -X POST -F 'email=yourname' -F 'password=yourpassword' https://leancloud.cn/1.1/signin
2 # or 3 curl -v -c leancloud3.info -X POST -d 'email=yourname&password=yourpassword' https://leancloud.cn/1.1/signin

View cookie information

[root@iZ28xbsfvc4Z 20190714_02]# ll
total 32
-rw-r--r-- 1 root root 337 Jul 14 19:45 leancloud1.info
-rw-r--r-- 1 root root 335 Jul 14 19:46 leancloud3.info
[root@iZ28xbsfvc4Z 20190714_02]# cat leancloud1.info 
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_leancloud.cn FALSE / TRUE 1563709522 uluru_user Ff1IPOiMX%2F6ipevuxy0OOg%3D%3D
leancloud.cn FALSE / TRUE 1563709522 XSRF-TOKEN 5647dc84bd6eaea37eca2d07ae0e401cca4ba76803989c8559XXXXX7283da
[root@iZ28xbsfvc4Z 20190714_02]# cat leancloud3.info 
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_leancloud.cn FALSE / TRUE 1563709591 uluru_user arTwQm6JylzLjBaQt7TpiQ%3D%3D
leancloud.cn FALSE / TRUE 1563709591 XSRF-TOKEN 751e12827c7c046408541bc1bf962b5912ac35b0d07f88120XXXXXX40704704

Description of each column field:

domain: The domain name where the variable is created and can be read.
flag: A TRUE/FALSE value indicating whether all machines in a given domain can access the variable. This value is set automatically by the browser, depending on the value you set for the domain.
path: The path in the domain where the variable is valid.
secure: A TRUE/FALSE value indicating whether a secure connection to the domain is required to access the variable.
expiration: The UNIX time at which the variable will expire. UNIX time is defined as the number of seconds since January 1, 1970 00:00:00 GMT.
name: variable name
value: variable value

Verify whether the login is successful

Please compare these two access methods: direct access and access with cookies.

Direct access

[root@iZ28xbsfvc4Z 20190714_02]# curl -i https://leancloud.cn/1.1/clients/self/apps
HTTP/1.1 403 Forbidden
Server: openresty
Date: Sun, 14 Jul 2019 11:52:47 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache,no-store
Pragma: no-cache

{"code":1,"error":"User doesn't sign in."}

Access with cookie files

# Using cookies
[root@iZ28xbsfvc4Z 20190714_02]# curl -i -b leancloud1.info https://leancloud.cn/1.1/clients/self/apps 
## or [root@iZ28xbsfvc4Z 20190714_02]# curl -i -b leancloud3.info https://leancloud.cn/1.1/clients/self/apps
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 14 Jul 2019 11:53:29 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache,no-store
Pragma: no-cache
Strict-Transport-Security: max-age=31536000

[{"app_domain":null,"description":null,"archive_status":0,"biz_type":"dev","master_key": ………………

Copy your browser's cookies to access

[root@iZ28xbsfvc4Z 20190720]# curl -i -H 'cookie: _ga=GA1.2.2055706705.1560005524; …………' https://leancloud.cn/1.1/clients/self/apps
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 20 Jul 2019 08:11:37 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache,no-store
Pragma: no-cache
Strict-Transport-Security: max-age=31536000

[{"app_domain":null,"description":null,"archive_status":0,"biz_type":"dev","master_key": ………………

From the above, we can see that curl login is successful.

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM.

You may also be interested in:

Linux exposes Sudo privilege escalation vulnerability, any user can also run root commands
How to use the Linux text operation command ed to escalate privileges nov5 detailed explanation
Detailed explanation of non-interactive privilege escalation in Linux
Linux uses UDF library to realize Mysql privilege escalation
A trick for Linux privilege escalation
Batch extract all directories and file names under a folder in Linux
Linux uses suid vim.basic file to achieve privilege escalation

<<: How to automatically delete records before a specified time in Mysql

>>: Detailed steps for installing and configuring MySQL 8.0 on CentOS

How to add vim implementation code examples in power shell

Detailed explanation of Linux curl form login or submission and cookie usage

How to add vim implementation code examples in power shell

CSS to achieve glowing text and a little bit of JS special effects

Vue detailed introductory notes

Detailed explanation of value transfer between parent and child components in Vue3

In-depth explanation of Mysql deadlock viewing and deadlock removal

Detailed explanation of how to configure multi-threaded master-slave replication from MySQL 5.7 slave nodes

The visual design path of the website should conform to user habits

Basic knowledge of website design: newbies please read this

How to understand the difference between ref toRef and toRefs in Vue3

dl, dt, dd list label examples

Recommend

MySql index improves query speed common methods code examples

Centos7 installation of Nginx integrated Lua sample code

Pure CSS to implement iOS style open and close selection box function

Detailed explanation of using JavaScript WeakMap

Specific usage instructions for mysql-joins

Detailed explanation of the JVM series memory model

nginx configuration location summary location regular writing and rewrite rule writing

HTML table tag tutorial (24): horizontal alignment attribute of the row ALIGN

How to remotely log in to the MySql database?

How to design MySQL statistical data tables

Web Design TabIndex Element

Background image cache under IE6

Using HTML+CSS to track mouse movement

How to check whether the ports of the local computer and the remote server are connected under Linux

Implementation of docker redis5.0 cluster cluster construction