Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Mon Aug 15, 2022 2:24 pm


Username:
Subject:
Message body:
Enter your message here, it may contain no more than 60000 characters. 

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
 
Font colour
Options:
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.
     

Topic review - Using CURL to test a restricted web resource (URL for authenticated users) sending cookies headers.
Author Message
Post subject: Using CURL to test a restricted web resource (URL for authenticated users) sending cookies headers.  |  Post Posted: Wed Jan 15, 2014 10:16 am
When accessing an URL that is protected and intended for authenticated users, the browsers authenticates to the server with a cookie (PHPSESSID or whatever else). Based on that cookie, the server does internal checks to see if the user is authenticated or not.

If you have access to that URL and you want to test it from CLI, here is how to test it with CURL.

First, I'll test this such resource with curl without being authenticated:
Code:
# curl -k -v --header "Host: domain.com" https://10.0.1.176/members.html
* About to connect() to 10.0.1.176 port 443 (#0)
*   Trying 10.0.1.176...
* Adding handle: conn: 0x80388b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x80388b600) send_pipe: 1, recv_pipe: 0
* Connected to 10.0.1.176 (10.0.1.176) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-SHA256
* Server certificate:
*        subject: description=rC3rJgFyyRdqI25U; C=NL; CN=ssl1.verisign.com; emailAddress=postmaster@verisign.com
*        start date: 2013-05-08 11:54:53 GMT
*        expire date: 2014-05-08 23:57:39 GMT
*        issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
*        SSL certificate verify ok.
> GET /repository.html HTTP/1.1
> User-Agent: curl/7.33.0
> Accept: */*
> Host: domain.com
>
< HTTP/1.1 302 Moved Temporarily
* Server Apache is not blacklisted
< Server: Apache
< Date: Wed, 15 Jan 2014 14:05:55 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=60
< Set-Cookie: asdf=asdfasdg; expires=Wed, 15-Jan-2014 16:05:55 GMT; path=/; domain=.domain.com
< Set-Cookie: SESSID=tiup07q2occif50to4ics69d54; path=/; domain=.domain.com
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Location: https://domain.com/members/members_gate?target=repository.html
< Cache-Control: max-age=315360000, public
< Strict-Transport-Security: max-age=315360000; includeSubdomains
< X-Frame-Options: DENY
<
* Connection #0 to host 10.0.1.176 left intact


As you can see, the "/members.html" is an URI that cannot be accessed by guests. The client is redirected to another URL with a 302 HTTP response code and a "location" attribute.

Let's say I authenticate via a browser and I take the PHP session id from my browser and serve it to the web server along with "Host " header with CURL:
Code:
# curl -k -v --cookie "SESSID=ekjgaqivpkfjp6iohlsi3a6ia2" --header "Host: domain.com" https://10.0.1.176/members.html
* About to connect() to 10.0.1.176 port 443 (#0)
*   Trying 10.0.1.176...
* Adding handle: conn: 0x80388b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x80388b600) send_pipe: 1, recv_pipe: 0
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 10.0.1.176 (10.0.1.176) port 443 (#0)

* SSL connection using ECDHE-RSA-AES128-SHA256
* Server certificate:
*        subject: description=rC3rJgFyyRdqI25U; C=NL; CN=ssl1.verisign.com; emailAddress=postmaster@verisign.com
*        start date: 2013-05-08 11:54:53 GMT
*        expire date: 2014-05-08 23:57:39 GMT
*        issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
*        SSL certificate verify ok.
> GET /repository.html HTTP/1.1
> User-Agent: curl/7.33.0
> Accept: */*
> Cookie: SESSID=ekjgaqivpkfjp6iohlsi3a6ia2
> Host: domain.com
>
< HTTP/1.1 200 OK
* Server Apache is not blacklisted
< Server: Apache
< Date: Wed, 15 Jan 2014 14:11:10 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=60
< Set-Cookie: _asdf=asdfasdg; expires=Wed, 15-Jan-2014 16:11:10 GMT; path=/; domain=.domain.com
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Pragma: no-cache
< Cache-Control: max-age=315360000, public
< Strict-Transport-Security: max-age=315360000; includeSubdomains
< X-Frame-Options: DENY
<
{ [data not shown]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">


Once CURl has sent the appropriate cookie header and host header, the request is authenticated.
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO