Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sat Nov 18, 2017 4:23 pm


Firewals, computer, server and network security, kernel and applications security of FreeBSD/Linux/AIX systems.

Author Message
mandrei99
Post  Post subject: Using CURL to test a restricted web resource (URL for authenticated users) sending cookies headers.  |  Posted: Wed Jan 15, 2014 10:16 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 245

Offline
 

Using CURL to test a restricted web resource (URL for authenticated users) sending cookies headers.

When accessing an URL that is protected and intended for authenticated users, the browsers authenticates to the server with a cookie (PHPSESSID or whatever else). Based on that cookie, the server does internal checks to see if the user is authenticated or not.

If you have access to that URL and you want to test it from CLI, here is how to test it with CURL.

First, I'll test this such resource with curl without being authenticated:
Code:
# curl -k -v --header "Host: domain.com" https://10.0.1.176/members.html
* About to connect() to 10.0.1.176 port 443 (#0)
*   Trying 10.0.1.176...
* Adding handle: conn: 0x80388b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x80388b600) send_pipe: 1, recv_pipe: 0
* Connected to 10.0.1.176 (10.0.1.176) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-SHA256
* Server certificate:
*        subject: description=rC3rJgFyyRdqI25U; C=NL; CN=ssl1.verisign.com; emailAddress=postmaster@verisign.com
*        start date: 2013-05-08 11:54:53 GMT
*        expire date: 2014-05-08 23:57:39 GMT
*        issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
*        SSL certificate verify ok.
> GET /repository.html HTTP/1.1
> User-Agent: curl/7.33.0
> Accept: */*
> Host: domain.com
>
< HTTP/1.1 302 Moved Temporarily
* Server Apache is not blacklisted
< Server: Apache
< Date: Wed, 15 Jan 2014 14:05:55 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=60
< Set-Cookie: asdf=asdfasdg; expires=Wed, 15-Jan-2014 16:05:55 GMT; path=/; domain=.domain.com
< Set-Cookie: SESSID=tiup07q2occif50to4ics69d54; path=/; domain=.domain.com
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Location: https://domain.com/members/members_gate?target=repository.html
< Cache-Control: max-age=315360000, public
< Strict-Transport-Security: max-age=315360000; includeSubdomains
< X-Frame-Options: DENY
<
* Connection #0 to host 10.0.1.176 left intact


As you can see, the "/members.html" is an URI that cannot be accessed by guests. The client is redirected to another URL with a 302 HTTP response code and a "location" attribute.

Let's say I authenticate via a browser and I take the PHP session id from my browser and serve it to the web server along with "Host " header with CURL:
Code:
# curl -k -v --cookie "SESSID=ekjgaqivpkfjp6iohlsi3a6ia2" --header "Host: domain.com" https://10.0.1.176/members.html
* About to connect() to 10.0.1.176 port 443 (#0)
*   Trying 10.0.1.176...
* Adding handle: conn: 0x80388b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x80388b600) send_pipe: 1, recv_pipe: 0
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 10.0.1.176 (10.0.1.176) port 443 (#0)

* SSL connection using ECDHE-RSA-AES128-SHA256
* Server certificate:
*        subject: description=rC3rJgFyyRdqI25U; C=NL; CN=ssl1.verisign.com; emailAddress=postmaster@verisign.com
*        start date: 2013-05-08 11:54:53 GMT
*        expire date: 2014-05-08 23:57:39 GMT
*        issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
*        SSL certificate verify ok.
> GET /repository.html HTTP/1.1
> User-Agent: curl/7.33.0
> Accept: */*
> Cookie: SESSID=ekjgaqivpkfjp6iohlsi3a6ia2
> Host: domain.com
>
< HTTP/1.1 200 OK
* Server Apache is not blacklisted
< Server: Apache
< Date: Wed, 15 Jan 2014 14:11:10 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=60
< Set-Cookie: _asdf=asdfasdg; expires=Wed, 15-Jan-2014 16:11:10 GMT; path=/; domain=.domain.com
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Pragma: no-cache
< Cache-Control: max-age=315360000, public
< Strict-Transport-Security: max-age=315360000; includeSubdomains
< X-Frame-Options: DENY
<
{ [data not shown]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">


Once CURl has sent the appropriate cookie header and host header, the request is authenticated.





Top
Display posts from previous:  Sort by  
E-mail friendPrint view
Who is online
Users browsing this forum: No registered users and 1 guest
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO