Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
https://forum.ivorde.com/

Using CURL to test a restricted web resource (URL for authenticated users) sending cookies headers.
https://forum.ivorde.com/using-curl-to-test-a-restricted-web-resource-url-for-authenticated-users-sending-cookies-headers-t16141.html
Page 1 of 1

Author:  mandrei99 [ Wed Jan 15, 2014 10:16 am ]
Post subject:  Using CURL to test a restricted web resource (URL for authenticated users) sending cookies headers.

When accessing an URL that is protected and intended for authenticated users, the browsers authenticates to the server with a cookie (PHPSESSID or whatever else). Based on that cookie, the server does internal checks to see if the user is authenticated or not.

If you have access to that URL and you want to test it from CLI, here is how to test it with CURL.

First, I'll test this such resource with curl without being authenticated:
Code:
# curl -k -v --header "Host: domain.com" https://10.0.1.176/members.html
* About to connect() to 10.0.1.176 port 443 (#0)
*   Trying 10.0.1.176...
* Adding handle: conn: 0x80388b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x80388b600) send_pipe: 1, recv_pipe: 0
* Connected to 10.0.1.176 (10.0.1.176) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-SHA256
* Server certificate:
*        subject: description=rC3rJgFyyRdqI25U; C=NL; CN=ssl1.verisign.com; emailAddress=postmaster@verisign.com
*        start date: 2013-05-08 11:54:53 GMT
*        expire date: 2014-05-08 23:57:39 GMT
*        issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
*        SSL certificate verify ok.
> GET /repository.html HTTP/1.1
> User-Agent: curl/7.33.0
> Accept: */*
> Host: domain.com
>
< HTTP/1.1 302 Moved Temporarily
* Server Apache is not blacklisted
< Server: Apache
< Date: Wed, 15 Jan 2014 14:05:55 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=60
< Set-Cookie: asdf=asdfasdg; expires=Wed, 15-Jan-2014 16:05:55 GMT; path=/; domain=.domain.com
< Set-Cookie: SESSID=tiup07q2occif50to4ics69d54; path=/; domain=.domain.com
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Location: https://domain.com/members/members_gate?target=repository.html
< Cache-Control: max-age=315360000, public
< Strict-Transport-Security: max-age=315360000; includeSubdomains
< X-Frame-Options: DENY
<
* Connection #0 to host 10.0.1.176 left intact


As you can see, the "/members.html" is an URI that cannot be accessed by guests. The client is redirected to another URL with a 302 HTTP response code and a "location" attribute.

Let's say I authenticate via a browser and I take the PHP session id from my browser and serve it to the web server along with "Host " header with CURL:
Code:
# curl -k -v --cookie "SESSID=ekjgaqivpkfjp6iohlsi3a6ia2" --header "Host: domain.com" https://10.0.1.176/members.html
* About to connect() to 10.0.1.176 port 443 (#0)
*   Trying 10.0.1.176...
* Adding handle: conn: 0x80388b600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x80388b600) send_pipe: 1, recv_pipe: 0
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to 10.0.1.176 (10.0.1.176) port 443 (#0)

* SSL connection using ECDHE-RSA-AES128-SHA256
* Server certificate:
*        subject: description=rC3rJgFyyRdqI25U; C=NL; CN=ssl1.verisign.com; emailAddress=postmaster@verisign.com
*        start date: 2013-05-08 11:54:53 GMT
*        expire date: 2014-05-08 23:57:39 GMT
*        issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
*        SSL certificate verify ok.
> GET /repository.html HTTP/1.1
> User-Agent: curl/7.33.0
> Accept: */*
> Cookie: SESSID=ekjgaqivpkfjp6iohlsi3a6ia2
> Host: domain.com
>
< HTTP/1.1 200 OK
* Server Apache is not blacklisted
< Server: Apache
< Date: Wed, 15 Jan 2014 14:11:10 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=60
< Set-Cookie: _asdf=asdfasdg; expires=Wed, 15-Jan-2014 16:11:10 GMT; path=/; domain=.domain.com
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Pragma: no-cache
< Cache-Control: max-age=315360000, public
< Strict-Transport-Security: max-age=315360000; includeSubdomains
< X-Frame-Options: DENY
<
{ [data not shown]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">


Once CURl has sent the appropriate cookie header and host header, the request is authenticated.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/