Jump to content




PHP HTTP


5 replies to this topic

#1 _strx

  • Members
  • 58 posts

Posted 21 April 2016 - 07:36 PM

I would like to log in to my account on a website, it looks like this:

http://i.imgur.com/MzOcKkR.png (Warning, big image)


I'm not exactly sure how I'd type text into it.
Or how to submit it with the Text and Password I could use the read() function to get.

Can someone help?

#2 TYKUHN2

  • Members
  • 210 posts
  • LocationSomewhere in this dimension... I think.

Posted 22 April 2016 - 06:45 PM

I'd start by looking at what your browser sends when you login. Chances are it is encrypted, but judging how it isn't SSL, probably not impossible. Your ComputerCraft computer just needs to mimic what your browser sends. I have a program I can use to look at the connection and I'll get back with a packet of it.

EDIT:
Not sure what path is but these cookies are important! Keep track of them!
PHPSESSID=estl7aiml19dc3ib4ij1s97q87; path=/
Also yes I do know I "leaked" personal information except the fact I don't own an account associated with the session.

And of course: Less secure than expected. I logged in with username "test" and password "tester" and this was sent. Capitalization may be different.
log_username=test&log_password=tester

It is inside a POST not a GET

Edited by TYKUHN2, 22 April 2016 - 07:04 PM.


#3 mrpoopy345

  • Members
  • 148 posts
  • LocationMy Computer

Posted 23 April 2016 - 08:08 PM

View PostTYKUHN2, on 22 April 2016 - 06:45 PM, said:

I'd start by looking at what your browser sends when you login. Chances are it is encrypted, but judging how it isn't SSL, probably not impossible. Your ComputerCraft computer just needs to mimic what your browser sends. I have a program I can use to look at the connection and I'll get back with a packet of it.

EDIT:
Not sure what path is but these cookies are important! Keep track of them!
PHPSESSID=estl7aiml19dc3ib4ij1s97q87; path=/
Also yes I do know I "leaked" personal information except the fact I don't own an account associated with the session.

And of course: Less secure than expected. I logged in with username "test" and password "tester" and this was sent. Capitalization may be different.
log_username=test&log_password=tester

It is inside a POST not a GET

Sorry for the noobish question, but how exactly do you inspect what your browser sends when you login? Can I do it without third party software?

#4 TYKUHN2

  • Members
  • 210 posts
  • LocationSomewhere in this dimension... I think.

Posted 24 April 2016 - 03:01 PM

No you really can't, since it requires intercepting the traffic from your computer. I use Fidder4 but there are other products out there.

#5 MKlegoman357

  • Members
  • 1,170 posts
  • LocationKaunas, Lithuania

Posted 24 April 2016 - 03:41 PM

Yes you can, using the browsers built-in developer console. You can also inspect the actual HTML to find out how it works.

#6 _strx

  • Members
  • 58 posts

Posted 20 May 2016 - 07:11 PM

Thank you guys so much. I can't wait to make this >:)





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users