I'm trying to login to this page using curl. The page uses authentication via html forms so http auth using curl --user name:password is not working in this case. I've found this post where is mentioned that one should search for
action= attribute under <form> to obtain correct address where to send data. The snippet from mentioned page looks following:
<form id="si_signinform" name="signinform" method="post" action="https://www.criticker.com/authenticate.php">
<input class="si_input" name="si_username" id="si_input_uname" value="" autocapitalize="none" type="text">
<input class="si_input" name="si_password" id="si_input_pswd" value="" type="password">
<input name="goto" value="https://www.criticker.com/signout.php" type="hidden">
<p id="submit"><input id="si_submit" name="si" value="Go" type="submit"></p>
I've also find this post which says that some attributes might be hidden when the are send to server (seems that this is my case because of "goto" and "si" parameters as shown on screenshots)
So here are steps I did:
I've logged to page via Firefox
I've check HTTP parameters via Developer Tools (see screenshots)
I've issued following curl command to login curl -L -X POST -F 'si_uername=wakatana' -F 'si_password=$PASWORD' -F 'goto=https://www.criticker.com/signout.php' -F 'si=Go' -c cookiefile.txt http://www.criticker.com/authenticate.php
Then I've issued following curl command to check whether I'm logged successfully curl -L -b cookiefile.txt https://www.criticker.com/
When I login from Firefox I can see my username in upper right of page.
But when I issue one of the curl commands and grep the returned content for username there is no such string. Based on this I deduce that authentication was not successful. But when login via Firefox and use "Copy as cURL" function as stated here I got this:
curl "https://www.criticker.com/" -H "Host: www.criticker.com" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H "Accept-Language: en-US,en;q=0.5" --compressed -H "Referer: https://www.criticker.com/signin.php" -H "Cookie: PHPSESSID=SOME_VALUES_GOES_HERE; gid2=SOME_VALUES_GOES_HERE; uid2=SOME_VALUES_GOES_HERE -H "Connection: keep-alive" -H "Upgrade-Insecure-Requests: 1" -H "DNT: 1"
and it works. The problem is that I need to first login wit Firefox and then issue curl.
How can I use curl to login to page which is using forms? Please note I'm looking for some general hints which I can apply to any page (e.g. using proxy, sniffers etc.). I'm not primary interested in this site (but I'm interesting why the curl commands does not work). It is just example which uses form for authentication, if there is some playground for testing such curl commands please let me know. Thank you
Your cURL command is incorrect. Typo in si_username and missing the S in https for the authentication page. Also, in the "goto" you are putting the singout page instead of the main page (or some other page).
Try with:
curl -L -F 'si_username=name' -F 'si_password=xxx' -F 'goto=https://www.criticker.com/' -F 'si=Go' -c cookiefile.txt https://www.criticker.com/authenticate.php
You may not even need the goto and Go fields:
curl -L -F 'si_username=name' -F 'si_password=xxx' -c cookiefile.txt https://www.criticker.com/authenticate.php
Related
I'm using this script:
wget -O C:\FlairnetLab\output\x.csv --http-user='[My User]' --http-password='[Password]' --no-check-certificate https://ca-test.adyen.com/reports/download/MerchantAccount/FlairnetECOM/payments_accounting_report_2021_06_10.csv
But i get no file found response. But if i type the url in the browser using the same credential i can download the file.
Can some help me?
The problem is likely to be the encoding of the credentials (both Adyen-generated username and password include several special characters).
An option is to generate the base64-encoded string username: password with a command line (or with an online generator)
# example on Mac
$ echo -n '<username>:<password>' | openssl base64
cmVwb3J0.......5LX4=
then pass it in the Authorization header
# example with wget
wget --header "Authorization: Basic cmVwb3J0.......5LX4=" https://ca-test.adyen.com/reports/download/MerchantAccount/MyMerchantAccount/payments_accounting_report_2021_01_01.csv
# example with curl
curl -H "Authorization: Basic cmVwb3J0.......5LX4=" -X GET https://ca-test.adyen.com/reports/download/MerchantAccount/MyMerchantAccount/payments_accounting_report_2021_01_01.csv
I am using NextCloud 11 to store my personal files, and I use the simple curl script from the documentation in order to upload files to my NextCloud drive:
curl -u user:pw -T test.pdf "http://localhost/nextcloud/remote.php/dav/files/user/test/test.pdf"
Moreover, I would like to directly add some tags to the uploaded files. However, in the official documentation, they just show how files can be uploaded, deleted and moved through the WebDAV interface.
Does anybody have a hint how I could tag a file remotely?
I have posted the same question in the official NextCloud community forum, but I did not receive a response yet. In case I receive a response, I will post it here.
POST https://yournextcloud.com/index.php/api/v1/files/path/to/file
Payload is JSON:
{"tags": ["tag1", "tag2"]}
You will need to authenticate yourself using Basic Auth
Edit: The API can only be called from inside Nextcloud because the CSRF token is required.
For the record, after a bit of digging I found https://doc.owncloud.com/server/latest/developer_manual/webdav_api/tags.html which does the job for nextcloud as well. In a nutshell:
Get file id for a given file:
curl --silent -u user:password -X PROPFIND -H "Content-Type: text/xml" \
--data-binary "#file-propfind.xml" https://nextcloud/remote.php/webdav/file' | xmllint --format -
with a file-propfind.xml in your directory containing something like
<?xml version="1.0" encoding="utf-8" ?>
<a:propfind xmlns:a="DAV:" xmlns:oc="http://owncloud.org/ns">
<a:prop>
<oc:fileid/>
</a:prop>
</a:propfind>
Then get list of tags for this file using
curl --silent -u user:password -X PROPFIND -H "Content-Type: text/xml" \
--data-binary "#tags-propfind.xml" https://nextcloud/remote.php/dav/systemtags-relations/files/<FILEID>" | xmllint --format -
where FILEID is the number you got as oc:fileid in the previous response and tags-propfind.xml a file containing something like
<?xml version="1.0" encoding="utf-8" ?>
<a:propfind xmlns:a="DAV:" xmlns:oc="http://owncloud.org/ns">
<a:prop>
<oc:display-name/>
<oc:user-visible/>
<oc:user-assignable/>
<oc:id/>
</a:prop>
</a:propfind>
This is for tag reading, but the API document also explain how to add a tag in the same fashion.
I can send an email from a ServiceM8 account through the ServiceM8 API 'message services' (http://developer.servicem8.com/docs/platform-services/message-services/), and read the resulting ServiceM8 message-id.
But I would like to relate that message to a specific job within ServiceM8, so that it will appear as an email item in that job's diary in the ServiceM8 web application. (Emails sent from within the ServiceM8 web application are related to the diary and appear there - my question is about how to do this from the API).
Worst case, I could create a new 'Note' containing the email text and add that to the job in the hope that it would show up in the diary in the web application as a note.
But I want to check there isn't an easier way since sending the email results in there already being a relatable message-id available within ServiceM8.
Thanks
Using the messaging services API, can't be done. Using the web API, you can do just that.
There's an authorisation code required, which is specific to your account and to this function, you only need to retrieve it once, and then you can integrate that specific URL into your code. It's contained within the ClientSidePlatform_PerSessionSetup URL.
Here is a script that will grab the E-mail URL specific to your login:
Syntax: ./getsm8emailurl.sh "email#address.com" "password"
#!/usr/bin/env bash
#getsm8emailurl.sh
#Create Basic auth
user="$1"
pass="$2"
pass="$(echo -n "${pass}" | md5sum | cut -f1 -d' ')"
auth="$(echo -n "${user}:${pass}" | base64)"
#Get Account specific e-mail url
email_url="https://go.servicem8.com/$(curl --compressed -s -L "https://go.servicem8.com/$(curl --compressed -s -L "https://go.servicem8.com/" -H "Authorization: Basic $auth" | grep -o 'ClientSidePlatform_PerSessionSetup.[^"]*' | grep -v "s_boolFailover")" -H "Authorization: Basic $auth" | grep -o "PluginEmailClient_SendEmail.[^']*")"
#Output base e-mail URL
echo "$email_url"
Once you have the email url, (will start with https://go.servicem8.com/PluginEmailClient_SendEmail and will end with the s_auth code), you can use it like any other rest endpoint.
Required Header Values:
Authorization (same as regular API)
Required Post Params:
s_form_values="guid-to-cc-subject-msg-job_id-attachedFiles-attachedContacts-strRegardingObjectUUID-strRegardingObject-boolAllowDirectReply"
(these have to stay just as they are)
s_auth="your_account_s_auth_code"
to="recipient#domain.com"
Optional Post Params:
subject="subject"
msg="html message body"
boolAllowDirectReply="true|false" (Can recipient reply directly to job diary)
strRegardingObject="job|company"
strRegardingObjectUUID="job|company uuid"
DEMO
#!/usr/bin/env bash
#sendemail.sh
#demo here using random auth codes and uuids
curl --compressed -s "https://go.servicem8.com/PluginEmailClient_SendEmail" \
-H "Authorization: Basic dGVzdHVzZXJAdGVzdGRvbWFpbi5jb206dGVzdHBhc3M=" \
-d s_form_values=guid-to-cc-subject-msg-job_id-attachedFiles-attachedContacts-strRegardingObjectUUID-strRegardingObject-boolAllowDirectReply \
-d s_auth="6akj209db12bikbs01hbobi3r0fws7j2" \
-d boolAllowDirectReply=true \
-d strRegardingObject=job \
-d strRegardingObjectUUID="512b3b2a-007e-431b-be23-4bd812f2aeaf" \
-d to="test#testdomain.com" \
-d subject="Job Diary E-mail" \
-d msg="hello"
Edit/Update/Disclaimer:
This information is for convenience and efficiency - memos, quick tasks, notifications, updates, etc. This isn't to be relied upon for critical business operations as it is undocumented, and since it does not process JS like a browser would, it could stop working if the inner workings of the service changed.
I have a POST method in my API which uses multipart encoded form data. I have set up the correct header and data settings so that the mashape web interface generated the following curl:
curl -X POST --include 'https://sslavov-text-analytics-v1.p.mashape.com/news' \
-H 'Authorization: Basic ***********' \
-H 'X-Mashape-Key: ************' \
-H 'Content-Type: multipart/form-data' \
-F 'file=#sample.docx' \
-F 'meta={"documentType": "application/vnd.openxmlformats-officedocument.wordprocessingml.document"};type=application/json'
Basically i'm trying to upload a file with a simple paragraph of text for processing. The curious part is that when I run this exact curl in a bash script, everything works smoothly, but when I try to run it through mashape, it says either 400 Bad Request or 500 Internal Server Error
In my particular case, these errors are generated when I don't pass correct form or headers. So my question is: Is there an error in the curl syntax or should I keep looking for the error on server side?
EDIT: I figured out what the problem was. -F 'file=#sample.docx' was passed before -F 'meta....' and that was causing the 500 Internal Server Error So now the question is: Is there any way to specifically arrange the order of the form fields (because mashape rearranges them aplhabetically)?
I am trying to use RESTClient Firefox add on to post something equivalent to this:
curl -s -S -X POST -H "Content-type: application/zip" \
--data-binary #./cluster-config.zip \
http://${JOINING_HOST}:8001/admin/v1/cluster-config
The idea is using this Firefox add-on (RESTClient) to debug my stuff until it works. But I am stuck because I don't find the way to add a file to the request (equivalent to --data-binary parameter of curl)
How can I include a file in the request in RestClient Firefox add-on?