LPM: User authentication in perl?
Joe Hourcle
oneiros at dcr.net
Tue May 2 13:10:26 CDT 2000
On Tue, 2 May 2000, David Hempy wrote:
>
> I'm trying to fetch a page in perl that requires user authentication. I
> think the following should work, but it doesn't. I still get a 401 error
> from the server.
>
>
> use LWP::UserAgent;
> $ua = new LWP::UserAgent;
> $request = new HTTP::Request('GET',
> 'http://www.dl.ket.org/cgi-sta/foxweb/Quiz@/db/sta/sta?courseid=LT1Y&quizid=LT1Y192&do=PRINT'
> );
>
> $ua->credentials('www.dl.ket.org', "KET DISTANCE LEARNING INTRANET",
> "dhempy", "mypassword");
>
> $response = $ua->request($request);
> $content = $response->content;
>
> print "Got Back:\n" . $response->code . ": ". $response->message .
> "\n$content \n";
>
>
>
>
> I'm believe I've got all the credentials exactly correct, but oddly enough,
> the hit isn't turning up in my access nor error logs. I am getting the 401
> error page back from the server:
Well, the issue is -- do you want it done right, or do you just want it to
work?
I've managed to do a lot by sniffing an incoming connection, and then just
regurgitating that back to the server to get what I want.
eg, when i was trying to show someone that HTTP_REFERER wasn't enough for
security, I had a loop which generated --
#####
$output =
sprintf("SSN=%09d&PIN=%04d&ID=blah&PASSWD=[bl*h]&CONFIRM=[bl*h]&x=55&y=36",
$ssn,$pin);
$blah = <<EOF;
POST /cgi-bin/create.pl HTTP/0.8
Content-Type: application/x-www-form-urlencoded
Referer: http://curd.circ.gwu.edu:90/cgi-bin/create.pl
User-Agent: Mozilla/1.0 (compatable; oneiros)
Host: curd.circ.gwu.edu:90
Content-Length: 67
Connection: Keep-Alive
$output
EOF
#####
and kept slamming it at the server.
(I was told later that they took down the machine after the load went over
2500 or so)
-----
Joe Hourcle
More information about the Lexington-pm
mailing list