32
4
Short Version:
简短版本:
I have googled and tried a dozen different cURL authentication approaches without success. There are 3 complicating factors:
我已经在谷歌上搜索并尝试了十几种不同的cURL身份验证方法,但都没有成功。有三个复杂的因素:
I am hoping somebody who reads this has cURL'd into an SB8200 cable modem (or similar) with user/pw authentication and can just post the details. More likely will be many suggestions of things to try and some google result links, most of which I likely tried already. What would be most helpful to start I think is troubleshooting why I cannot get a successful login and the credential cookie set on my initial cURL.
我希望阅读这篇文章的人已经卷曲成具有用户/PW身份验证的SB8200电缆调制解调器(或类似设备),并可以只发布详细信息。更有可能的是许多值得尝试的建议和一些谷歌结果链接,其中大多数我可能已经尝试过了。我认为最有帮助的开始是解决为什么我不能成功登录和在我的初始卷曲上设置凭据Cookie。
BTW - The username and password are known to me, were set by me, and work fine to login from a browser. I think no matter how I have passed in the credentials I am just being returned the login form again. Maybe basic auth will never work and I need to do something else.
顺便说一句,用户名和密码是我知道的,是我设置的,从浏览器登录很好。我认为,无论我如何传递凭据,我只是再次被返回登录表单。也许基本身份验证永远不会起作用,我需要做一些其他的事情。
EDIT: I discovered the "Preserve Log" option in Chrome dev tools. This allowed me to copy as curl both the login and the redirect actions. And running the login curl (which does use basic auth) does return me on stdout a credential cookie. I was not able to get this cookie stored in my cookies.txt file using the cookie options in curl. And immediately using the returned cookie in the redirect curl does not get me the expected results and instead returns the login page. But I am getting closer.
编辑:我发现了Chrome开发工具中的“保存日志”选项。这允许我将登录和重定向操作复制为cURL。运行登录cURL(它使用基本身份验证)确实会在stdout上返回一个凭据cookie。我无法使用cURL中的cookie选项将此cookie存储在我的cookies.txt文件中。在重定向cURL中立即使用返回的cookie并没有得到预期的结果,而是返回登录页面。但我越来越接近了。
Here is the Chrome-captured cURL for the login and redirect from the browser:
以下是Chrome捕获的用于登录和从浏览器重定向的cURL:
个人中心
文章发布
退出curl 'https://192.168.100.1/cmconnectionstatus.html?<REDACTED>' \
-H 'Connection: keep-alive' \
-H 'sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"' \
-H 'DNT: 1' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'Authorization: Basic <REDACTED>' \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-H 'Accept: */*' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36' \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Cookie: HttpOnly: true, Secure: true' \
--compressed \
--insecure
curl 'https://192.168.100.1/cmconnectionstatus.html' \
-H 'Connection: keep-alive' \
-H 'sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'DNT: 1' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-User: ?1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Cookie: HttpOnly: true, Secure: true; credential=gmhyY4SjR3qiWBiNIOtivpj4TF5Zwad' \
--compressed \
--insecure
Here is the HTML document returned when I try to login:
以下是我尝试登录时返回的HTML文档:
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<script src="jquery-1.7.1.min.js"></script>
<script src="json2.js"></script>
<script src="main_arris.js"></script>
<script src="jquery-2.0.3.min.js"></script>
<script>
$(document).ready(function(){
$("#htmlheader").load("htmlheader.htm");
});
</script>
</head>
<body>
<div id="htmlheader"></div>
<div class="header">
<script>
$(document).ready(function(){
$("#pageheaderA").load("pageheaderA.htm");
});
</script>
<div id="binnacleWrapper1" class="binnacleItems_hide" style="display:none;">
<div id="binnacleWrapper2" class="binnacleItems_hide" style="display:none;">
<div id="binnacleWrapperLeft"><img src="px1_Ux.png" alt="" class="binnacleWrapperShim"></div>
<div id="binnacleWrapperRight"><img src="px1_Ux.png" alt="" class="binnacleWrapperShim"></div>
<div id="binnacleWrapperMiddle">
<div id="binnacleInnards">
<div id="binnacleIndicatorWrap"></div>
<div id="binnacleModelName">
<span id="thisModelNumberIs">
<label id="model">SB8200</label></span></div>
</div>
</div>
</div>
</div>
<div id="pageheaderA"></div>
<div class="container">
<div class="subHeader">
<div class="subHeadcontent">Login</div>
</div>
<form action="">
<br>
<b>Username:</b><br>
<input type="text" id="username" onkeypress="return checkForActivate(event)">
<br>
<br>
<b>Password:</b><br>
<input type="password" id="password" onkeypress="return checkForActivate(event)">
<br>
<br>
<input type="button" id="loginButton" onclick="validate(this.form)" value="Login">
</form>
</div>
<div class="spacer40" style="text-align: center; color: red; font-weight: bold;"></div>
<div class="spacer70"></div>
</div>
<!--gap<div id="bmtg"><div class="gap1"><div class="gap2"><div class="gap3"><div class="gap4"></div></div></div></div></div>-->
<div id="fg1"><div id="fg2"><div id="fg3"><div id="fg4"><div id="fg5"><div id="fg6"><div id="fg7">
<div id="logo_bottom"><a href="http://www.arris.com"><img src="px1_Ux.png" alt="ARRIS" title="ARRIS" class="logo_bottom"></a></div>
<div id="copyright">
<a href="http://www.arris.com">©CommScope, Inc. All rights reserved. ARRIS, SURFBOARD and SURFBOARD MAX are trademarks of CommScope, Inc.<br />All other trademarks are the property of their respective owners.</a>
</div>
</div></div></div></div></div></div></div>
<!--/div-->
<script>
function authenticateUser(user, password)
{
var token = user + ":" + password;
// Base64 Encoding -> btoa
var hash = btoa(token);
var auth = hash;
sessionStorage.setItem('auth', auth);
return auth;
}
function validate( form )
{
$(".spacer40")[0].innerHTML = "";
authenticateUser(form.username.value, form.password.value);
localStorage.setItem('username', form.username.value);
eraseCookie("credential");
$.ajax({
type: 'GET',
url:"/cmconnectionstatus.html?" + sessionStorage.getItem('auth'),
contentType: 'application/x-www-form-urlencoded; charset=utf-8',
xhrFields: {
withCredentials: true
},
headers: {
'Authorization': 'Basic ' + sessionStorage.getItem('auth')
},
success: function (result) {
var token = result;
createCookie("credential", result);
window.location.href = "/cmconnectionstatus.html";
},
error: function (req, status, error) {
alert(error);
}
});
}
function checkForActivate( e )
{
if( e.keyCode == 13 )
{
document.getElementById("loginButton").click();
}
return true;
}
</script>
<!--/div-->
</body>
</html>
Solved it myself. Once I was able to save the login as curl in chrome, things fell in place. Looks like I was missing some required curl options in my initial attempts. I still need to skinny this down to the minimal necessary options, eliminate the double copy of user/pw chrome encoded, and add error checking. But the following will successfully login and pull modem status for an Arris SB8200. Never did get curl to store the credential cookie in a cookies.txt file so just used a local shell variable.
我自己解决的。一旦我能够在Chrome中将登录名保存为curl,事情就迎刃而解了。看起来我在最初的尝试中遗漏了一些必需的卷曲选项。我仍然需要将其精简到最少的必要选项,消除用户/PW Chrome编码的双重副本,并添加错误检查。但以下命令将成功登录并获取Arris SB8200的调制解调器状态。从来没有让cURL将凭据cookie存储在cookies.txt文件中,所以只使用了一个本地外壳变量。
cookie=`curl 'https://192.168.100.1/cmconnectionstatus.html?<REDACTED>' -H 'Connection: keep-alive' -H 'sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"' -H 'DNT: 1' -H 'sec-ch-ua-mobile: ?0' -H 'Authorization: Basic <REDACTED>' -H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' -H 'Accept: */*' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36' -H 'X-Requested-With: XMLHttpRequest' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Dest: empty' -H 'Accept-Language: en-US,en;q=0.9' -H 'Cookie: HttpOnly: true, Secure: true' --compressed --insecure`
curl 'https://192.168.100.1/cmconnectionstatus.html' -H 'Connection: keep-alive' -H 'sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"' -H 'sec-ch-ua-mobile: ?0' -H 'Upgrade-Insecure-Requests: 1' -H 'DNT: 1' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-User: ?1' -H 'Sec-Fetch-Dest: document' -H 'Accept-Language: en-US,en;q=0.9' -H 'Cookie: HttpOnly: true, Secure: true; credential='$cookie --compressed --insecure
Important Notes: The login authentication code in the SB8200 seems to have been hastily implemented as the result of security concerns over unauthenticated login. There seems to be a limit to the number of concurrent sessions permitted, a fixed item session table. After multiple concurrent unique login sessions, the SB8200 will stop accepting ANY logins until it is rebooted. It will return Invalid User/Password. The easiest solution for scripted access is to add the curl for logout so each session ends cleanly.
重要提示:SB8200中的登录验证码似乎是出于对未经验证的登录的安全考虑而仓促实施的。允许的并发会话数量似乎是有限制的,有一个固定的项目会话表。在多个并发唯一登录会话之后,SB8200将停止接受任何登录,直到重新启动。它将返回无效的用户/密码。脚本化访问最简单的解决方案是添加注销的cURL,这样每个会话都可以干净地结束。
32
4
0
我对文档有点困惑。请纠正我。 git 状态- 显示当前本地工作目录状态 git status -u- 显示未跟踪的文件(也是本地的) git 状态 -uno- 不显示未跟踪的文件(也是本地的)?? 后
我有一个具有 12 个虚拟机资源的 ARM 模板。每个虚拟机都有 1 个与其关联的 CustomLinuxScript 扩展资源。 某些 CustomLinuxScript 扩展失败并出现错误:状态文
我有一个具有 12 个虚拟机资源的 ARM 模板。每个虚拟机都有 1 个与其关联的 CustomLinuxScript 扩展资源。 某些 CustomLinuxScript 扩展失败并出现错误:状态文
我有以下 JavaScript 代码: alert(data.status); data 是一个 JSON 对象,其字段之一是 status ( bool 字段)。 当JSON.stringify(d
我在验证表单时遇到此错误,如何解决它。 代码: app.post('/',[ check('username','Error occured in Username').trim().isEmai
我正在开发一个使用 fork() exec() wait() 的 C 程序。第一个进程有以下代码: int main(int argc, const char * argv[]) { // inser
我想在 git status 上运行 linter,但是似乎没有 pre-status 和 post-status Hook 。 如何给 git 添加一个钩子(Hook)? fine docs对此事保
我需要获取所有 current_user.friends 状态,然后按 created_at 对它们进行排序。 class User a.created_at } end current_user.
我在 Eloquent 中使用 orWhere 时遇到问题。 我有一个团队,这个团队有一些资料。我想获取状态 = 1 或状态 = 2 的所有配置文件。但我无法让它工作。 我的代码是这样的: $prof
http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic.html#INISCRPTACT 根据这
我们在 IIS 6.0 上托管 WCF 服务的服务器之一上观察到以下行为: IIS 日志显示所用时间的值较高 (> 100000) HTTP 状态码是 200 sc-win32-status 代码显示
在 Dynamics CRM 中,潜在客户实体同时具有状态和状态原因。使用 API 我可以获得所有状态原因。我被绊倒的地方是当我的用户选择状态原因时我想倒退并找出哪个状态与所选状态原因相关联。 以下是
我很好奇返回响应和仅创建响应的区别。 我见过大量使用 return res.status(xxx).json(x) 的代码示例和res.status(xxx).json(x) . 谁能详细解释一下两者
文档并没有真正说明 status 是什么。 status 到底是什么? http://man7.org/linux/man-pages/man2/exit_group.2.html 最佳答案 来自ex
An earlier question导致了一些关于如何检查 Git 存储库是否包含脏索引或未跟踪文件的想法。我从那次讨论中采纳的答案如下: #!/bin/sh exit $(git status -
ECSHOP出现 XMlHttpRequest status:[500] Unknow status 这个错误 把/admin/templates/top.htm 这个文件中{insert_scr
我有以下代码用于通过 Twitter4J 获取推文: List statuses; Paging paging = new Paging(1, LIMIT); statuses = twitter.g
非常不言自明。我正在制作一个脚本并且遇到了被使用和解析的情况,但它们的输出似乎总是完全相同。 最佳答案 git status --branch --porcelain "显示分支的状态(ahead,
我有一张表,上面有如下记录 表A subid clickid status datetime 1 123 low 2018-07-24 20:20:44 2 123
如果确实缺少资源,我的 API 将返回以下内容 { "code": 404, "message": "HTTP 404 Not Found" } 当我使用代码 Response.sta
我是一名优秀的程序员,十分优秀!