curl

Mimik Form Based Authentication

First, examine the form to see what the form action is. In this example from a TAM server, the form action post of three variables. The username and password are self-explanitory. The login-form-type variable in this example, needs the value 'pwd'. I observed this from a little sleuthing and looking at the web page source.
username
password
login-form-type
 You usually get a session ID, or 'HTTP cookie' back that you need to save to a file, so you can reuse it on successive transactions. Here's the command;
 
curl https://access.ohio.edu/pkmslogin.form -d username=TheUser -d password=ThePass -d login-form-type=pwd -c cookies

Now that you have authentication and have a session ID, you can use it do to further web requests, such as requesting the WSDL document from the server.



Then I can log out (this is specific to TAM, again)

curl https://access.ohio.edu/pkmslogout -b cookies

Viewing Headers

Somtimes curl shows you nothing! That's often because there is a web server error message that doesn't have any. To see what's going on, you need to see the headers being returned, such as in the case of a 302;
 
curl -D - http://some .web.server
 
or in the case of a secure web server who's certificate you don't rust (as it's self signed, for example)
curl -D - -k https://access.test.oit.ohio.edu
 
Note: The option in display is the -D option, that dumps headers to a file. By adding a - to the option, it displays them on standard out. This isn't documented in the man page, however.

 
Comments