I am trying to extract some information from a page that requires authentication (I have to reverse engineer this thing). However, the problem is with the way the authentication is done. I'm trying to use LWP::Simple (which I am beginning to suspect I cannot do for this) so I first do a "GET" on the login page. Looking at the javascript used for submitting the authentication, it appears a data string is included in a hidden field which is used by a javascript to hash the authentication information.
My first problem is to extract that data string. Here is the HTML segment that I believe is relevent.
<!--@UNIQUE:bodystart@-->
<form name="postform" method="get" action="/post_login.cgi">
<input type="hidden" name="data" />
</form>
<!--@ENDUNIQUE@-->
I don't see the data string in there but the javascript uses it to apparently get the hash string (looks like some server side stuff is going on as well). Although there is an action with this form I don't believe anything gets sent to the server as only 1 page is displayed (the login page) and then submited via a button.
<form name="myform" action="/dummy" onsubmit="sendLogin(); return fals
+e;">
.
.
.
<input class="button_submit_padleft" type="button" name="Login" value=
+"Log In" onclick="sendLogin();" />
Here is the 'onClick' javascript that submits the login from the form.
function sendLogin()
{
// If the 'data' variable is not defined then there was probab
+ly some
// problem with loading the page. The best guess is that the u
+ser's network
// connection has gone down. Inform the user and try to reload
+ the page.
if (typeof(data) == "undefined") {
alert ("The network connection seems to be down. Press
+ 'Ok' to try again.");
location.reload(true);
return;
}
var a = new Array;
// Compute the login hash.
var shex = byteArrayToHexString(convertFromBase64(data),0,4);
var goodp = document.myform.Password.value.substr(0,16);
document.myform.Password.value = ""; // Make sure p
+assword never gets sent as clear text
for (var i = goodp.length; i < 16; i++) {
goodp = goodp.concat(String.fromCharCode(1));
}
var str = shex + goodp;
// Pad the string to 64 bytes.
for (var i = str.length; i < 63; i++) {
str = str.concat(String.fromCharCode(1));
}
str = str.concat((document.myform.username.value == 'user') ?
+'U' : String.fromCharCode(1));
var hash = hex_md5(str);
var saltHash = shex.concat(hash);
a = convertHexString(saltHash, 20, 20);
// Send the new configuration to the server
sendDataToServer ("post_login.cgi?data=" + convertToBase64(a),
+loginReturnValue)
}
What I don't know how to do, at this point anyway, is to get that data string so I can build the correct hash for authentidation when I issue a "POST". I may well be missing something in the HTML code but I'm not sure where to go from here. Can someone help me with this LWP code? Thanks.