[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev dumping web pages
|
From: |
David Woolley |
|
Subject: |
Re: lynx-dev dumping web pages |
|
Date: |
Fri, 2 Apr 1999 00:34:32 +0100 (BST) |
>
> Is there any way to dump pages which is protected by password?
> I used to use -dump -auth=id:passwd option. But server changed
> its setup to html based login instead of pop up login.
That's no login at all in protocol terms. The page is being protected
by an ad hoc mechanism that may change at any time.
This may be security by obscurity, in which case simply quote the URL
that you get after the login.
It may be persistent cookie based, although I wouldn't expect a login
prompt at all, and recent Lynxes should work if you accept the cookies.
It may be session cookie based, in which case you have problems, as
Lynx will lose the cookie between invocations.
It may be obscurity, but backed by a referer check, in which case you
will have to hack the code to fake an on-site referer.
It may be done with hidden fields on forms. These will be visible for
GET mode forms, but you will have to extract them from a response and
use postdata.
It may use a short lived session identity coded in URLs or hidden fields,
in which case you will have to capture this information within the lifetime
of the session.
In all cases, it probably doesn't give them added security over using
the built-in mechanisms, just allows them control of the appearance of
the login dialogue - i.e. it is the normal interactive GUI only mode
of thinking.