[wellylug] Automatically retrieving certificate and webpage via HTTPS
Cliff Pratt
enkidu at cliffp.com
Wed Dec 28 18:51:35 NZDT 2005
David Antliff wrote:
>
> When I was on Paradise.net, I wrote and maintained a script that
> downloaded my current cable Internet data usage data. It used wget and a
> username/password pair to access the webpage and did a few calculations
> on it to help me keep track of things.
>
> I have since moved to Ihug and things are a little different - the Data
> Usage page requires an SSL authenticated session to be established (via
> their web login page) before the Data Usage page can be accessed,
> otherwise it simply redirects to an 'error' page informing the user to
> log in.
>
> I don't really know much about SSL and HTTPS yet, so my question is -
> can this login process be automated somehow so that I can modify my
> script to collect usage data from Ihug? How do I go about obtaining a
> certificate from their server? Do certificates only last a short period
> of time? wget has --certificate=file which could be used I presume if I
> can get the certificate somehow.
>
Tricky, but probably possible. AFAIK you can just specify the HTTPS URL
to the login page and send the appropriate details. You don't need a
certificate, the IHUG one will be used for the session, and during
session setup the public key is sent to you. 'wget' then uses that for
the session. I'm assuming that 'wget' is *capable* of speaking SSL....
Once you are signed in there will likely be a 'session cookie' that is
used when you access the stats page. The actual URL may be HTTPS or HTTP
and may have to provide the 'session cookie'.
I'd capture the traffic when you do a manual session, using tcpdump or
snort, (making sure that you capture the payload!)
Cheers,
Cliff
More information about the wellylug
mailing list