Thank you, Oleg and Brijesh, for your suggestions. I'll try a different sniffer and/or one of the plug-ins and try digging a little deeper into the header packets.
Thanks again! - Stephanie -----Original Message----- From: Brijesh Deo [mailto:b...@sonicwall.com] Sent: Wednesday, April 22, 2009 7:32 AM To: HttpClient User Discussion Subject: RE: Can servers "block" programmatic form submissions? Hi Stephanie, You can use some tools that work with your browser to see what request/response headers, data etc are contained in the HTTP packets when you are tying to browse your website using a browser. Then you can set the same/similar combination of Http headers, data in your HttpGet or HttpPost objects to emulate the browser behavior while using the HttpClient to send requests to your website. For Mozilla Firefox, you can install a plugin called HttpFox which will let you see every GET/POST packet and all underlying header/data. For IE, there is something called IEHTTPAnalyzer but that's not free I guess. Although you can work with the trial version for sometime, I think. Or, if you are comfortable you can use Packet Sniffer tools like Ethereal or wireshark and then find Http Packets and then analyze its contents. Thanks, Brijesh -----Original Message----- From: Klein, Stephanie [USA] [mailto:klein_stepha...@bah.com] Sent: Tuesday, April 21, 2009 6:40 PM To: HttpClient User Discussion Subject: [Junk released by User action] RE: Can servers "block" programmatic form submissions? First, thank you for taking the time to respond to my question. I really appreciate it. "> I downloaded a browser sniffer program, but when it's running, the > website I'm trying to log into won't load properly (via the browser). > I find this highly improbable. I can not think of a way for a server side application to tell that the IP traffic is being sniffed upon, but I am not a network specialist by any stretch of imagination. There must be something else." I was rather surprised by the behavior of the website when I had the sniffer running, too. I tried several times, though - when the sniffer was running, the page wouldn't load. When the sniffer was stopped, the page loaded fine. I suppose it could be something with the firewall here at work - I'll try at home on my personal computer and see if I get the same results. " there should always be a way to emulate the HTTP packets as emitted by the common browsers." Can you suggest a particular object I should research/explore to try to find a way to emulate the browser? Will I want to look at HttpClient, or is there something else I should look into? Again, thanks for your help, - Stephanie -----Original Message----- From: Oleg Kalnichevski [mailto:ol...@apache.org] Sent: Tuesday, April 21, 2009 6:54 AM To: HttpClient User Discussion Subject: Re: Can servers "block" programmatic form submissions? On Mon, Apr 20, 2009 at 01:03:16PM -0400, Klein, Stephanie [USA] wrote: > Hi, All, > > I'm writing an application to log into a website via a form. I've tried > many different ways, but each time, I get re-directed to a page saying > I'm being "redirected to an authentication service on another device". > (I'm not able to get to this page via a browser.) > > I downloaded a browser sniffer program, but when it's running, the > website I'm trying to log into won't load properly (via the browser). > I find this highly improbable. I can not think of a way for a server side application to tell that the IP traffic is being sniffed upon, but I am not a network specialist by any stretch of imagination. There must be something else. > So, is it possible for a company to disable programmatic access on the > server side? Can they have something set up to block this type of > log-in? > Yes, they can, and they often do. Lots of companies intentionally make it difficult to script the login process to their sitesi, for good reasons. However, there should always be a way to emulate the HTTP packets as emitted by the common browsers. Hope this helps. Oleg > Just in case it's helpful, here is the latest version of code I'm using. > Again, I've tried several versions. I'd be happy to share the other > versions if that will be helpful. I do have wire logging turned on and > would be happy to share those files also. > > // BEGIN OF CODE > > String response = ""; > > GetMethod authget = new GetMethod("https://www.somesite.com";); > (new HttpClient()).executeMethod(authget); > response = authget.getResponseBodyAsString(); > System.out.println("Body from authget " + response); > > PostMethod authPost = new PostMethod("https://www.somesite.com";); > > NameValuePair[] paramList = { > new NameValuePair("SMENC", "ISO-8859-1"), > new NameValuePair("SMLOCAE", "US-EN"), > new NameValuePair("TARGET", "/login/index.html"), > new NameValuePair("USER", "username"), > new NameValuePair("PASSWORD", "password"), > new NameValuePair("lowBandwidth", "false") > }; > > System.out.println("Response body is " + response); > System.out.println("Login form post (authPost): " + > authPost.getStatusLine().toString()); > > // END OF CODE > > Thank you for your time and consideration, > > - Stephanie > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
