Still it could work fine using the webapp checker as you can GET/POST several URLS one-after-the-other.
Dirk Bulinckx. -----Original Message----- From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Mark Perry Sent: Friday, May 04, 2007 11:01 AM To: Servers Alive Discussion List Subject: RE: [SA-list] Monitoring Peoplesoft apps If the web-page is doing its own type of redirect then it does not conform to w3c standards and I can't see how it would be possible as the Browser passes the parameters between server and client side scripts and will always get a header response. The only way to circumvent this would be to have a client side script which sets up ist own socket connection to the server and then pass control back to the browser which is a little extreme for a web login. It would be more likely that the server is passing 301 not found headers back during the conversation and the cookie is passed as something like: Set-Cookie: sID=ebdd807bf45109bd447b1e17ed906c33 You can just pass this string back in subsequent headers to the server as part of the Cookie: sID=ebdd807bf45109bd447b1e17ed906c33; Parameter together with other cookie params, until the negotiation has finished. I understand that this is probably beyond what the http check can do as it was never designed to be a web robot. Mark Perry Systems & Networks Administrator -----Original Message----- From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Dirk Bulinckx Sent: 04 May 2007 09:31 To: Servers Alive Discussion List Subject: RE: [SA-list] Monitoring Peoplesoft apps When SA does a post it does include the host,content-length,.... I suspect that the problem is different. First of all the authentication will be done within a POST and not using HTTP authentication. Second I guess that although you see 1 url, that the system does a couple of redirects to add cookies AND those redirects are probably NOT done with 302 clauses but with the code within the page. If it's 302 redirects then SA follows them, if it's something in the page that does the redrect then SA is not following them (as SA is not executing the code that is in the page itself). Dirk Bulinckx. -----Original Message----- From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Mark Perry Sent: Friday, May 04, 2007 10:21 AM To: Servers Alive Discussion List Subject: RE: [SA-list] Monitoring Peoplesoft apps I suspect that the people soft app has its own login username / password system stored in the peoplesoft database. I haven't tried this in salive but this works for scripts I write to automate web pages. The real question is whether or not salive actually contructs a complete http post and specifies parameters such as, Host: content-length: These may or may not be required by your web-server. As Dirk has said you can use applications such as ethereal to take a look at the guts, but for HTML I use fiddler as this is HTML only and also works with my network adapter card as it is an Internet Explorer plugin (I know there are plugins for firefox which also do the same thing). The problem with packet capture software is that the driver needs to support it. You also need winpcap installed under windows whereas if you have access to linux you can use tcpdump although this is for the brave. The intitial Url that is used is passing a paramenter list to the default script for that page of cmd=login. Presumably the url in the address bar is not the same when you actually get to the login page. The client / server conversation should result in the final url in the address bar for this page. View the source of the page and look for the action keyword and this will tell you what script etc the page passes the data to e.g. If the final url is: http://psf-app:8999/psp/psdev/ And action is default.php then your full url is: http://psf-app:8999/psp/psdev/default.php You then need to know what parameters to pass in this url which you also get from the source html. The Basic form will be anything between <form> </form> which has a name parameter look for a value parameter to pair it. Some value parameters are static as specifically defined e.g. the submit key -> value pair. The one caveat to this is that not everything with name field requires a value e.g. the form name does not. You also need to remember that the sequence is url encoded e.g. spaces are not allowed so you need to substitute spaces with + and key -> value pairs are delimited by & I also really hope that you don't have any characters that are non standard like ; to pass as these will need to be escaped and coverted into a uri-encoded hex value e.g. & = %26 So possibly the final url would look something like: http://psf-app:8999/psp/psdev/default.php?loginsubmitted=log+in&username =someone&password=something&rememberme=0 hope this helps -----Original Message----- From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Dirk Bulinckx Sent: 03 May 2007 17:51 To: Servers Alive Discussion List Subject: RE: [SA-list] Monitoring Peoplesoft apps The username/password that you can supply in SA is for real HTTP authentication. Is that what is used in Peoplesoft's website? The best you can do is to do a login via a browser and by using a sniffer (ethereal or sniffer or netmon) see what EXACTLY goes over the wire and from that you can see what is send and how (POST or GET). Dirk Bulinckx. -----Original Message----- From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ha, Kong Sent: Thursday, May 03, 2007 5:21 PM To: Servers Alive Discussion List Subject: RE: [SA-list] Monitoring Peoplesoft apps Initially, the url that I pass is http://psf-app:8999/psp/psdev/?cmd=login This is the login screen. I used the get command first, supplying the username and password through the salive interface. Next I use post and putting the username and password in the data to be post field. Finally, I used http://psf-app:8999/psp/psdev/EMPLOYEE/ERP/h/?tab=DEFAULT. This is the screen after a successful login. In all cases, I was just presented by the screen using with the first URL. I checked the _temp_for_url.tmp file which correspond to the first URL. Anthony Ha City of Pasadena Tel No: 626-744-7642 Cell: 626-482-5498 email to cell: [EMAIL PROTECTED] -----Original Message----- From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Mark Perry Sent: Thursday, May 03, 2007 1:31 AM To: Servers Alive Discussion List Subject: RE: [SA-list] Monitoring Peoplesoft apps How are you passing the URL? Please give an example. Regards Mark Perry -----Original Message----- From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ha, Kong Sent: 01 May 2007 23:36 To: Servers Alive Discussion List Subject: [SA-list] Monitoring Peoplesoft apps Is there a way to monitor peoplesoft using the URL feature? No matter what I try, the response is to bring me back the logon screen of peoplesoft, ignoring the username and password that I put in. How to force salive to feed the username and password to the URL and get a response? Anthony Ha City of Pasadena Tel No: 626-744-7642 Cell: 626-482-5498 email to cell: [EMAIL PROTECTED] -----Original Message----- From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 01, 2007 2:55 PM To: Ha, Kong Subject: Welcome to Servers Alive Discussion List Dear Ha,, Welcome to Servers Alive Discussion List. Thank you for becoming member of our mailing list. Here's a short "user's manual" of this mailing list: To subscribe, send a message to salive@woodstone.nu containing "SUBSCRIBE" in subject and reply to the confirmation message. To unsubscribe, send a message to salive@woodstone.nu containing "UNSUBSCRIBE" in subject. To turn on digest mode, send a message to salive@woodstone.nu containing "DIGEST ON" in subject. To turn digest mode off, send a message to salive@woodstone.nu containing "DIGEST OFF" in subject. To get help, send a message to salive@woodstone.nu containing "HELP" in subject. To send a message to all subscribers, send it to salive@woodstone.nu (NOTE: you must be a subscriber to be able to that). Thanks again. THIS IS AN AUTOMATED RESPONSE To unsubscribe send a message with UNSUBSCRIBE as subject to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list. To unsubscribe send a message with UNSUBSCRIBE as subject to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list. To unsubscribe send a message with UNSUBSCRIBE as subject to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list. To unsubscribe send a message with UNSUBSCRIBE as subject to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list. To unsubscribe send a message with UNSUBSCRIBE as subject to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list. To unsubscribe send a message with UNSUBSCRIBE as subject to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list. To unsubscribe send a message with UNSUBSCRIBE as subject to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list. To unsubscribe send a message with UNSUBSCRIBE as subject to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list.
