Menu
I want to get access to a json page that contains data.
Say, it's there under http://example.com/home/apples.json
It's protected, so a login page is shown.
If I were to visit it manually I first go to http://example.com/ There I get a login menu and after login as say user "test" with password "test" visiting http://example.com/home/apples.json again will show me the json data.
If I do a
curl -u test:test http://example.com/home/apples.json -v
I end up at the login page. (Despite the authentication.)
If I visit http://example.com/ and manually login I will get a cookie after login. Say this cookie is called ltoken and gets the value "dj8f". It will only show up after a successfull login. When I look it up via the browser and copy the cookie data and attach it to the curl command:
curl -b "ltoken="dj8f" http://example.com/home/apples.json -v
it will work.
How can I get the cookie data from after login without doing it manually? Is it possible via bash shell scripting means? If yes how? Alternatively how would it be done in a groovy script?
441
By default, curl doesn't send any cookies but you can add your own cookies via the -b 'name=value' command line argument. To save cookies from the response to a file, use the -c file option. To load cookies from a file, use the -b file option.
When curl writes cookies to this file, it will save all known cookies including those that are session cookies (without a given lifetime). curl itself has no notion of a session and it does not know when a session ends so it will not flush session cookies unless you tell it to.
You can pass the body of the POST message to Curl with the -d or --data command-line option. Curl will send data to the server in the same format as the browser when submitting an HTML form. To send binary data in the body of a POST message with Curl, use the --data-binary command-line option.
We tell curl to store them to a file at /tmp/cookies using the -c switch. If you want to both send and store cookies, you need to supply both switches. You can optionally use the -j switch to tell curl to discard any cookies with "Session" expiry.
You have to perform a proper login with curl first. In order to do this, navigate to the login page and have a look at the source code. The login form should look something like this.
<form action="http://example.com/login/target" method="POST">
<input type="text" name="username" />
<input type="password" name="passphrase" />
<input type="submit" value="Log in" />
</form>
(I assume that there are no hidden input fields. Hidden input fields are often used to protect against request forgery, which is basically what we are going to do.)
From this snipped you have to extract the target of the login request (in this example http://example.com/login/target) the names of the HTML input fields (here username and passphrase). To perform the login process, you should send the login information to the target, for example by executing
curl --cookie-jar cookies.txt --form passphrase=test --form username=test http://example.com/login/target
(Please note, that is generally not advisable to type your password on the command line in this way. Your password is probably stored in a command history and could be stolen.)
The --cookie-jar option tells curl to store all cookies in a file. If the login succeeds and the server sets session cookies, curl will save them in this text file.
After a successful login, you should be able to access the json-file, if the request contains the cookies from the cookie-jar. This can be achieved with the -b argument. If -b does not contain the = character, curl will use the contents of the file as cookies.
curl -b cookies.txt http://example.com/home/apples.json -v
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
