Need help with curl post and javascript - javascript

I'm trying to log in to some web site.
I did it before with some other site but this site is more complicated.
I used LIVE HTTP Headers to capture the post request.
I noticed that the post request was done correctly but from some reason I'm not being transferred to the correct url.
I went over the page source and I think this form is being transferred using JS.
This is what appended to the post arguments after the __VIEWSTATE variable:
&ctl00_Menu_MainMenu_ContextData=&ctl00%24middleContent%24TextBoxName=0526579737&ctl00%24middleContent%24TextBoxPass=LIRAN&ctl00%24middleContent%24TextBoxPriv=liran&ctl00%24middleContent%24CheckLicense=on
and this is the javascript function that validates this info:
function Continue_Click()
{
var LabelError = document.getElementById('ctl00_middleContent_LabelError');
var lnkButton1 = document.getElementById(middleContent + 'lnkButton1');
var msg = validateLoginPeleNumRecognizeUser(document.getElementById('ctl00_middleContent_TextBoxName').value);
if (msg == '')
{
if (validateLoginPeleNumEmail(document.getElementById('ctl00_middleContent_TextBoxName').value)){
musixMail = document.getElementById('ctl00_middleContent_TextBoxName').value;
var obj = document.getElementById('ctl00_middleContent_TextBoxPriv');
if (obj != null && obj.value != '')
msg = validateLoginUserLogin(obj.value);
if (msg == '')
{
if(document.getElementById('ctl00_middleContent_CheckLicense').checked)
{
if(log.login('recognize'))
{
__doPostBack('ctl00$middleContent$lnkButton1','');
}
}
else
LabelError.innerHTML = 'עליך להסכים לתנאי השימוש על מנת להמשיך לגלוש באתר';
}
else
LabelError.innerHTML = msg;
}
else{
msg = validateLoginPasswordLogin(document.getElementById('ctl00_middleContent_TextBoxPass').value);
if (msg == '')
{
var obj = document.getElementById('ctl00_middleContent_TextBoxPriv');
if (obj != null && obj.value != '')
msg = validateLoginUserLogin(obj.value);
if (msg == '')
{
if(document.getElementById('ctl00_middleContent_CheckLicense').checked)
{
if(log.login('recognize'))
{
__doPostBack('ctl00$middleContent$lnkButton1','');
}
}
else
LabelError.innerHTML = 'עליך להסכים לתנאי השימוש על מנת להמשיך לגלוש באתר';
}
else
LabelError.innerHTML = msg;
}
else
LabelError.innerHTML = msg;
}
}
else
LabelError.innerHTML = msg;
}
$(function(){
$('#ctl00_middleContent_TextBoxName,#ctl00_middleContent_TextBoxPass,#ctl00_middleContent_CellName').keypress(function(e){
if(e.keyCode==13)
Continue_Click();
});
Does anyone know how can I trigger this function when using curl?
Thanks

Curl is just a tool to make HTTP requests to a server, and (optionally) record the response. When you make the request you're thinking about, the server sends a few KB of text in response to curl's request.
In this case, the text is HTML with some Javascript embedded (or referenced). But curl doesn't know how to parse the HTML, because it's just a data-transfer tool. It received the data - job done.
So I think you're going to hit a dead end if you want to have curl automatically execute the Javascript. You'd need a JS engine to do this, as well as an HTML engine to parse the HTML and work out what JS commands should be actually run. Rhino or Spidermonkey could do the former, but since you don't have a JS file but an HTML file this won't work too well. Fundamentally, if you want this to work generally, comprehensively and autonomously, you'll need a tool that behaves identically to a browser - which, by definition, is a browser.
In most cases, if you're looking at a single site though, you can work out the request that curl needs to send by sniffing the requests made by a browser. Typically, in the worst case scenario you might need to use a regex on the returned text to extract e.g. the sessionID; for a given site this isn't so bad. If you're not prepared to have this level of brittleness, then curl is quite simply not an appropriate tool for what you're doing.

Related

Pattern matching never terminates

I have this javascript for pattern matching. When I open the HTML file and the scripts run, it never ends. The page loads forever. The logs inside the if and else never print out. I am unable to find the problem.
var link="https://www.google.co.uk/search?source=hp&ei=EUtVWuX5JpGRkwWW_py4Cg&q=testing+for+schools&oq=testing&gs_l=psy-ab.1.1.0i131k1j0l9.7269.8065.0.9955.7.7.0.0.0.0.175.755.4j3.7.0....0...1.1.64.psy-ab..0.7.754...0i3k1.0.TglIEkPkeIU";
var pattern = "(https:\\/\\/)(.*\\.)*(google.co.uk)(\\/.*)*(\\/)*";
if(link.search(pattern) == 0)
{
console.log("inside if");
console.log("Match");
}
else
{
console.log("inside else");
console.log("Not Match");
}
EDIT:
I need a RegEx that represents almost any URL starts with https. The only thing that is variable is the domain name, e.g. google.co.uk. I thought my RegEx was perfect but it could not handle this case.
EDIT2:
The logic for the patter I need is: (any-sub-domain.)*(domain-name)(/something)* (/)*
EDIT3:
Sorry the previous edit corrected now. It was wrong because I did not put it in code.
Instead of using a regex to parse the whole URL, I suggest first using the URL object of JavaScript to extract the relevant parts of the URL. Then you can check attributes of the URL such as hostname and protocol using if:
var link = "https://www.google.co.uk/search?source=hp&ei=EUtVWuX5JpGRkwWW_py4Cg&q=testing+for+schools&oq=testing&gs_l=psy-ab.1.1.0i131k1j0l9.7269.8065.0.9955.7.7.0.0.0.0.175.755.4j3.7.0....0...1.1.64.psy-ab..0.7.754...0i3k1.0.TglIEkPkeIU";
var urlObject = new URL(link);
console.log(urlObject.hostname); // "www.google.co.uk"
console.log(urlObject.protocol); // "https:"
if (urlObject.protocol === "https:") {
if (urlObject.hostname.endsWith('google.co.uk')) {
console.log("this page is on Google UK");
} else {
console.log("this page is on some other HTTPS web site");
}
} else {
console.log("this page is not secured by HTTPS");
}

Write to file from Chrome console

Is it possible to have Chrome write the console output to a local file?
If not; Can I make an external call from the console to my server and save it there?
I know this can be done with devtool extended but I would rather do it from console.
You can't write into a file in a local computer. It will lead to great security flaw.
Best way is to save the data in server.
The following may work, but need some server side work.
(function(console){
var url = "domain.com/../userdata/"
console.save = function(data, filename){
var ajaxreq = new XMLHttpRequest();
ajaxreq.open("POST", url+filename, false);
ajaxreq.onreadystatechange = function ()
{
if(ajaxreq.readyState === 4)
{
if(ajaxreq.status === 200)
{
alert(ajaxreq.responseText);
}
}
}
ajaxreq.send(data);
}
})(console);

Internet Explorer CrossDomain Request doesnt work correctly and MS doesnt give onerror reasoning

I added variables in the request as per the Microsoft standard below, var openRetVal and var sendRetVal... Odd thing is, that they dont get anything returned in them, so did Microsoft lie in their own documentation?
I was working on a ajax request, and like usual, IE is a difficult specimen to work with. I found that instead of doing a AJAX request, i can do an XDR. My code in chrome works, so i know the destination server is working and on a successful request does what is suppose to happen. Below is my code segment for an XDR.
if ($.browser.msie && window.XDomainRequest) {
var xdr = new XDomainRequest();
//var webstring = location.protocol +"//"+ location.host +"/" + WEBSERVICE_URL + "/test";
//WEBSERVICE_URL = "webservices/FormDesigner.svc";
var webstring = WEBSERVICE_URL + "/test";
var openRetVal = xdr.open("GET", webstring); //added this var as it supposidly gets a return value from the function call.
xdr.onload = function () {
var JSON = $.parseJSON(xdr.responseText);
if (JSON == null || typeof (JSON) == 'undefined') {
JSON = $.parseJSON(data.firstChild.textContent);
}
//below is my onsuccess call which is called by both successes for IE and NON-IE processes allowing all stuff to be piped into 1 call.
ajax_success(JSON);
};
xdr.ontimeout = function () {
alert("XDR Error. Timeout");
}
xdr.onerror = function () {
alert("XDR Error. Unable to do a Cross Domain Server Request.");
};
var sentRetVal = xdr.send(); //added this var as the function is suppose to return success or error as per microsoft.
}
It always returns onerror which is NOT what i am aiming for, naturally. I am pinging something within the same domain for the moment for testing purposes which is why there is not other stuff. Like i said, it works with other browsers so far... Is there an improper formatting I am unaware of? There is no data submitted as well with this test request.
If you are already using jQuery, just use jQuery for ALL BROWSERS, then you should not have any issues in IE.

How to read a text file from server using JavaScript?

On the server, there is a text file. Using JavaScript on the client, I want to be able to read this file and process it. The format of the file on the server cannot be changed.
How can I get the contents of the file into JavaScript variables, so I can do this processing? The size of the file can be up to 3.5 MB, but it could easily be processed in chunks of, say, 100 lines (1 line is 50-100 chars).
None of the contents of the file should be visible to the user; he will see the results of the processing of the data in the file.
You can use hidden frame, load the file in there and parse its contents.
HTML:
<iframe id="frmFile" src="test.txt" onload="LoadFile();" style="display: none;"></iframe>
JavaScript:
<script type="text/javascript">
function LoadFile() {
var oFrame = document.getElementById("frmFile");
var strRawContents = oFrame.contentWindow.document.body.childNodes[0].innerHTML;
while (strRawContents.indexOf("\r") >= 0)
strRawContents = strRawContents.replace("\r", "");
var arrLines = strRawContents.split("\n");
alert("File " + oFrame.src + " has " + arrLines.length + " lines");
for (var i = 0; i < arrLines.length; i++) {
var curLine = arrLines[i];
alert("Line #" + (i + 1) + " is: '" + curLine + "'");
}
}
</script>
Note: in order for this to work in Chrome browser, you should start it with the --allow-file-access-from-files flag. credit.
Loading that giant blob of data is not a great plan, but if you must, here's the outline of how you might do it using jQuery's $.ajax() function.
<html><head>
<script src="jquery.js"></script>
<script>
getTxt = function (){
$.ajax({
url:'text.txt',
success: function (data){
//parse your data here
//you can split into lines using data.split('\n')
//an use regex functions to effectively parse it
}
});
}
</script>
</head><body>
<button type="button" id="btnGetTxt" onclick="getTxt()">Get Text</button>
</body></html>
You need to use Ajax, which is basically sending a request to the server, then getting a JSON object, which you convert to a JavaScript object.
Check this:
http://www.w3schools.com/ajax/tryit.asp?filename=tryajax_first
If you are using jQuery library, it can be even easier:
http://api.jquery.com/jQuery.ajax/
Having said this, I highly recommend you don't download a file of 3.5MB into JS! It is not a good idea. Do the processing on your server, then return the data after processing. Then if you want to get a new data, send a new Ajax request, process the request on server, then return the new data.
Hope that helps.
I used Rafid's suggestion of using AJAX.
This worked for me:
var url = "http://www.example.com/file.json";
var jsonFile = new XMLHttpRequest();
jsonFile.open("GET",url,true);
jsonFile.send();
jsonFile.onreadystatechange = function() {
if (jsonFile.readyState== 4 && jsonFile.status == 200) {
document.getElementById("id-of-element").innerHTML = jsonFile.responseText;
}
}
I basically(almost literally) copied this code from http://www.w3schools.com/ajax/tryit.asp?filename=tryajax_get2 so credit to them for everything.
I dont have much knowledge of how this works but you don't have to know how your brakes work to use them ;)
Hope this helps!
It looks like XMLHttpRequest has been replaced by the Fetch API. Google published a good introduction that includes this example doing what you want:
fetch('./api/some.json')
.then(
function(response) {
if (response.status !== 200) {
console.log('Looks like there was a problem. Status Code: ' +
response.status);
return;
}
// Examine the text in the response
response.json().then(function(data) {
console.log(data);
});
}
)
.catch(function(err) {
console.log('Fetch Error :-S', err);
});
However, you probably want to call response.text() instead of response.json().
Just a small point, I see some of the answers using innerhtml. I have toyed with a similar idea but decided not too, In the latest version react version the same process is now called dangerouslyinnerhtml, as you are giving your client a way into your OS by presenting html in the app. This could lead to various attacks as well as SQL injection attempts
You need to check for status 0 (as when loading files locally with XMLHttpRequest, you don't get a status and if it is from web server it returns the status)
function readTextFile(file) {
var rawFile = new XMLHttpRequest();
rawFile.open("GET", file, false);
rawFile.onreadystatechange = function ()
{
if(rawFile.readyState === 4)
{
if(rawFile.status === 200 || rawFile.status == 0)
{
var allText = rawFile.responseText;
alert(allText);
}
}
}
rawFile.send(null);
}
For device file readuing use this:
readTextFile("file:///C:/your/path/to/file.txt");
For file reading from server use:
readTextFile("http://test/file.txt");
I really think your going about this in the wrong manner. Trying to download and parse a +3Mb text file is complete insanity. Why not parse the file on the server side, storing the results viva an ORM to a database(your choice, SQL is good but it also depends on the content key-value data works better on something like CouchDB) then use ajax to parse data on the client end.
Plus, an even better idea would to skip the text file entirely for even better performance if at all possible.

How to get timezone before postback

I am making a page that accepts post data from any number of pages that I cannot change, access, or in any way control.
I need, in one way or another, to get the timezone of the user. I know, ideally the posting page would do this, but I cannot access these pages.
I've read other answers on this site and come up with 2 almost, but not quite there solutions.
First, there is javascript. I can get the javascript function to return (or change a label to) the correct value, but the problem is I need this info before the postback. I've been trying to write the timezone name on another page and read that page, but I have no idea how to begin to do that? Any other workaround to use the javascript is welcome, or any way to force call this before Page_Load is called?
function getTimeZone()
{
var d = new Date()
var gmtHours = -d.getTimezoneOffset()/60;
var label = document.getElementById("<%=TZ.ClientID%>");
label.textContent = "GMT " + gmtHours;
}
The second solution is to read it from another page, and I am using this:
http://ipinfodb.com/ip_query.php?ip=192.36.167.120&timezone=true
(Completely random ip in there, btw)
So here is my function to get the info from that site:
public string GetTimezone(string ip)
{
string address = string.Format("http://ipinfodb.com/ip_query.php?ip={0}&timezone=true", ip);
string timezone = "";
try
{
XmlTextReader reader = new XmlTextReader(address);
HttpWebRequest wrq = (HttpWebRequest)WebRequest.Create(address);
wrq.Proxy.Credentials = CredentialCache.DefaultCredentials;
reader = new XmlTextReader(wrq.GetResponse().GetResponseStream());
string lastRead = "";
while (reader.Read())
{
if (reader.NodeType == XmlNodeType.Element)
{
lastRead = reader.Name;
}
if (reader.NodeType == XmlNodeType.Text)
{
if (string.Compare(lastRead, "TimezoneName", true) == 0)
{
timezone = reader.Value;
break;
}
}
}
}
catch
{
timezone = "";
}
return timezone;
}
Basically, this works in debug mode, but when it's live only an empty string is returned. I am baffled? Is there any better way to read data from a page? I am using Request.ServerVariables["REMOTE_ADDR"] to get the ip, and that seems to be correct, since it inserts the correct ip into the database I'm using.
Here is the call:
GetTimezone(Request.ServerVariables["REMOTE_ADDR"]);
You're getting an exception, probably because of a trust issue / firewall on the production server.
Get rid of the evil catch block so you can find out what the exception is.

Categories