Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Locked thread
Captain Riggs
Nov 15, 2003

I'll draw his fire and you run for cover!

There is a website I need to use for work, it is an MS sharepoint site. When accessing this site from a browser, I first get redirected to an RSA login page where I have to input my username, PIN, and RSA token code and then I get redirected to the real sharepoint site. After logging in to the RSA redirect page, I can browse the sharepoint site normally until such time as it decides that a time limit has expired or the broswer "session" has been lost/cleared (I checked and it appears to be using a browser cookie that expires at the end of the browsing session) and then I have to re-enter my credentials.

Anyways the problem is that I want to use some software that can sync with a sharepoint site but if I just put the site URL into the software it doesn't understand how to deal with the RSA credential page that appears first (it doesn't prompt for my credentials, it just errors).
So I was thinking that there could be some way to have a program/script connect to the site that understands how to prompt for my credentials (or just display the webpage so I could type them in) and then keep that same session/connection alive and act as a kind of proxy server for the other syncing application.

Does anything like this exist? Or would this be hard to make in python or something? Or at the very least does anyone know what words I should google for to get information on how to solve this problem because I am having trouble finding anything because I don't really know what to search for.

The site uses SSL, if this matters.

Captain Riggs fucked around with this message at Jun 17, 2014 around 22:46

Adbot
ADBOT LOVES YOU

minato
Jun 7, 2004

cutty cain't hang, say 7-up.

Taco Defender

If you use curl with the cookiejar option enabled, it can store the session cookies for you. You'd need to write a simple script (like in python or ruby, or even a batch file since this is so simple) to use it. Something like

1) Use curl to attempt to retrieve the sharepoint URL. Enable the cookiejar option, and the option to follow redirects. This should return you the RSA login page.

curl --cookie-jar mycookies --location https://mysharepoint.site.com/


2) Submit a POST request via curl to the RSA login page with your credentials, emulating you POSTing the webform. Use the same cookiejar, and follow redirects again. This should return you to the sharepoint site.

curl --cookie-jar mycookies --location -F username=myloginname -F password=mypassword https://rsa.login.com/


3) By now all the appropriate cookies should be set up in the cookie jar. Use curl to get the URL you want from the sharepoint site.

curl --cookie-jar mycookies --location https://mysharepoint.site.com/actualurl/I/want


Some website scraper tools may be able to do this for you, but the above is pretty simple and should work.

peak debt
Mar 10, 2001
b& :(

Nap Ghost

Powershell can do that too with Invoke-Webrequest http://technet.microsoft.com/en-us/...y/hh849901.aspx

The general procedure is that you launch Fiddler in the background, do a manual login, then check the Fiddler capture for the important GET and POST requests.
You can then duplicate them with the web requests, using the -SessionVariable argument to remember the cookies.

Edit: As an example this is a script I use to check our 20+ scanners for deleted user accounts:

code:
<#
 # Logs on to the web interface of a Canon 2525 copier, gets the list of users configured
 # for scanning and checks whether their AD accounts still exist
 #>
 
$ip = "10.0.0.0"

# Log on to the web interface as administrator
$login = Invoke-WebRequest "http://$ip/_top.html" -SessionVariable copier
$login.Forms[0].Fields.user_name = "1"
$login.Forms[0].Fields.pwd = "2"
$login.Forms[0].Fields.login_mode = "admin"
$login.Forms[0].Fields.lang = "0"
Invoke-WebRequest "http://$ip/login.cgi" -WebSession $copier -Method Post -Body $login > $null

# Copy the cookies to the root path to make the login work properly
$copier.Cookies.Add("http://$ip/", $copier.Cookies.GetCookies("http://$ip/login.cgi"))

# Enter the address book password
Invoke-WebRequest "http://$ip/_adrs_book.html" -WebSession $copier -Method Post -Body @{LOCK_PWD='3'} > $null

$done = $false
# Iterate through the address book pages
for ($i=1; -not $done; $i += 12) {
    $mainPage = Invoke-WebRequest "http://$ip/adrs_low.html" -Method Post -Body @{DN="$i"} -WebSession $copier

    # Parse for the email address with a regexp
    $emails = $mainPage.RawContent | Select-String -Pattern "E-mail\<\/td\>\<td\>(.*@.*\...)\<\/td\>" -AllMatches
    if ($emails.Matches.length -ne 0) {
        $emails.Matches | % {
            $email = $_.Groups[1].Value

            # Search for the user in AD by primary email address
            $user = Get-ADUser -Filter {mail -eq $email}
            if ($user -eq $null) {
                # If the user doesn't exist, print a warning in red color
                Write-Host "$email" -ForegroundColor red
            }
            $user.Name
        }
    } else {
        # If we just parsed a page without a single configured account, assume that we are done
        $done = $true
    }
}

peak debt fucked around with this message at Jun 13, 2014 around 09:01

Captain Riggs
Nov 15, 2003

I'll draw his fire and you run for cover!

Thanks for the info. I was not aware of either of those methods before.

I actually solved my problem by using some code in Fiddler's CustomRules.js to capture the cookie from a browser login to the site and reuse the cookie in any other app that made a request to the site.

Both of your suggestions solve the problem of capturing the cookie and including it in another request in a script but what about inserting it into a request from another application? For example I am using microsoft onenote and colligo briefcase (http://www.colligo.com/products/sha...ligo-briefcase/) to connect to the sharepoint site. I could not figure out any way other than fiddler acting as a proxy to insert the cookie into the requests from these applications.

Do you know of any way to solve that problem? Since the sharepoint site uses SSL I think pretty much the only way to do it would be to use your own root certificate and basically do a main-in-the-middle type attack (which is what the fiddler proxy does)...

Fiddler does work but It seems to slow things down a bit since it is doing so many other things.

  • Locked thread