Posted by shimmyshack on 05/15/07 17:16

On May 15, 6:01 pm, JDS <jeff...@invalid.address> wrote:
> So, I'd like to create the following scenario:
>
> 1) Use cURL library within PHP (cURL + "Cookie Jar", et.al) to create a
> virtual browser session that "logs in" to a remote site. (For example:
>
> here:http://curl.haxx.se/libcurl/php/examples/cookiejar.html
>
> and here:http://curl.haxx.se/libcurl/php/examples/ebay_login.html
>
> 2) Save the login credentials -- cookies, session vars, whatever -- and
> pass that to the web browser so that now the web browser is logged in.
>
> Is that possible?
>
> How can one take the values in the cookie jar and create the same cookies
> in the browser session?
>
> etc.
>
> Thanks!
>
> --
> JDS

in the traditional model of client<->server1.com<->server2.com the
credentials (if stored as cookies) will only be valid for domain
server1.com, so you cannot hand off the credentials to the client

however if you use some client side scripting to map only part of
server2.com's domain space to server1.com the rest making a straight
through connection to server2.com then it is possible under certain
circumstances. (those being that server2.com uses the session id as an
authentication token)

For instance: foxy proxy within firefox, which proxies a request for a
URL matching server2.com/login.php via a machine on which server1.com
runs AND vhost server2.com, and which has a DNS/host entry for
server2.com pointing to itself. This machine makes a cURL requests
logging on to server2.com using its real IP address. It returns the
credentials to the client back though the proxy, meanwhile all the
images and so forth have been downloaded from the server2.com to the
client unproxied. The cookie would then appear to have been sent by a
header from the correct host and now you can continue using
server2.com from the client and the client will send the correct
cookie.

I have tested this and use it routinely to overcome same domain
restrictions in order to inject code into the webpages I view to make
the user experience better for me, removing adverts or simply
returning a larger dataset, etc... for fun rather than for profit.

There are of course situations in which this technique would not work,
but give it a go.

• Next in forum: una quert mysql
• Prev in forum: Is this possible? Login to remote site using cURL, then pass credentials to browser.
• Thread view: Re: Is this possible? Login to remote site using cURL, then pass credentials to browser.

[Reply to this message]