autofilling web form boxes

daven1986 · 1 Nov 2007 at 20:34

Hi guys,

I require users to log into a website so my program can interact with the site. Now my problem is that the site requires users to TYPE in their username and password - I can't just send a request to the server with them in the URL as parameters.

So my question is:

If given the username and password, is there any way that I can "type" them into the boxes on the website, press submit and then do what I need to? Obviously this needs to be done in software, preferably php.

Thanks

daven

Apopcalyptic · 4 Nov 2007 at 11:23

I just had a really really good reply, with example typed out, previewed it, and OcUK had logged me out. Basically you need to specify the form method as 'post', then handle the POSTDATA afterwards, preferably without ever referring to another page

I'm posting this as a placeholder, which I will update later when I've typed it all out again (likely to be this evening now I'm afraid)

/edit - I've reread the original post and I think I've got the wrong end of the stick. Is your application a web application, and if so what language is it in? Chances are you'll need to know the names of the fields that the website uses for user authentication, the name of the authentication script, and what GETDATA it needs passing to it. If you can get that information, it should be fairly simple

daven1986 · 4 Nov 2007 at 11:49

im using php, and it is a web application.

how would someone be able to find out the names of the fields it requires?

if it helps the site i need to log into is facebook.

i think you have the correct end of the stick - and i look forward to your original post.

thanks for the help

daven

Apopcalyptic · 4 Nov 2007 at 11:58

Right then, having had a quick look at facebook, when you try to login the authentication is done by www.facebook.com/login.php. Getting the names of the required fields should be as simple as checking the source on the front page.

It should then be as simple as the form using login.php as the 'action'. It will however automatically redirect you through to the facebook index page though.

The only problem you might have is if login.php checks the referrer and disallows logins from an external source. I believe that you CAN spoof a referral, but I'll be honest, I don't know how it's done, and suspect that it will contravene facebook's T's & C's.

RobH · 4 Nov 2007 at 13:27

I think facebook has the ability to handle a user login then redirect back to the application, at least this is my experiance with a desktop app written in Java.

daven1986 · 4 Nov 2007 at 18:10

well being redirected is fine. i just want to be able to use a session key without having to resort to an infinite session key.

i will investigate this further.

thanks for the help

RobH · 5 Nov 2007 at 01:28

Let us know how it goes and what you find out. I'm going to be working on a small facebook app written in PHP so I am interested in how the authentication works.

Goksly · 5 Nov 2007 at 11:47

I do this for my day job (filling in website boxes with user details). Get yourself a program like Proximitron; it will show you the fields you need to post including hidden values etc.

It should be just find the name of the values you are sending and jobs a gooden, but it might get more complicated if there are sessions and cookies which might force you to go to a page before the login page.

Should be easy though