[ale] OT: perl https download script?

Mike Harrison meuon at geeklabs.com
Wed Jul 25 20:35:08 EDT 2007


> Seems to be more complex.  Web form handles the login, not a pop up.

actually, it's usally simpler but most web programmers don't understand 
"simple auth" or have the tools to use it. 

Instead, they are faking a real login/auth and are probably using 
cookies and/or a session ID that get set. Actually usually much simpler 
and easier to fake auth, 

and often, you can fake up the cookies (even with wget) 
if they are something you can just copy, or replicate the calculated 
values. if you are using Firefox, the Web Developer Toolbar 
is useful for examining and setting cookies once logged in. 

For example, a competitors of one my my projects can be bypassed by 
setting two session cookies

  login=dave     (or any valid user)
  auth=passed








More information about the Ale mailing list