讨论 » 开发

GM_xmlhttpRequest authentication cookie? example

§
发表于:2015-06-06
编辑于:2015-06-09

GM_xmlhttpRequest authentication cookie? example

Hi everybody,

Does anyone have a GM_xmlhttpRequest example where you POST your username and password and get a response that indicates you have logged in, and then do a GET on that site with that authenticated session?

Until now I can login, but no additional get can be done. It always indicates that I do a new session, that needs to authenticated.

I tried to do just a second GM_xmlhttpRequest, I tried to indicate the sid session id, and I tried to put the received header into the second request.

In all three case the second request returns the page that I should log in again.

Hopefully someone has an example. :-) Surely some has the 'been there, done that' feeling :-)


So I inject my code in the page of site X and try get info from site Y. These site have no relation.

Also I don't display the pages I get via the GM_xmlhttpRequest, just push it into a textarea for now.
I just want to parse some info out of there.

Cheers,

Michel


Get Forum entry


function gm_http() {
	
	var sid = '';
	var post_content = '';
	console.log('#=#=# phpbb1 clicked ');
	GM_xmlhttpRequest({
		method: "POST",
		user: 'user.name', password: 'QAZwsx123',
		data: 'mode=login&username=user.name&password=QAZwsx123',
		url: 'http://phpbb/phpbb3_1/ucp.php',
		headers: {
			"Content-Type": "application/x-www-form-urlencoded"
		},
		onerror: function(response) {
			console.log('#=#=# post error response ....', response.readyState, response.status, response.statusText);
		},
		onload: function(response) {
			console.log('#=#=# post response ....', response.readyState, response.status, response.statusText);
			post_content = response.responseHeaders;
			var u = post_content.indexOf('sid=') + 4 ;
			var sid = post_content.substr(u,32 );
			$('#phpbbarea1').val(post_content + '\nsid=' + sid);
			console.log('#=#=# continue with get ....' );
			GM_xmlhttpRequest({
				method: "GET",
				url: 'http://phpbb/phpbb3_1/viewtopic.php?f=428&t=927&sid=' + sid,
				headers:  post_content ,
				onprogress: function(response) {
					console.log('#=#=# get onprogress response ....', response.readyState, response.readyState, response.status, response.statusText);
				},
				ontimeout: function(response) {
					console.log('#=#=# get ontimeout response ....', response.readyState, response.readyState, response.status, response.statusText);
				},
				onerror: function(response) {
					console.log('#=#=# get onerror response ....', response.readyState, response.readyState, response.status, response.statusText);
				},
				onload: function(response) {
					console.log('#=#=# get response ....', response.readyState, response.status, response.statusText);
					$('#phpbbarea2').val(response.responseHeaders + '\n\n\n\n' +  response.responseText);
				}	
			});
		}	
	});
}	

§
发表于:2015-06-07

Thanks trespassersW,

This will log me in, but I have already done that.
Now I want to re-use that session to get a second page.

§
发表于:2015-06-09

First, check for a timing issue. Since the POST likely needs to complete before the GET is sent, you could add it as an additional function in your callback.

Second, if you use Firefox's Web Console or Network Monitor, can you see whether Firefox is sending the same cookies with the GET that it would in interactive use?

§
发表于:2015-06-09

Very true.
Probably should call the second xmlhttpRequest from the onload: function of the first.

§
发表于:2015-06-09
编辑于:2015-06-09

Changed my code a bit to make sure the post is finished before I try the get.

The second GM_xmlhttpRequest now never happens. No fault or error is visible. Must be overlooking something,...

08:47:01.273 "#=#=# phpbb1 clicked " 
08:47:01.998 "#=#=# post response ...." 4 200 "OK" 
08:47:02.000 "#=#=# continue with get ...." 

None of the GM_xmlhttpRequests (including the post that does work) make any activity under Network monitor.

It seems you can't have a GM_xmlhttpRequests inside a GM_xmlhttpRequests.

§
发表于:2015-06-09

You can use Fiddler to watch your request and response traffic. It works well for HTTP requests, not so well for HTTPS.

http://www.telerik.com/fiddler

§
发表于:2015-06-10

It seems you can't have a GM_xmlhttpRequests inside a GM_xmlhttpRequests.
That's right. You need to use setTimeout() or window.postMessage() to get around this limitation; (see http://dbaron.org/log/20100309-faster-timeouts.)

发表回复

登录以发表回复。