使用导出的cookie来保护受保护的内容

1

我从Firefox导出了一对对有问题的URL有效的cookie,并试图从该地址访问/下载受保护的内容,但最终结果是返回到登录页面。我尝试过为其他3个网站做同样的事情。关于我可能做错什么的任何线索?

我正在使用的语法: wget --load--cookies=FILE URL

-----------------------------------------------
DEBUG output created by Wget 1.12 on linux-gnu.


Stored cookie www.x.org -1 (ANY) / <permanent> <insecure> [expiry 1901-12-13 22:25:44] c_secure_login lz8xZQ%3D%3D

Stored cookie www.x.org -1 (ANY) / <permanent> <insecure> [expiry 1901-12-13 22:25:44] c_secure_pass 
2fd4e1c67a2d28fced849ee1bb76e74a

Stored cookie www.x.org -1 (ANY) / <permanent> <insecure> [expiry 1901-12-13 22:25:44] c_secure_uid GZX4TDA%3D
--2011-01-14 13:57:02--  www.x.org/download.php?id=397003
Resolving www.x.org... 1.1.1.1
Caching www.x.org => 1.1.1.1
Connecting to www.x.org|1.1.1.1|:80... connected.
Created socket 5.
Releasing 0x0943ef20 (new refcount 1).

---request begin---
GET /download.php?id=397003 HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: www.x.org
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 302 Found
Date: Fri, 14 Jan 2011 11:26:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny8
Set-Cookie: PHPSESSID=5f2fd97103f8988554394f23c5897765; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: www.x.org/login.php?returnto=download.php%3Fid%3D397003
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

---response end---
302 Found

Stored cookie www.x.org -1 (ANY) / <session> <insecure> [expiry none] PHPSESSID 5f2fd97103f8988554394f23c5897765
Registered socket 5 for persistent reuse.
Location: www.x.org/login.php?returnto=download.php%3Fid%3D397003 [following]
Skipping 0 bytes of body: [] done.
--2011-01-14 13:57:02--  www.x.org/login.php?returnto=download.php%3Fid%3D397003
Reusing existing connection to www.x.org:80.
Reusing fd 5.

---request begin---
GET /login.php?returnto=download.php%3Fid%3D397003 HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: www.x.org
Connection: Keep-Alive
Cookie: PHPSESSID=5f2fd97103f8988554394f23c5897765

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 200 OK
Date: Fri, 14 Jan 2011 11:26:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 2171
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html

---response end---
200 OK
Length: 2171 (2.1K) [text/html]
Saving to: `x.out'

     0K ..                                                    100% 18.7M=0s

2011-01-14 13:57:02 (18.7 MB/s) - `x.out' saved [2171/2171]
wget  cookies 
XXL
source
请记住,wget不再是网站报废的银弹。它无法处理JavaScript。
AnonymousLurker

Answers:

1

好吧,我已经弄明白了,最后:)

看起来 - '传递'cookie是用IP地址的盐生成的:最初,我已经从Windows操作系统导出了cookie,并且已经从不同的IP中获取了。

最后,在经过大量的反复试验后,我一直在浏览有问题的网站,并在成功登录后查看了cookie - 'pass'cookie确实与众不同!

XXL
source
一个小小的音符(以前对我来说并不明显,但是被另一个人建议):IP不会在数据库中保持现场以匹配(如我所想),显然以下是哈希 - uid +存储passwd hash + ip salt并制作成
XXL
0

您是否尝试在浏览器的“cookie管理器”中查看cookie?

尝试复制cookie并使用:wget --no-cookies --header“Cookie:name = value”

斯坦利威廉姆斯
source
是的,我试过这样做 - 遗憾的是,结果相同。
XXL
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.