|
|
|
Following screen shots shows the input and output of our application. providing
users credientials and clicking the "Get Address Page" will show the yahoo's
address page for the respective users. Source code available, you can dig it slowly.
Now Lets discuss what is the logic behind the scence applying, how to submit our
user id and passowrd, how to get the cookie and referer urls. Again how to get the
address page from the yahoo.. |
|
|
|
[1] Before start to analysis the site: Run the CCleaner to remove the Cookies &
Temporary files. |
|
|
[2] Run the Fiddler &[2] Run the Fiddler & Goto Rules menu > Check the
"Hide Image Requests". This step is not necessary, but making this will
show only the necessary requests and hide the image requests. |
|
|
[3] In firefox, browse the page: http://www.address.yahoo.com and then login. now
you can see the yahoo address-book page
|
|
|
|
[4] Now Fiddler filled with lot of Requests/Sessions. Select all the Requests >
right click and then choose the "Decode Selected Sessions". The sessions
are encoded by default.
|
|
|
[5] Based on the step [3], for writing programme, we can divide it into 3 step process.
Firstly, we should request the page: http://address.yahoo.com, where the LOGIN FORM
is available. Secondly, we should submit our login credentials to the page:https://login.yahoo.com/config/login?.
Thirdly, get the addressbook page on: http://address.yahoo.com/ . Now lets focus
on the fiddler. On the left side shows the multiple requests; on the "right
side upper part" shows the request details and " right side lower part"
shows the response details. We can select each request on left side and right side
choose "Session Inspector" tab -> then choose "Headers" tab
and the right side down part choose "Headers" to investigate more details.
Every response possibly may set some cookies, these cookies will be sent by the
browser automatically on next request based on the domain & path specified in
the cookie attributes. The following is a list of HTTP response status codes and
the short textual description can be return by the server for every request.
|
|
1xx |
Informational |
|
2xx |
Success (ex: if the response code is 200 means the page available and returned )
|
|
3xx |
Redirection (ex: if the response code is 302 means the request is redirected to
another page)
|
|
4xx
|
Client Error |
|
5xx |
Server Error |
|
|
Lets focus on (0)th request: Its response code is 302 means its redirected to another
address, specified at "Location" label below. Its redirected to (1)st
request, again it gets 302 response code, means redirected to (3)rd request address.
Just leave all the requests who have the lock icon
, it's for https protocol security/encryption purpose. (if you installed stumbleUpon
or any other addons, This will issue some requests; there is a possiblity that session
number may not be exactly correct. Either you may disable the addons or you can
find the right the session yourself) |
|
|
[6] On the (3)rd request, "webview" tab we can find the LOGIN FORM; "ScriptView"
tab we can find the HTML LOGIN FORM details. |
|
|
[7] Choose the (33) request and right side: choose "Session Inspector"
tab > "WebForms" tab. Here is the LOGIM FORM submitted.The following
image shows that the (33) request submit not only the users credentials also other
values.. so our programme also submit the the same "Name" and "Values"
to the particular address.
|
|
|
[8] The response of the (33) request is possibly setting few cookies. these cookies
are the actual keys to get the address-book page. i meant that, our programme should
capture these cookies and use of it in future requests.
|
|
|
[9] The request (37) is the actual result to get the address-book page, it carries
all the cookies set by the response(33)
|
|
|
|
