How to get past the login page with wget?

login passwords download wget

You're making several mistakes by not doing what your browser would do:

  • You need to send the POST request with login credentials to the form action, i.e. https://github.com/session.
  • You need to provide all form parameters, including the percent-encoded hidden form parameter authenticity_token.
  • You need to provide the session cookies set by /login.

The only thing not required I'd have expected is setting the referer.

What you need to do:

$ wget --keep-session-cookies --save-cookies cookies.txt -O login.rsp https://github.com/login
$ grep authenticity_token login.rsp

This will request the login page, store the session, and print the CSRF token hidden form value (plus some surrounding HTML).

Now login after percent-encoding all parameters, especially the value of the hidden form parameter authenticity_token which often contains punctuation:

 $ wget --load-cookies cookies.txt --keep-session-cookies --save-cookies cookies.txt --post-data='login=USERNAME&password=PASSWORD&authenticity_token=TOKEN_VALUE_PRINTED_BY_GREP_THEN_PERCENT_ENCODED' https://github.com/session

You'll get bounced around a bit, and will end up on https://github.com, just like when logging in in the browser.

Related

Trying to install Windows 7 on Samsung 530u3c. Laptop won't boot
Why does a computer using VPN still show the same IP?
Moving the dropbox folder
What SSID does a repeater needs?
FreeBSD vs Linux from an administration standpoint
Pin RDP Icon to start menu Windows 8
Re-RIP a DVD to extract AVI, MP3 and SRT files
How do I log outgoing TCP connections from my computer?
Create a .png with zopfli
How do I configure sar to collect disk information (ala -d)?
Are IceWeasel / IceCat just re-brandings, or are they actually different from Firefox / Thunderbird?
Is there a way to view a list of comments in Microsoft Word 2007?