Chris001
Apr 17th, 2010, 02:14 PM
Hi, I'm using Winsock (VB6) to download the source code from a webpage.
Some pages can only be accessed when the user has an account and is logged in to verify their age. The account information is stored in a cookie.
This the header I send to the server.
GET /page.html HTTP/1.1
Host: www.host.com
Accept: */*
Referer: www.host.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)
Connection: close
This is the header I get back
HTTP/1.1 303 See Other
Date: Sat, 17 Apr 2010 18:49:54 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.host.com
Set-Cookie: VISITOR_INFO1_LIVE=mMhJItaLIl8; path=/; domain=.host.com; expires=Mon, 13-Dec-2010 18:49:54 GMT
Set-Cookie: PREF=f1=50000000; path=/; domain=.host.com; expires=Tue, 14-Apr-2020 18:49:54 GMT
Set-Cookie: GEO=e15a8e19d6e70b7cfc51a332134b86d2cwsAAAAzTkxe1mwgS8oC0g==; path=/; domain=.host.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Content-Length: 0
X-Host-MID: nLThsU052OXJEdFhJTEJyMWF3bFZpMjRhdjRldFdaZXhoaFVJX1ItazZiSFgwN2V6RGl6YWlR
Cache-Control: no-cache
Location: http://www.host.com/verify_age?next_url=/page.html
Content-Type: text/html; charset=utf-8
Connection: close
Then I extract the cookies from the header and try to get the page again, but the server keeps sending the "HTTP/1.1 303 See Other" header.
GET /page.html HTTP/1.1
Host: www.host.com
Accept: */*
Referer: www.host.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)
Connection: close
Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; VISITOR_INFO1_LIVE=mMhJItaLIl8; PREF=f1=50000000; GEO=e15a8e19d6e70b7cfc51a332134b86d2cwsAAAAzTkxe1mwgS8oC0g==
My browser already knows that there's a cookie and puts it in the header when requesting the page for the first time.
== Browser ==
GET /page.html HTTP/1.1
Accept: */*
Referer: http://www.host.com
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Maxthon; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: www.host.com
Connection: Keep-Alive
Cookie: VISITOR_INFO1_LIVE=UGGw50proj0; PREF=f1=50000000; use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; GEO=fa9cbc48093a39a358f2b0eabd133b10cwsAAAAzTkxe1mwgS8nu5g==; watched_id_list=1d87228472df8b40d81e202a6596a085WwEAAABzCwAAAEVWQnN5cEh6RjNV
== Host ==
HTTP/1.1 200 OK
Date: Sat, 17 Apr 2010 18:51:58 GMT
Server: Apache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Expires: Tue, 27 Apr 1971 19:44:06 EST
X-Host-MID: nLThsU052OXJEdFgzTEtDQVhLLVJkbERmcGlOQ3hEcXVKVjcxSXgzal9TbkRrWFFYR3RlM2Jn
Cache-Control: no-cache
Content-Length: 20577
Content-Type: text/html; charset=utf-8
How does the browser already know about that cookie and how do I get it, so the server accepts me as a logged-in user?
Some pages can only be accessed when the user has an account and is logged in to verify their age. The account information is stored in a cookie.
This the header I send to the server.
GET /page.html HTTP/1.1
Host: www.host.com
Accept: */*
Referer: www.host.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)
Connection: close
This is the header I get back
HTTP/1.1 303 See Other
Date: Sat, 17 Apr 2010 18:49:54 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.host.com
Set-Cookie: VISITOR_INFO1_LIVE=mMhJItaLIl8; path=/; domain=.host.com; expires=Mon, 13-Dec-2010 18:49:54 GMT
Set-Cookie: PREF=f1=50000000; path=/; domain=.host.com; expires=Tue, 14-Apr-2020 18:49:54 GMT
Set-Cookie: GEO=e15a8e19d6e70b7cfc51a332134b86d2cwsAAAAzTkxe1mwgS8oC0g==; path=/; domain=.host.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Content-Length: 0
X-Host-MID: nLThsU052OXJEdFhJTEJyMWF3bFZpMjRhdjRldFdaZXhoaFVJX1ItazZiSFgwN2V6RGl6YWlR
Cache-Control: no-cache
Location: http://www.host.com/verify_age?next_url=/page.html
Content-Type: text/html; charset=utf-8
Connection: close
Then I extract the cookies from the header and try to get the page again, but the server keeps sending the "HTTP/1.1 303 See Other" header.
GET /page.html HTTP/1.1
Host: www.host.com
Accept: */*
Referer: www.host.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)
Connection: close
Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; VISITOR_INFO1_LIVE=mMhJItaLIl8; PREF=f1=50000000; GEO=e15a8e19d6e70b7cfc51a332134b86d2cwsAAAAzTkxe1mwgS8oC0g==
My browser already knows that there's a cookie and puts it in the header when requesting the page for the first time.
== Browser ==
GET /page.html HTTP/1.1
Accept: */*
Referer: http://www.host.com
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Maxthon; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: www.host.com
Connection: Keep-Alive
Cookie: VISITOR_INFO1_LIVE=UGGw50proj0; PREF=f1=50000000; use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; GEO=fa9cbc48093a39a358f2b0eabd133b10cwsAAAAzTkxe1mwgS8nu5g==; watched_id_list=1d87228472df8b40d81e202a6596a085WwEAAABzCwAAAEVWQnN5cEh6RjNV
== Host ==
HTTP/1.1 200 OK
Date: Sat, 17 Apr 2010 18:51:58 GMT
Server: Apache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Expires: Tue, 27 Apr 1971 19:44:06 EST
X-Host-MID: nLThsU052OXJEdFgzTEtDQVhLLVJkbERmcGlOQ3hEcXVKVjcxSXgzal9TbkRrWFFYR3RlM2Jn
Cache-Control: no-cache
Content-Length: 20577
Content-Type: text/html; charset=utf-8
How does the browser already know about that cookie and how do I get it, so the server accepts me as a logged-in user?