LWP and getting secured documents

[justme]

hi
i need to connect to a secured server to get a security log file. This
log file
can only be accessed using the software client (GUI) that comes with
the distribution CD. And everytime i used the software to get the
file, it requires me to use a username and password. After that, the
first page is http://securedserver:1010/logs/. So i gathered a little
code in perl to do that automatically. It seems that the software does
not allow ppl to use scripts to get its files, not even ftp or SSH.
Any other suggestions?
thanks

use LWP::UserAgent;
use HTTP::Request::Common qw(POST GET);
use HTTP::Headers;
use LWP:ebug;
$PROXY_URL = 'http://securedserver:1010/';
$TARGET_URL = 'http://securedserver:1010/logs/log.txt'; #the file i
want to get
$PROXYUSER = 'admin';
$PROXYPASS = 'password';
LWP:ebug::level('+') ;
$ua = LWP::UserAgent->new();
$req = HTTP::Request->new(GET => $PROXY_URL);
$req->proxy_authorization_basic($PROXYUSER, $PROXYPASS);
$res = $ua->request($req);
if ($res->is_success) {
print($res->content);
}
else {
print("Something wrong!\n");
}

....
.....



the output is:

LWP::UserAgent::new: ()
LWP::UserAgent::request: ()
LWP::UserAgent::send_request: GET http://securedserver:1010/
LWP::UserAgent::_need_proxy: Not proxied
LWP:rotocol::http::request: ()
LWP:rotocol::collect: read 350 bytes
LWP::UserAgent::request: Simple response: OK
<html>
<!-- <h1> Server </h1> -->
<HEAD><TITLE>Some company Co.</TITLE></HEAD>
<BODY>
<CENTER><IMG SRC = "sample.gif"></CENTER>
<P ALIGN=CENTER><I><B>
This server cannot be configured via a web browser.<br>
Use the software that is included on the distribution CD instead.
</B></I></P>
</BODY>

</html>

 

[Mark Clements]

hi
i need to connect to a secured server to get a security log file. This
log file
can only be accessed using the software client (GUI) that comes with
the distribution CD. And everytime i used the software to get the
file, it requires me to use a username and password. After that, the
first page is http://securedserver:1010/logs/. So i gathered a little
code in perl to do that automatically. It seems that the software does
not allow ppl to use scripts to get its files, not even ftp or SSH.
Any other suggestions?
thanks

This server cannot be configured via a web browser.<br>
Use the software that is included on the distribution CD instead.

I take it pretty much the same thing happens if you point a browser at
it directly. The server software will probably be looking for a certain
User-agent string and the presence of various headers, some of which may
be cryptographically generated and so difficult to mock-up. What you
could try doing is setting up a proxy between the GUI and your server so
that you can see exactly what is sent backwards and forwards between
client and server. You *may* then be able to replicate this using LWP.

Try HTTP:roxy (note I have never used this myself).

Mark

 

[Tad McClellan]

i need to connect to a secured server to get a security log file. This
log file
can only be accessed using the software client (GUI) that comes with
the distribution CD. And everytime i used the software to get the
file, it requires me to use a username and password.

Sounds sensible.

After that, the
first page is http://securedserver:1010/logs/.

How did you determine that?

"securedserver" does not look like a good domain to me. Is the SW
mucking about with your local DNS?

So i gathered a little
code in perl to do that automatically.

You want to embed security-related passwords in a clear text file?

Gulp.

It seems that the software does
not allow ppl to use scripts to get its files, not even ftp or SSH.

Security programs should make it hard to get log files, the bad
guys will try to get them.

Any other suggestions?

Ask the vendor how to accomplish what you want.

Can you configure a proxy for the supplied SW?

If so, try hooking it up to wsp.pl (Web Scraping Proxy) to log
what traffic the SW generates.

the output is:

[snip output]


Looks like your DNS _does_ know how to resolve "http://securedserver",
else you wouldn't have gotten that output.