Secure Sessions and HTTPS

jamesjyu has asked for the wisdom of the Perl Monks concerning the following question:

I want to be able to check a secure page that I login to to access some data. First off, the page is here: https://www.mbnanetaccess.com/NASApp/NetAccess/RegisteredAccountsDisplay?&ehn=670 The account login page is on the front page: http://www.mbna.com/ The login is done via POST. So this is what I've tried:

$url = "https://www.mbnanetaccess.com/NASApp/NetAccess/Login";

$browser = LWP::UserAgent->new();
$browser->timeout(10);

@fields = [username => 'myusername',
           password => 'mypassword'
           ];

my $response = $browser->post($url,@fields);

if ($response->is_error())
{
    printf "Error!";
    printf "%s\n", $response->status_line;
}
$contents = $response->content();
print $contents;
[download]

But this returns nothing in the contents (but it does not error, which leads me to believe that it logged in correctly). When I login with my real browser, the POST redirects me to a new page at https://www.mbnanetaccess.com/NASApp/NetAccess/RegisteredAccountsDisplay?&ehn=670 which is where I want to extract some information. However, I'm unsure about how this redirect is passed down to the browser. Also, there must some sort of secure session state that is carried along, but again, I'm not sure where it is. Is there some tool that will allow me to see the primitive GETS, POSTS, session states etc. when I login with my real browser? So that I can mimic this with perl? Anyone have other suggestions?

Comment on Secure Sessions and HTTPS Download Code

Replies are listed 'Best First'.
Re: Secure Sessions and HTTPS by Codon (Friar) on Dec 13, 2005 at 21:53 UTC
Mozilla (and Firefox) has a Developer tool that lets you see live HTTP headers. That may help you, but it may not. Take a look at the source of the page. You are on a non-secured page, POSTing data to a secured page. (I always hate this set-up, but not enough people seem to care about the security threat here.) It's very likely that there is actually JavaScript on the page with an onSubmit() or onClick() action that does the actual form POST. Hope you are successful. Ivan Heffner Sr. Software Engineer, DAS Lead WhitePages.com, Inc.	[reply]
Re^2: Secure Sessions and HTTPS by jamesjyu (Acolyte) on Dec 13, 2005 at 22:21 UTC
Nope, no javascript, the code for the posting is simply this: `<form action="https://www.mbnanetaccess.com/NASApp/NetAccess/Login" me +thod="post"> <strong>Login Name:</strong><br /> <input type="text" name="username" value="" maxlength="32" id="usernam +e" class="da"/><br /> <strong>Password:</strong><br /> <input type="password" name="password" value="" maxlength="32" class=" +da" /><br /> <input type="image" src="images/login.gif" class="login" name="submit" + /> </form>` [download]	[reply] [d/l]
Re: Secure Sessions and HTTPS by Anonymous Monk on Dec 13, 2005 at 22:38 UTC
If you're trying to emulate the behavior of a web browser (cookies, redirects, etc), instead of trying grab a specific resource with LWP, you should try using WWW::Mechanize.	[reply]