开发者

Ruby Mechanize crashes during authentication redirection; sslv3 alert illegal parameter

开发者 https://www.devze.com 2023-01-24 23:02 出处:网络
My script attempts to log into a website via a form.After being redirected several times during authentication, it crashes with an sslv3 alert illegal parameter.I was wondering if something weird was

My script attempts to log into a website via a form. After being redirected several times during authentication, it crashes with an sslv3 alert illegal parameter. I was wondering if something weird was going on with the cookies so I checked the HTML headers with the DEBUG output. The two outputs are pasted below.

Some other weird things: the click_button and submit methods appear to do different things; namely, click_button gets the execution of the redirections to last a little longer, but it also crashes with the above error. submit doesn't crash the program, but the login doesn't appear to work either. I tried running it on an older version of Ruby and the error turns into a connection_refused error while using click_button and the behavior is identical while using submit.

Here are outputs I mentioned in the first paragraph in .txt, in case you find the text below difficult to read.

DEBUG OUTPUT when I run the script:

`I, [2010-11-15T17:52:20.462201 #22853]  INFO -- : follow redirect to: htps://xx2web1.apps.XXXXXXXXX.com/BANPROD1/xxauthent.ss_md5_login?timestamp_in=1289814682&uin_in=XXXXXXXXX&digest_in=be34b4b470a0da1831c7c432e353c320
/usr/lib/ruby/1.9.1/net/http.rb:677:in 'connect': SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert illegal parameter (OpenSSL::SSL::SSLError)
        from /usr/lib/ruby/1.9.1/net/http.rb:677:in 'connect'
        from /usr/lib/ruby/1.9.1/net/http.rb:637:in 'do_start'
        from /usr/lib/ruby/1.9.1/net/http.rb:632:in 'start'
        from /usr/lib/ruby/gems/1.9.1/gems/mechanize-1.0.0/lib/mechanize.rb:527:in 'fetch_page'
        from /usr/lib/ruby/gems/1.9.1/gems/mechanize-1.0.0/lib/mechanize.rb:611:in 'fetch_page'
        from /usr/lib/ruby/gems/1.9.1/gems/mechanize-1.0.0/lib/mechanize.rb:611:in 'fetch_page'
        from /usr/lib/ruby/gems/1.9.1/gems/mechanize-1.0.0/lib/mechanize.rb:464:in 'post_form'
        from /usr/lib/ruby/gems/1.9.1/gems/mechanize-1.0.0/lib/mechanize.rb:370:in 'submit'
        from /usr/lib/ruby/gems/1.9.1/gems/mechanize-1.0.0/lib/mechanize/form.rb:141:in 'submit'
        from /usr/lib/ruby/gems/1.9.1/gems/mechanize-1.0.0/lib/mechanize/form.rb:147:in 'click_button'
        from ./courseChecker.rb:33:in 'block in '
        from /usr/lib/ruby/gems/1.9.1/gems/mechanize-1.0.0/lib/mechanize.rb:262:in 'get'
        from ./courseChecker.rb:26:in ''`

HTML HEADERS TRACE from successful Firefox login:

`htps://xx2web1.apps.XXXXXXXXX.com/BANPROD1/xxauthent.ss_md5_login?timestamp_in=1289814134&uin_in=XXXXXXXXX&digest_in=d75483c390a2ab4ec0b939eaef7ecb1f`

`GET /BANPROD1/xxauthent.ss_md5_lo开发者_JAVA技巧gin?timestamp_in=1289814134&uin_in=XXXXXXXXX&digest_in=d75483c390a2ab4ec0b939eaef7ecb1f HTTP/1.1
Host: xx2web1.apps.XXXXXXXXX.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Firefox/3.6.12
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: htps://eas.admin.XXXXXXXXX.com/eas/servlet/EasLogin?redirect=htps://webprod.admin.XXXXXXXXX.com/ssa/servlet/SelfServiceLogin?appName=com.XXXXXXXXX.aits.SelfServiceLogin&dad=BANPROD1
Cookie: RedirectString=https://webprod.admin.XXXXXXXXX.com/ssa/servlet/SelfServiceLogin?appName=com.XXXXXXXXX.aits.SelfServiceLogin&dad=BANPROD1; EnterpriseSessionId=8cc56f29-28de-4a01-96b8-6f58c30d6b6e-155.69.191.54; TESTID=test`

`HTTP/1.1 200 OK
Date: Mon, 15 Nov 2010 09:42:03 GMT
Server: Oracle-Application-Server-10g/10.1.2.3.0 Oracle-HTTP-Server
Content-Length: 228
Set-Cookie: SESSID=RTlCTzQ4MTc5NDAzOQ==
Connection: close
Content-Type: text/html; charset=UTF-8`


Have you tried getting Mechanize to go via a proxy, for example Charles, and look into what its sending back and forth compared to Firefox?

It can be configured to look into https interactions.

Have fun, Chris

0

精彩评论

暂无评论...
验证码 换一张
取 消