我正在尝试模拟人类对受 SSO 保护的某个 Oracle Fusion 应用程序的日志记录。
所以我的第一直觉是做一些表单抓取来实现这一点,保存cookie然后发送它们,但是,我似乎在途中的某个地方被拒绝了。
我对如何使用篡改数据完成登录过程进行了一些分析,到目前为止,我认为一切顺利(我正在发送所有正确的 cookie 和大多数标题)所以我不知道我是什么米失踪。
请指教
这是我的代码:
//first I do a request to my report on OBIEE
java.net.URL u = new URL(null, "https://happyhost.domain/analytics/saw.dll?Go&Path=OpportunitiesReport&format=XML&jsonDataFormat=rowset&ViewName=tableView!1&rowsPerPage=9999999999&SyncOperation=1",new sun.net.www.protocol.https.Handler());
URLConnection uc = u.openConnection();
HttpsURLConnection connection = (HttpsURLConnection)uc;
connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0");
connection.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
connection.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
connection.setRequestProperty("Accept-Decoding", "gzip, deflate");
//read the response
BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
//save the cookies to a HashMap (that's what the HttpCookies class is)
String headerName=null;
for (int i=1; (headerName = uc.getHeaderFieldKey(i))!=null; i++) {
if (headerName.equals("Set-Cookie")) {
HttpCookies.addCookieFromHeader(uc.getHeaderField(i));
}
System.out.println(headerName +": "+uc.getHeaderField(i)+"\n");
}
System.out.println("Sending the following cookies: "+HttpCookies.getCookiesString());
result = result + "Sending the following cookies: "+HttpCookies.getCookiesString()+"\n";
String fetchedContent = "";
String inputLine;
while ((inputLine = in.readLine()) != null) {
fetchedContent = fetchedContent + inputLine;
}
System.out.println(fetchedContent);
result = result + "we downloaded"+ fetchedContent + "\n";
in.close();
String txt = fetchedContent;
HashMap<String,String> parametersMap = new HashMap<String,String>();
String re1="(<)"; // Any Single Character 1
String re2="(input)"; // Word 1
String re3="(.*?)"; // Non-greedy match on filler
String re11="(>)"; // Any Single Character 4
Pattern p = Pattern.compile(re1+re2+re3+re11,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
Matcher m = p.matcher(txt);
String parameters = "";
while (m.find())
{
String c1=m.group(3);
String re4="(name)"; // Word 3
String re5="(=)"; // Any Single Character 3
String re6="([\"']?([^'\" ]+)[\"']?)"; // Double Quote String 2
Pattern p3 = Pattern.compile(re4+re5+re6,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
Matcher m3 = p3.matcher(c1);
String name = "";
if(m3.find())
{
name = m3.group(3).replaceAll("\"", "");
}
String re8="(VALUE)"; // Word 3
String re9="(=)"; // Any Single Character 3
String re10="([\"']?([^'\" ]+)[\"']?)"; // Double Quote String 2
Pattern p2 = Pattern.compile(re8+re9+re10,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
Matcher m2 = p2.matcher(c1);
String value;
if(m2.find())
{
value = m2.group(3).replaceAll("\"", "");
parametersMap.put(name,value);
if(name.equals("request_id")) {
String[] bits = value.split(";");
parametersMap.put(name,bits[bits.length-1]);
}
}
}
for(String key : parametersMap.keySet())
{
parameters = parameters + key+"="+parametersMap.get(key)+"&";
}
System.out.println("we are at "+uc.getURL());
result = result + "we are at "+uc.getURL() + "\n";
txt= uc.getURL().toString();
re1="(https)"; // Word 1
re2="(:)"; // Any Single Character 1
re3="(\\/)"; // Any Single Character 2
String re4="(\\/)"; // Any Single Character 3
String re5="((?:[a-z][a-z\\.\\d\\-]+)\\.(?:[a-z][a-z\\-]+))(?![\\w\\.])"; // Fully Qualified Domain Name 1
String re6="(:)"; // Any Single Character 4
String re7="(\\d+)"; // Integer Number 1
String re8="(\\/)"; // Any Single Character 5
String re9=".*?"; // Non-greedy match on filler
String re10="(b)"; // Any Single Character 6
p = Pattern.compile(re1+re2+re3+re4+re5+re6+re7+re8+re9+re10,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
m = p.matcher(txt);
String authServer = "";
if (m.find())
{
String word1=m.group(1);
String c1=m.group(2);
String c2=m.group(3);
String c3=m.group(4);
String fqdn1=m.group(5);
String c4=m.group(6);
String int1=m.group(7);
String c5=m.group(8);
String c6=m.group(9);
System.out.print("matched redirect "+word1.toString()+c1.toString()+c2.toString()+c3.toString()+fqdn1.toString()+c4.toString()+int1.toString());
authServer = word1.toString()+c1.toString()+c2.toString()+c3.toString()+fqdn1.toString();
}
parameters = parameters + "&userid="+username+"&password="+password;
System.out.println("\n\nSending paramenters:" + parameters+"\n\n");
System.out.println("\nSending to:" + authServer+"/oam/server/auth_cred_submit");
u = new URL(null, authServer+"/oam/server/auth_cred_submit",new sun.net.www.protocol.https.Handler());
uc = u.openConnection();
connection = (HttpsURLConnection)uc;
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setInstanceFollowRedirects(true);
connection.setRequestProperty("Cookie", HttpCookies.getCookiesString());
connection.setRequestMethod("POST");
//connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
//connection.setRequestProperty("charset", "utf-8");
connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0");
//connection.setRequestProperty("Content-Length", "" + Integer.toString(parameters.getBytes().length));
connection.setUseCaches (false);
DataOutputStream wr = new DataOutputStream(connection.getOutputStream ());
wr.writeBytes(parameters);
wr.flush();
wr.close();
connection.disconnect();
in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
headerName=null;
for (int i=1; (headerName = uc.getHeaderFieldKey(i))!=null; i++) {
if (headerName.equals("Set-Cookie")) {
HttpCookies.addCookieFromHeader(uc.getHeaderField(i));
}
}
fetchedContent = "";
while ((inputLine = in.readLine()) != null) {
fetchedContent = fetchedContent + inputLine;
}
System.out.println(fetchedContent);
in.close();
result = result + fetchedContent + "\n";
System.out.println("------------------------------");
u = new URL(null, "https://" + Settings.getInstance().getCrmHost()+"/analytics/saw.dll?Go&Path=%2Fshared%2FMobilytics%2FOpportunities&format=XML&jsonDataFormat=rowset&ViewName=tableView!1&rowsPerPage=9999999999&SyncOperation=1",new sun.net.www.protocol.https.Handler());
uc = u.openConnection();
connection = (HttpsURLConnection)uc;
connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0");
connection.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
connection.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
connection.setRequestProperty("Accept-Decoding", "gzip, deflate");
in = new BufferedReader(new InputStreamReader(uc.getInputStream()));
headerName=null;
for (int i=1; (headerName = uc.getHeaderFieldKey(i))!=null; i++) {
if (headerName.equals("Set-Cookie")) {
HttpCookies.addCookieFromHeader(uc.getHeaderField(i));
}
System.out.println(headerName +": "+uc.getHeaderField(i)+"\n");
}
System.out.println("Sending the following cookies: "+HttpCookies.getCookiesString());
result = result + "Sending the following cookies: "+HttpCookies.getCookiesString()+"\n";
fetchedContent = "";
inputLine = "";
while ((inputLine = in.readLine()) != null) {
fetchedContent = fetchedContent + inputLine;
}
System.out.println(fetchedContent);
result = result + "we downloaded"+ fetchedContent + "\n";