0

I am trying to log into a site and load a webpage programatically in android. Meaning, I have the password and login and need to submit a webform and get the response page. I tried the code here: Doing HTTP Post with Android but I think I may be doing it wrong.

If this is the site I'm trying to access: http://goo.gl/eiBhP and my code is

HttpClient httpclient =  new DefaultHttpClient(httpParameters);
HttpPost httppost = new HttpPost(Constants.MAIN_URL);
List<namevaluepair> nameValuePairs = new ArrayList<namevaluepair>(2);
nameValuePairs.add(new BasicNameValuePair("username", "correctusername"));
nameValuePairs.add(new BasicNameValuePair("password", "correctpassword"));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response = httpClient.execute(httpost);

Then I should be able to use 

BufferedReader br = new BufferedReader(new InputStreamReader(
    entity.getContent()), 8096);

to get the response. The id of the login and pass on the site ate username and password. should I also somehow submit the button as a name value pair? I cant seem to get this to work, it just returns the login page. Please Help. I've tried reading over the other similar questions but I can't seem to get it to work.

Community
  • 1
  • 1
theannouncer
  • 1,148
  • 16
  • 28
  • 1
    first use some http sniffer like fiddler2 to see what exacly web browser is sending if you're login from web browser ... then send the same information from android ... it can be not easy since website can use some kind of viewstates – Selvin Jan 24 '12 at 11:39
  • 1
    Why the downvoting? It's a legitimate question and the OP has tried something. My advice is to look again at the webpage source - you'll notice it has other input fields that are typed as hidden. When you submit the webpage all input fields (visible or otherwise) are included - you'll probably have to do the same. – adelphus Jan 24 '12 at 11:51
  • 1
    what about the password ? I don't think that the browser sending the correct password ? It should of send a hashed password to the server. Check it as well. – Olgun Kaya Jan 24 '12 at 12:02
  • @adelphus So how would I submit the hidden buttons? what would be the value? would i just add it to the list of namevaluepairs? – theannouncer Jan 24 '12 at 23:56
  • Also @OlgunKaya wouldn't the hashing be done between the post submission and the website, otherwise how could I simply emulate putting in the form data and pushing submit? – theannouncer Jan 24 '12 at 23:56
  • then just try to send a data without touching it. and check the fiddle it. you gonna see the exact data you typed in the form. – Olgun Kaya Jan 25 '12 at 08:06

1 Answers1

2

Basically, you need to make sure that your code is submitting exactly the same information as the webpage. As Selvin points out, there's a good chance that the website is using some form of tracking - be it in hidden input values, cookies or some other state-based data.

You need to look at the source of the login webpage and understand what it is doing when you submit login details - you don't necessarily need to know what all the values mean, but your code must submit the same POST data.

If the website is using state information, you won't be able to hard-code those input values in your code. You'll probably need to retrieve a new instance of the login webpage each time using a HTTP GET request and then parse the data to extract the relevant state data. Don't forget that they may also be using cookies which you may need to submit.

All in all, you probably need to do a lot more work to get it to a working state. Not trying to dissuade you (and I don't know what you're trying to achieve), but perhaps it's easier just to use the website!

adelphus
  • 10,116
  • 5
  • 36
  • 46