Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > hyperlink to Bypass login

Reply
Thread Tools

hyperlink to Bypass login

 
 
Priya
Guest
Posts: n/a
 
      04-29-2010
I would need to provide a hyperlink on my website that would let users
to login automatically with a username and password. Could I do that
with javascript, if yes can someone please direct me to the
documentation that would give the steps of doing so?

Any help is greatly appreciated. Thanks.
 
Reply With Quote
 
 
 
 
Priya
Guest
Posts: n/a
 
      04-29-2010
On Apr 29, 12:26*pm, Ivan Marsh <(E-Mail Removed)> wrote:
> Priya wrote:
> > I would need to provide a hyperlink on my website that would let users
> > to login automatically with a username and password. Could I do that
> > with javascript, if yes can someone please direct me to the
> > documentation that would give the steps of doing so?

>
> > Any help is greatly appreciated. Thanks.

>
> You can't secure a website client-side.
>
> http://www.developer.com/tech/articl...-side-Versus-S...
>
> --
> "All right, all right, if it will make you happy, I will overthrow society."
> * - Philip J. Fry


Hi Ivan, can I do it if I had access to the server? Can I get coding
help online?
 
Reply With Quote
 
 
 
 
Priya
Guest
Posts: n/a
 
      04-29-2010
Yes that is exactly what I am trying to do-pass a username/password to
an existing site, so it would automatically log me in. Can I find some
documentation online, I am a newbie; so any help will be greatly
appreciated. Thank you for all the info.
 
Reply With Quote
 
Ry Nohryb
Guest
Posts: n/a
 
      04-29-2010
On Apr 29, 7:08*pm, Priya <(E-Mail Removed)> wrote:
> Yes that is exactly what I am trying to do-pass a username/password to
> an existing site, so it would automatically log me in. Can I find some
> documentation online, I am a newbie; so any help will be greatly
> appreciated. Thank you for all the info.


http://example.com/login.html?user=u...sword=password

Not that it would be a good idea though.
--
Jorge.
 
Reply With Quote
 
Thomas 'PointedEars' Lahn
Guest
Posts: n/a
 
      04-29-2010
Priya wrote:

> Yes that is exactly what I am trying to do-pass

^^^^^^^
YSCIB.

> a username/password to an existing site, so it would automatically log me
> in.


Where "me" is really you, from a local (file://) site on your local system
connected to the Internet, in a Web browser?

> Can I find some documentation online,


Yes? (That is not a question either.)

> I am a newbie;


And therefore not required to use your brain before posting?

<http://www.catb.org/~esr/faqs/smart-questions.html>
<http://jibbering.com/faq/#posting>

> so any help will be greatly appreciated. Thank you for all the info.


To do this, I had created a bookmarklet that uses the `javascript:' scheme
to generate a document that duplicates the form usually used to log in to
the service (with the exception of the `action' attribute, which value must
contain the full URL) that submits itself:

javascript:'<!DOCTYPE html ...><html>...<body
onload="document.forms[0].submit()"><form action="http://..."
method="POST">...</form></body></html>'

It could be rewritten accepting parameters (such as username, password, and
site), or be reused to write a script for any Web site (the Same Origin
Policy does not apply then) that uses DOM scripting to append and submit the
form. If you use the bookmarklet and the login data is hard-coded, you
should make sure that the bookmarks file cannot be accessed by unauthorized
people.

Chances are that the original login form used by the service uses POST, so
you will have to use a form or XHR anyway. A simple link would not suffice,
and it would probably be off-topic here anyway (no scripting necessarily
involved).


PointedEars
--
Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee
 
Reply With Quote
 
Ry Nohryb
Guest
Posts: n/a
 
      04-29-2010
On Apr 29, 7:48*pm, Ry Nohryb <(E-Mail Removed)> wrote:
> On Apr 29, 7:08*pm, Priya <(E-Mail Removed)> wrote:
>
> > Yes that is exactly what I am trying to do-pass a username/password to
> > an existing site, so it would automatically log me in. Can I find some
> > documentation online, I am a newbie; so any help will be greatly
> > appreciated. Thank you for all the info.

>
> http://example.com/login.html?user=u...sword=password
>
> Not that it would be a good idea though.


In some sites this might also work:

http://user(E-Mail Removed)/login.html
--
Jorge.
 
Reply With Quote
 
Thomas 'PointedEars' Lahn
Guest
Posts: n/a
 
      04-29-2010
Ry Nohryb wrote:

> Ry Nohryb wrote:
>> Priya wrote:
>> > Yes that is exactly what I am trying to do-pass a username/password to
>> > an existing site, so it would automatically log me in. Can I find some
>> > documentation online, I am a newbie; so any help will be greatly
>> > appreciated. Thank you for all the info.

>>

> [...]
> In some sites this might also work:
>
> http://user(E-Mail Removed)/login.html


This security-relevant bug has been fixed long ago. Default security
settings in more recent browsers do not allow that anymore.


PointedEars
--
Prototype.js was written by people who don't know javascript for people
who don't know javascript. People who don't know javascript are not
the best source of advice on designing systems that use javascript.
-- Richard Cornford, cljs, <f806at$ail$1$(E-Mail Removed)>
 
Reply With Quote
 
Ry Nohryb
Guest
Posts: n/a
 
      04-29-2010
On Apr 29, 10:45*pm, Thomas 'PointedEars' Lahn <(E-Mail Removed)>
wrote:
> Ry Nohryb wrote:
> > In some sites this might also work:

>
> > http://user(E-Mail Removed)/login.html

>
> This security-relevant bug has been fixed long ago. *Default security
> settings in more recent browsers do not allow that anymore.


In your dreams, may be. I have just tried it out on the latest Safari,
Chrome, Opera, and FireFox, my dear Pointy.
--
Jorge.
 
Reply With Quote
 
Thomas 'PointedEars' Lahn
Guest
Posts: n/a
 
      04-29-2010
Ry Nohryb wrote:

> Thomas 'PointedEars' Lahn wrote:
>> Ry Nohryb wrote:
>> > In some sites this might also work:
>> >
>> > http://user(E-Mail Removed)/login.html

>>
>> This security-relevant bug has been fixed long ago. Default security
>> settings in more recent browsers do not allow that anymore.

>
> In your dreams, may be. I have just tried it out on the latest Safari,
> Chrome, Opera, and FireFox, my dear Pointy.


Microsoft removed the support for thos from IE because of the security
issue.

In Firefox (3.6) you have to set the user preference
"network.http.phishy-userpass-length" from the default 1
to 255 in order to have a good chance that no phishing
warning is displayed.

<http://kb.mozillazine.org/Network.http.phishy-userpass-length>

It is unlikely that it will take other vendors long to take appropriate
measures, so this approach must be recommended against.

And stop calling me "(my dear) Pointy", Georgie-Baby.


PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16
 
Reply With Quote
 
Bwig Zomberi
Guest
Posts: n/a
 
      04-30-2010
Priya wrote:
> Yes that is exactly what I am trying to do-pass a username/password to
> an existing site, so it would automatically log me in. Can I find some
> documentation online, I am a newbie; so any help will be greatly
> appreciated. Thank you for all the info.


1. Save the username/password in your browser and use the form-filling
feature to do the login.

2. If you need a Javascript solution, use user javascript to fill the
form fields and do the submission as per the web page code. This will
ensure that site's javascript gets to hashing the submitted contents.

3. If the website allows authentication without javascript, then what
Jorge suggested would work.
http://example.com/login.html?user=u...sword=password
Of course, you need to look at the source, identify the form fields and
then construct the correct URL with hidden additional fields if present
or required. They may however block GET method in authentication.


--
Bwig Zomberi
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to add a hyperlink column to asp.net datagrid - where only one value is a hyperlink davetichenor ASP .Net 1 10-30-2006 02:57 PM
How to add a hyperlink column to asp.net datagrid - where only one value is a hyperlink Dave ASP .Net Datagrid Control 0 10-21-2006 07:48 PM
DHTML setCookie to bypass login page. tungchau81@yahoo.com Javascript 0 08-24-2006 08:28 PM
Bypass cookies using workstation login teddysnips@hotmail.com ASP .Net 0 12-13-2005 03:50 PM
Dynamically Hyperlink and Event Handler for the Hyperlink ? Ken ASP .Net Datagrid Control 1 08-15-2003 11:38 PM



Advertisments