coldfusioncoldfusion-9cfhttp

Posting credentials to cfhttp body using ColdFusion


I am passing few credentials along with __EVENTARGUMENT, __VIEWSTATE. But I was not able see the variables and data in the console or in the fiddler, Am I missing anything. I tried with url, formfield and body with no success. By the way I am using ColdFusion 9.

<cfset authenticationRequestBody = "__LASTFOCUS=#LASTFOCUS#&__EVENTTARGET=#EVENTTARGET#&__EVENTARGUMENT=#EVENTARGUMENT#&__VIEWSTATE=#EncodeViewState#&__VIEWSTATEGENERATOR=#EncodeViewGenerator#&__EVENTVALIDATION=#EncodeEventValidation#&#encodeForURL(UNameString)#=#UserName#&#encodeForURL(PwdString)#=#encodeForURL(Password)#&#encodeForURL(ButtonString)#=Submit">


<cfset stsUrl = "https://somesite.com/yyy/login.aspx" >
<cfhttp url="#stsUrl#" method="post"  resolveurl="no"  >
    <cfhttpparam type="header" name="Accept" value="application/xhtml+xml,text/html">
    <cfhttpparam type="header" name="REFERER" value="#BaseUrl#" >
    <cfhttpparam type="header" name="Accept-Language" value="en-US">
    <cfhttpparam type="header" name="Content-Type" value="application/x-www-form-urlencoded">
    <cfhttpparam type="header" name="Connection" value="keep-alive" >
    <cfhttpparam type="header" name="User-Agent" value="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" >
    <cfloop collection="#cookies#" item="i">
        <cfhttpparam type = "cookie" name="#i#" value="#cookies[i]#">
    </cfloop>
    <cfhttpparam type="body" name="PostData" value="#authenticationRequestBody#">


<cfoutput>
    <cfdump var="#GetHTTPRequestData()#">
</cfoutput>

This is Not a Problem related to the configuration Because I checked the JVM version and TLS version at the Site using SSL test server. There is something that I am missing here in the code..

Coldfusion 11 (Update 12) JVM : 1.8 TLS : 1.2

I was ablbe to get till the Login Screen. Even after passing the Username and Password in the body, it doesn't validate. When I access the URL directly with the same credentials it logs me in successfully.


Solution

  • Problem is not with the configuration or compatibility version.. The issue is with the cookies we are passing from the start.. When we navigate through a other page using cfhttp we need to carry the old cookies that we got from the past cfhttp calls.. Also in my case I need to initialize the cookie in the first call.. Below is the example for two calls..

    <cfhttp url='#BaseUrl#' method="get" redirect="no">
            <cfhttpparam type="header" name="Connection" value="keep-alive" >
            <cfhttpparam type="header" name="Cache-Control" value="no-cache">
            <cfhttpparam type="header" name="User-Agent" value="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko">
            <cfhttpparam type="header" name="cookie" value="TestCookie=;" >
    </cfhttp>
    
    <cfhttp url="#stsUrl#" method="post"  redirect="no" resolveurl="yes" result="postResult" >
        <cfhttpparam type="header" name="REFERER" value="#BaseUrl#" >
        <cfhttpparam type="header" name="Cache-Control" value="no-cache">
        <cfhttpparam type="header" name="Content-Type" value="application/x-www-form-urlencoded">
        <cfhttpparam type="header" name="Connection" value="keep-alive" >
        <cfhttpparam type="header" name="User-Agent" value="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" >
    
        <cfhttpparam type="header" name="cookie" value="TestCookie=;" encoded="yes">
    
        <cfloop collection="#CookieList#" item="i">
            <cfhttpparam type="header" name="cookie" value="#CookieList[i]#" encoded="yes">
        </cfloop>
    
        <cfhttpparam name="__LASTFOCUS"  value="" type="formfield">
        <cfhttpparam name="__EVENTTARGET"  value="" type="formfield">
        <cfhttpparam name="__EVENTARGUMENT"  value="" type="formfield">
        <cfhttpparam name="__VIEWSTATE"  value="#VIEWSTATE#" type="formfield">
        <cfhttpparam name="__VIEWSTATEGENERATOR"  value="#VIEWSTATEGENERATOR#" type="formfield">
        <cfhttpparam name="__EVENTVALIDATION"  value="#EVENTVALIDATION#" type="formfield">
        <cfhttpparam name="ctl00$MainContent$LoginCtrl$UserName"  value="#UserName#" type="formfield">
        <cfhttpparam name="ctl00$MainContent$LoginCtrl$Password"  value="#Password#" type="formfield">
        <cfhttpparam name="ctl00$MainContent$LoginCtrl$LoginButton"  value="Submit" type="formfield">
    </cfhttp>