OE Pro defeated?

Author Message
Paul 03/29/2006 07:00 am
Firstly congratulations on a superb product! I am trying to download the content of a site that seems to defeat OE.

It is due to the fact that the site login page also incorporates a verification code. You enter your user name and password as normal and then have to type in a code that is displayed on the screen to complete the login.

OE fails to login hence it only completes the username and password bit. Can you see a possible way around this?

Very sneaky security which I figure may appear more frequently in the future.

Thanks for you time.
Oleg Chernavin 03/29/2006 07:00 am
Thank you for kind words!

There is a simple trick that allows to download such sites.

Type the URL of the site in Offline Explorer`s Internal browser, logon there and enter the code to get to the first page with the info you want to download. Now take URL of that page and start downloading it using Offline Explorer. It should act as it was logged on the site, because it looks like a single application with its Internal browser.

I hope this helps.

Best regards,
Oleg Chernavin
MetaProducts corp.
KC 05/02/2006 06:46 pm
> Thank you for kind words!
>
> There is a simple trick that allows to download such sites.
>
> Type the URL of the site in Offline Explorer`s Internal browser, logon there and enter the code to get to the first page with the info you want to download. Now take URL of that page and start downloading it using Offline Explorer. It should act as it was logged on the site, because it looks like a single application with its Internal browser.
>
> I hope this helps.
>
> Best regards,
> Oleg Chernavin
> MetaProducts corp.

Hi Oleg,

First, I'd like to publically applaud not only your product, which is outstanding, but also your tireless efforts on this forum!

I'm opening this old topic again to report a new twist.

I'm attempting to dowload a site that uses this very same user authentication scheme with the verification code on the form. Upon authentication, the server takes you to the main page. the URL looks something like this:

http://vjwqb3mcd9idfbin.sparta.members.WEBSITE.com/default.htm
(Domain name replaced with WEBSITE to protect the innocent)

the vjwqb3mcd9idfbin prefix is what appears to be a session ID that changes every time one logs on.

Ok, so far so good. We start to download & it's all fine until a file appears in the Queue that looks like this:

http://vjwqb3mcd9idfbin.sparta.members.WEBSITE.com/view_image.php?galid=301&style=html&section=8&sparta_save=USERNAME%3APASSWORD&sparta_session=vjwqb3mcd9idfbin&PHPSESSID=18c463080694ec21253562b74dad1c3c&num=0

(actual username/password replaced with USERNAME & PASSWORD for this example)

When you browse to the file, you are presented with the very same webform you used to log in complete with verification code, and you are quite obviously prohibited from dowloading any thing else on the site because OE4 can't supply the new form data for the verification code that has now changed.

At this point it's hard to say what exactly triggers this response at the server side (login timeout, number of downloads, number of connections, etc.) but I can say it happens each time, every time regardless of my settings (Supress Website Errors, Evaluate Script Calc, etc.).

I have filtered out all URLs that are not germaine to the project and the site does not appear to have any logout links. I have also tried different Browser ID's to no avail.

I hope you can shed some light on this (frustrating) situation Thanks and keep up the GREAT work!

Best,

KC
Oleg Chernavin 05/03/2006 04:00 am
Thank you for your kind words!

It is had to tell without looking at the site. But perhaps you can disable loading such links in the Project Properties dialog. Maybe this is the kind of a logout link?

http://vjwqb3mcd9idfbin.sparta.members.WEBSITE.com/view_image.php?galid=301&style=html§ion=8&sparta_save=USERNAME%3APASSWORD&sparta_session=vjwqb3mcd9idfbin&PHPSESSID=18c463080694ec21253562b74dad1c3c&num=0

Oleg.