I'm trying to use curl to set up a cron to reboot my WD N900 Router on a regular basis.
Using Chrome's developer tools, when I login to the the router via its WebGUI, it brings me to "authentication.cgi". Here's its essential components copied as a curl (bash):
curl 'http://192.168.1.1/authentication.cgi' \
-H 'Cookie: QPYVIXOAZD=admin; uid=lseKLfq8zc' \
--data-raw 'USERNAME=admin&DIGEST=XXXXXXXXXXXXXXXXXXX'
The critical component is the cookie entry, of which the uid is unique for that particular login.
To reboot the router, I then go through several pages, eventually getting to "service.cgi". Here's its essential components copied as a curl (bash):
curl 'http://192.168.1.1/service.cgi' \
-H 'Cookie: QPYVIXOAZD=admin; uid=lseKLfq8zc' \
--data-raw 'EVENT=REBOOT'
For a successful reboot via curl from service.cgi, the cookie uid must be the same as that in authentication.cgi. Otherwise, it doesn't reboot, and states "Authorization failure."
How can I get this to work without first obtaining a cookie via a WebGUI login (which defeats the purpose of curl)?
I tried to set up a cookie jar (curl -c /tmp/cookie-jar.txt ....) and remove the "Cookie:..." line, which resulted in another "Authorization failure" as well as an empty cookie file save for this:
# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
I also tried "curl - u myusername:mypassword" (with and without --digest or --noauth options) to no avail ("authorization failure").
Any suggestions are greatly appreciated.
UPDATE: When I curl authentication.cgi with my username:password:
curl --user admin:XXXXXXXXXX 'http://192.168.1.1/authentication.cgi'
I get this type of response:
{"uid": "9auO5hcbq8", "CHALLENGE": "bdce6395-f46b-4306-a61b-1ec2de1bf7d5"}
Can this information be used somehow? I pasted that uid into the Cookie in my previous curl for service.cgi, but no luck.
CodePudding user response:
UPDATE
{"uid": "9auO5hcbq8", "CHALLENGE": "bdce6395-f46b-4306-a61b-1ec2de1bf7d5"}
Can this information be used somehow?
Use them (at least the uid) in your subsequent service request cookie
curl_setopt($ch, CURLOPT_COOKIE, uid=9auO5hcbq8; QPYVIXOAZD=admin;);
I'm not sure what you should do with this:
CHALLENGE=bdce6395-f46b-4306-a61b-1ec2de1bf7d5;
Maybe include it as a cookie. Or maybe a post field.
When you say:
For a successful reboot via curl from service.cgi, the cookie uid must be the same as that in authentication.cgi. Otherwise, it doesn't reboot, and states "Authorization failure."
I interpret this to mean first you need to get a currently valid cookie value.
Where you do the authentication.cgi'
request then use the uid
in the subsequent service.cgi
request.
The thing I think may be problematic is the cookie file is empty. It is possible that no cookie is being returned in the response. But I have found the curl cookie box to be problematic. So I handle cookies on my own.
For me, I use PHP scripts to troubleshoot problems like this.
What I would do is run a cron job to run a PHP script to do this.
If you do not know PHP, I will write it for you.
The cron job would look like this:
/usr/local/bin/php /home/<user>/backup/reboot.php
I really hope that this curl command worked for you or this answer is moot:
curl 'http://192.168.1.1/authentication.cgi' \
-H 'Cookie: QPYVIXOAZD=admin; uid=lseKLfq8zc' \
--data-raw 'USERNAME=admin&DIGEST=XXXXXXXXXXXXXXXXXXX'
This would be my first step where this is the reboot.php given the above cron job setting. This is based on my basic curl troubleshooting procedure. I have been in your position many times. I developed this over ten years ago.
<?
header('Content-Type: text/plain'); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://192.168.1.1/authentication.cgi');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type' => 'application/x-www-form-urlencoded',
]);
curl_setopt($ch, CURLOPT_COOKIE, 'QPYVIXOAZD=admin; uid=lseKLfq8zc');
curl_setopt($ch, CURLOPT_POSTFIELDS, 'USERNAME=admin&DIGEST=XXXXXXXXXXXXXXXXXXX');
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 2);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($ch, CURLOPT_FAILONERROR,true);
curl_setopt($ch, CURLOPT_ENCODING,"");
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$response = curl_exec($ch);
echo curl_error($ch);
var_export($response);
echo "\nheader out: " . curl_getinfo($ch,CURLINFO_HEADER_OUT);
?>
CodePudding user response:
It appears that the my router's web pages produces cookies via Javascript, which curl can't read or produce. I'll probably have to look into a text-based browser whose actions I can integrate into a script which would later use curl (or maybe wget).