Need help automating Mozilla or another browser.. Please.

Scripting Forums AppleScript | Mac OS X
#1

I have to access a website at least once every 30 days, otherwise I will have to go through a tedious burocratic process to get a new password. (government stuff)

I am trying to have a scritp that will run once in a while and do it for me with minimum or no intervention.

But I can’t get mozilla to press a “ok” button.

Please look at this script and give your sugestions:



set MyPassword to "My_password_here"

set MyLogin to "My_login_here"


tell application "Mozilla"
	
	
	OpenURL "https://www.comercioexterior.receita.fazenda.gov.br/g33159/jsp/logon.jsp?ind=07"
	
	
end tell


set the clipboard to MyLogin

display dialog "Your login name is the clipboard!

You can paste it now." buttons "Ok" default button "Ok" giving up after 4

tell application "System Events"
	
	tell application process "Mozilla"
		activate
		delay 15
		tell window "Website Certified by an Unknown Authority"
			click button 1
		end tell
		
	end tell
	
end tell

--tell application "Mozilla" to activate


set the clipboard to MyPassword

display dialog "Your Password is the clipboard!

You can paste it now." buttons "Ok" default button "Ok"

tell application "Mozilla" to quit
#2

If all you want to do is dupe the server into thinking you’ve logged in, perhaps you could use “curl” rather than a browser. It runs behind the scenes and could be automated to just run at set intervals using any number of automation techniques or scripting. I have no way to test this, because I have no access to your server, but according to the curl manual you may be able to use something like…

set theLoginScript to "curl -e your.site.com/theOriginalForm.jsp -d "user=foobar&pass=12345&id=blablabla&ding=submit" [url=http://your.site.com/dir/theScript.cgi]http://your.site.com/dir/theScript.cgi"[/url]

try
	do shell script theLoginScript
	display dialog "Login Successful!"
on error errorMessage number errorNumber
	display dialog "Alert: Login Unsuccessful!"
end try

The -d flag and the following string is the url-encoded string you want to send to the server. Make sure to view the page source of the form page and include all of the variables and their required values in this string, or the server will think you’re trying something funny :).

The -e flag and the following address is the URL of the form which you want the server to think you’re posting from. This is optional, but may help you out if the server is checking the referrer and wants to think that only the original form is trying to access it.

The final address without any flag is the URL address of the script you’re posting to.

I looked at the source for the form page’s URL you posted in your code, and noticed that it may be using some javascript to pre-process the variables, which may prevent this script from working as is. If you run into problems with authentication or security posting to the script, you may be able to get around this by using some of curl’s built-in security devices. Check out the curl manual and the curl usage pages for more information and examples.

Good luck, hope it works out for you…
j

#3

Hi Jobu!

Thanks for posting!

I used your script as it is and replaced password and id.

It worked for the first time. Got “Login successfull”.

But did not work for the next 10 times.

I think the server is smarter than we think. May be they require diferent strings each time?

#4

Probably what is happening is that the server is logging your access and keeps a record for every active session. All you’ve done is log in, so if you try to log in again, it probably thinks you’re already logged in and won’t allow another session. You may have to log out before you can do another login, as many servers consider simultaneous sessions to be insecure. To confirm this, you might try using the script, and then trying to log in on the web. The server might tell you that you can’t have two sessions, or it might ask you to log in again, which probably would overwrite the other session.

Anyways, here’s what I found. There are many more fields being passed in the login page than just the password and username. I assume the other fields are used by the script to track where your coming from and to track login attempts, so they may or may not be unnecessary. To truly reproduce using the login page, you’ll need to send all of the following html form input’s…

This would all translate to…

set theLoginScript to "curl -e your.site.com/theOriginalForm.jsp -d "
cpf=&senha=&funcao=login&subfuncao=login&programa=index.html&indlogon=7&certif=N&cpfTemp=<YOUR _CODIGO>&senhaTemp=<YOUR_SENHA>" [url=http://your.site.com/dir/theScript.cgi]http://your.site.com/dir/theScript.cgi"[/url]

try
   do shell script theLoginScript
   display dialog "Login Successful!"
on error errorMessage number errorNumber
   display dialog "Alert: Login Unsuccessful!"
end try

Make sure to change the “” and “<YOUR_SENHA>” parts to your actual login info, without quotes or brackets.

You may run into more problems if the server is using cookies to track sessions, as the server/browser relationship is a bit more tricky when dealing with cookies. If it’s a simple URL-encoded string storing a session id in the url, it should be as easy as something like…

(* Replace the 'do shell script' code above with this... *)
set theSecurePage to (do shell script theLoginScript) as unicode text

(* Then, check to see if you were logged in *)
(* Purely hypothetical and for example only! *)
if theSecurePage contains "Error: Login Failed" then
   display dialog "You were never logged in!"
else
   set theLogoutScript to "curl -d "sessid=<YOUR_SESSIONID>" [url=https://www.mysite.com.br/logoutscript.jsp]https://www.mysite.com.br/logoutscript.jsp"[/url]

   try
      do shell script theLogoutScript
      display dialog "Logout Successful!"
   on error errorMessage number errorNumber
      display dialog "Alert: Logout Unsuccessful!"
   end try
end if

Checking for a match for “Error: Login Failed” above is similar to what you were doing in your first code…checking for the page title. You’d have to change that to whatever is found on your error page… (probably will be in portuguese, too…no? :smiley: ) You’d need to generate the error page (like logging in with the wrong info of logging in twice) and then find some text that is always on the page that you can pattern match for. Next, you set the variable ‘theSecurePage’ to the contents of the page resulting from the do shell script command. If the pattern is found, the script can assume that you hit an error, otherwise, it tries to log you out.

Then you’ll have to find out how the logout process is done, and then use curl to issue a new command to do that logout. You may have to write some code to parse any information out of the page (or perhaps out of the url of the page that the script redirects you to) to supply that information (like a session id or any form variables). This part could get a bit tricky.

An easy workaround?..
If you know that the server automatically purges old sessions (like every day, once a week, etc.) you could just set your script to access the page at intervals more than that timeframe, so the server would just take care of loggin out for you. If you only need to log in once a month, just run the script once avery three weeks. Most ‘secure’ servers wouldn’t hold an unresolved session more than 24 hours, I wouldn’t think.

Good luck…
j

#5

Hello Jobu!

Could you please comment if my last URL string, the one that points to the serpro server is currect?

This is what the code looks like:

set theLoginScript to "curl -e https://www.comercioexterior.receita.fazenda.gov.br//jsp/logon.jsp?ind=07 -d "
cpf=&senha=&funcao=login&subfuncao=login&programa=index.html&indlogon=7&certif=N&cpfTemp=mylogin&senhaTemp=MyPassword" [url=https://www.comercioexterior.receita.fazenda.gov.br/g33159/servlet/serpro.siscomex.controle.Logon33169]https://www.comercioexterior.receita.fazenda.gov.br/g33159/servlet/serpro.siscomex.controle.Logon33169"[/url]


(* Replace the 'do shell script' code above with this... *)
set theSecurePage to (do shell script theLoginScript) as Unicode text

(* Then, check to see if you were logged in *)
(* Purely hypothetical and for example only! *)
if theSecurePage contains "Error: Login Failed" then
	display dialog "You were never logged in!"
else
	set theLogoutScript to "curl -d "sessid=<YOUR_SESSIONID>" [url=https://www.mysite.com.br/logoutscript.jsp]https://www.mysite.com.br/logoutscript.jsp"[/url]
	
	try
		do shell script theLoginScript
		display dialog "Logout Successful!"
	on error errorMessage number errorNumber
		display dialog "Alert: Logout Unsuccessful!"
	end try
end if

This returns:

curl: (35) SSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

#6

Yeah, that error is probably because you didn’t change the info to your own. :wink:

There was an error in my last post that actually sent the login script twice, but I edited it above. You must change the “theLoginScript” to “theLogoutScript” in the following line…

…and of course you must enter your site’s info, instead. This was intended as a starting point, not actual working code.

I’m typing out a lot more explanation than solid code here, so I’ll PM you and we can talk details without wasting so much space here. There are a lot of details that aren’t worth going into at any more length here without knowing what your actual setup is. If a good product is found, we can post it later for everyone to learn from.

j