GreaseMonkey script to auto login using HTTP authe

2019-01-22 04:49发布

问题:

I've got quite a few GreaseMonkey scripts that I wrote at my work which automatically log me into the internal sites we have here. I've managed to write a script for nearly each one of these sites except for our time sheet application, which uses HTTP authentication.

Is there a way I can use GreaseMonkey to log me into this site automatically?

Edit: I am aware of the store password functionality in browsers, but my scripts go a step further by checking if I'm logged into the site when it loads (by traversing HTML) and then submitting a post to the login page. This removes the step of having to load up the site, entering the login page, entering my credentials, then hitting submit

回答1:

It is possible to log in using HTTP authentication by setting the "Authorization" HTTP header, with the value of this header set to the string "basic username:password", but with the "username:password" portion of the string Base 64 encoded.

http://frontier.userland.com/stories/storyReader$2159

A bit of researching found that GreaseMonkey has a a function built into it where you can send GET / POST requests to the server called GM_xmlhttpRequest

http://diveintogreasemonkey.org/api/gm_xmlhttprequest.html

So putting it all together (and also getting this JavaScript code to convert strings into base64 I get the following

http://www.webtoolkit.info/javascript-base64.html

var loggedInText = document.getElementById('metanav').firstChild.firstChild.innerHTML;
if (loggedInText != "logged in as jklp") {
    var username = 'jklp';
    var password = 'jklpPass';
    var base64string = Base64.encode(username + ":" + password);

    GM_xmlhttpRequest({
        method: 'GET',
        url: 'http://foo.com/trac/login',
        headers: {
            'User-agent': 'Mozilla/4.0 (compatible) Greasemonkey/0.3',
            'Accept': 'application/atom+xml,application/xml,text/xml',
            'Authorization':'Basic ' + base64string,
        }
    });
}

So when I now visit the site, it traverses the DOM and if I'm not logged in, it automagically logs me in.



回答2:

HTTP authentication information is sent on every request, not just to log in. The browser will cache the login information for the session after you log in the first time. So, you don't really save anything by trying to check if you are already logged in.

You could also forget about greasemonkey altogether and just give your login into on the url like so:

http://username:password@host/

Of course, saving this in a bookmark may be a security risk, but not more-so than saving your password in the browser.



回答3:

Why don't you use Firefox (I assume you're using Firefox) to remember your credentials using the Password Manager?

I found this link: HTTP Authentication with HTML Forms. Looks like you can use javascript to do HTTP authentication. I don't think you can have Greasemonkey interrupt when you are first navigating to a URL though. You might have to setup some sort of launching point that you can use to have greasemonkey automatically redirect + login. For example, you can have the local page that takes the destination URL in the query string, have Greasemonkey automatically do the authenticate + redirect. The only problem is that you'll have to wrap the site bookmarks with your launching page for the bookmarks you use as entry points.



回答4:

"http://username:password@host/" doesn't work on IE, FireFox works ok.