Logon method and SSO study Note 1

1. The verification method for logging on to the blog Park is post, and post the user name and password together to the server for verification, such as post/login. aspx HTTP/1.1.

Part of post content: username = whzncut & tbpassword = ***** & btnlogin = % E7 % 99% BB ++ % E5 % BD % 95

2. chinaren authentication is to first connect to the https server to obtain the session and random, then pass URL verification in get mode, and then log on to the associated Server(The request process should be asynchronous)And set cookie. (setcookie. jsp) respectively)

For example

Request:

Connect passport.sohu.com: 443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0 ;. net CLR 2.0.50727 ;. net CLR 3.0.04506.648 ;. net CLR 3.5.21022 ;. net CLR 3.0.20.6.2152 ;. net CLR 3.5.30729; infopath.2)
Proxy-connection: keep-alive
Content-Length: 0
HOST: passport.sohu.com
Pragma: No-Cache

The data sent represents an SSLv3-compatible ClientHello handshake. For your convenience, the data is extracted below.

Major version: 3
Minor version: 1
Random: 4A 5E E6 EC D9 A8 16 40 E7 BC 67 27 05 F3 47 D2 65 C6 89 3A 76 34 4f B1 01 DC 50 87 61 A2 6B 65
Sessionid: empty
Ciphers:
[1, 0004] ssl_rsa_with_rc4_128_md5
[1, 0005] ssl_rsa_with_rc4_128_sha
[000a] ssl_rsa_with_3des_ede_sha
[1, 0009] ssl_rsa_with_des_sha
[1, 0064] tls_rsa_export1024_with_rc4_56_sha
[1, 0062] tls_rsa_export1024_with_des_sha
[1, 0003] ssl_rsa_export_with_rc4_40_md5
[1, 0006] ssl_rsa_export_with_rc2_40_md5
[1, 0013] ssl_dhe_dss_with_3des_ede_sha
[2, 0012] ssl_dhe_dss_with_des_sha
[2, 0063] tls_dhe_dss_export1024_with_des_sha

 Response:

 

This is a connect tunnel, through which encrypted https traffic flows.
To view the encrypted sessions inside this tunnel, ensure that the tools | fiddler options | decrypt https traffic option is checked.

The data sent represents an SSLv3-compatible of serverhello handshake. For your convenience, the data is extracted below.

Major version: 3
Minor version: 1
Sessionid: D7 05 39 2f 13 95 A8 DF 8A E2 65 51 ff 51 30 53 34 66 37 98 E5 B2 31 B3 11 4A 23 A6 3B DC 34 69
Random: 4A 5E E6 F2 B1 D0 9B E2 39 2a aa ec 40 E3 9B 21 40 9A 33 FC 54 AC 98 E8 1C 1B 43 23 45 27 5E B6
Cipher: 0x0a

 

Then verify the get method and put the parameters in the URL as follows:

Get/SSO/login. jsp? Userid = WW % 40chinaren.com & Password = Taobao & appid = 1005 & persistentcookie = 0 & isslogin = 1 & s = 1247733484250 & B = 6 & W = 1280 & pwdtype = 1 & domain = chinaren.com HTTP/1.1
Accept: */*
Referer: http://www.chinaren.com/
Accept-language: ZH-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; trident/4.0 ;. net CLR 2.0.50727 ;. net CLR 3.0.04506.648 ;. net CLR 3.5.21022 ;. net CLR 3.0.20.6.2152 ;. net CLR 3.5.30729; infopath.2)
Accept-encoding: gzip, deflate
HOST: passport.sohu.com
connection: keep-alive
COOKIE: iploc = cn1101; SUV = 0907031348247863; vjuids =-214d7a71c. 1225293b267. 0. f5a0fd1532726; JSESSIONID = abczn_kcvo2f5gaqpscks

If the verification succeeds, redirect jumps to the http://passport.chinaren.com/sso/setcookie.jsp? Passport = 1 | 1247733768 | 0 | Protocol = | A | EzV6ermvRW16KLXj692b-25M2ppFOA4otHeeKX4Y2RSakdfPKpzq6U3Qy9ge9X9rV3MA_thTsM0chXai7NzXHftrhF9WX4uIrXGvFMcC4d-tSGXHeljfoOanImteJ4Sag1Uh4f9QJh6PiUInRD-f_5SRDzeBmmVB3cKhR8zIsAw = & code = protocol & ppinf = 2 | 1247733768 | 0 | Protocol = & code1 = fd0b9470224b3360f423988b94d00df2 & pprdig = kcZ6r-PqMiguzCtb5B2EGkI1VAujHnea6egJ3K6o5_kQePQY1vXPh_JFAZcRzevzfXagDVcsXhttUjtmrV2bSh0Os72k1ewfXlQ-ezm-qu7_kmTDCQkvY9oNIFTIELfuopIwAISLs1Y-g45L1R9sYpP-kf9JXpEBQRm52A98pMk = & code2 = 7d645a3ef507ea885aa9e1437751659d & lastdomain = 1248943368 | d2h6mdbhmti1mtray2hpbmfyzw4uy29tfa = | chinaren.com & s = 1247733768435
And set the cookie, and then go to each domain "login", and set cookies, call ( Http://passport.sogou.com/sso/setcookie.jsp ?) For example:

GET/SSO/crossdomain_all.jsp? Action = Log in HTTP/1.1

GET/SSO/crossdomain. jsp? Action = login & domain = 17173.com HTTP/1.1

Return: Jump to http://pass.17173.com/sso/setcookie.jsp .......

HTTP/1.1 302 found
Server: nginx/0.6.37
Date: Thu, 16 Jul 2009 08:42:41 GMT
Content-Type: text/html; charset = GBK
Connection: Close
Set-COOKIE: ppmdig =-1483128256739e4da9b7b0801641bc15912374ff9d; domain = ..mail.sohu.com; Path =/; HTTPOnly
Cache-control: No-Cache
Pragma: No-Cache
Expires:-1
Location: http://pass.17173.com/sso/setcookie.jsp? Lastdomain = 1248943368 | Protocol = | chinaren.com | 1 & passport = 1 | 1247733768 | 0 | Protocol = | A | EzV6ermvRW16KLXj692b-25M2ppFOA4otHeeKX4Y2RSakdfPKpzq6U3Qy9ge9X9rV3MA_thTsM0chXai7NzXHftrhF9WX4uIrXGvFMcC4d-tSGXHeljfoOanImteJ4Sag1Uh4f9QJh6PiUInRD-f_5SRDzeBmmVB3cKhR8zIsAw = & code = e99dbe30b35718a1a239ba1ecdea2f3b & ppinf = 2 | 1247733768 | 0 | keys = & code1 = 3006b2124f497a58c52b90783a5cf7ba & pprdig = kcZ6r-PqMiguzCtb5B2EGkI1VAujHnea6egJ3K6o5_kQePQY1vXPh_JFAZcRzevzfXagDVcsXhttUjtmrV2bSh0Os72k1ewfXlQ-ezm-qu7_kmTDCQkvY9oNIFTIELfuopIwAISLs1Y-g45L1R9sYpP-kf9JXpEBQRm52A98pMk = & code2 = 243a4bb1d6d2852ec2f65733e8049864
Content-Length: 965

The URL has moved <a href = "http://pass.17173.com/sso/setcookie.jsp? Lastdomain = 1248943368 | Protocol = | chinaren.com | 1 & passport = 1 | 1247733768 | 0 | Protocol = | A | EzV6ermvRW16KLXj692b-25M2ppFOA4otHeeKX4Y2RSakdfPKpzq6U3Qy9ge9X9rV3MA_thTsM0chXai7NzXHftrhF9WX4uIrXGvFMcC4d-tSGXHeljfoOanImteJ4Sag1Uh4f9QJh6PiUInRD-f_5SRDzeBmmVB3cKhR8zIsAw = & code = e99dbe30b35718a1a239ba1ecdea2f3b & ppinf = 2 | 1247733768 | 0 | found = & code1 = 3006b2124f497a58c52b90783a5cf7ba & pprdig = kcZ6r-PqMiguzCtb5B2EGkI1VAujHnea6egJ3K6o5_kQePQY1vXPh_JFAZcRzevzfXagDVcsXhttUjtmrV2bSh0Os72k1ewfXlQ-ezm-qu7_kmTDCQkvY9oNIFTIELfuopIwAISLs1Y-g45L1R9sYpP-kf9JXpEBQRm52A98pMk = & code2 = 243a4bb1d6d2852ec2f65733e8049864 "> here </a>

 

For personal understanding, please correct the error.