Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

Command SSL to read your web mail

 [1/9] from: jmalv::hotmail at: 7-Mar-2002 18:32


Has anybody used SSL support to read email info in Yahoo or hotmail accounts ? I currently use Yodlee service but would like to help build or test a client based system so that one can consolidate multiple account info without having to login to each account manually. I found Yodlee limiting and Rebol would add great flexibility for this task. Anybody interested ? Jose

 [2/9] from: gscottjones:mchsi at: 7-Mar-2002 13:02


From: "j m"
> Has anybody used SSL support to read email info in Yahoo or hotmail
accounts Yahoo email can be reached by qualifying the request with your username and password. I believe that this is sent in clear text, and therefore easily read if your packet is sniffed. /Command is not required. At the command prompt, try: print read pop://my-name:[my-password--pop--mail--yahoo--com] Of course, there will need to be some email there to check. 8-) Accessing Hotmail thru http, if I recall correctly, requires a combination of cookie management and javascript, thereby effectively eliminating the use of REBOL. I've not investigated the optional pop access. --Scott Jones

 [3/9] from: jmalv::hotmail at: 7-Mar-2002 21:45


Yahoo provides both clear text and SSL authentication https://login.yahoo.com/config/login?.src=ym&.v=0&.u=dapanbku8fk7a&.last=&promo=&.intl=us&.bypass=&.partner=&.done Hotmail is SSL only http://lc3.law5.hotmail.passport.com/cgi-bin/login

 [4/9] from: gchiu:compkarori at: 8-Mar-2002 10:35


> Accessing Hotmail thru http, if I recall correctly, > requires a combination > of cookie management and javascript, thereby effectively > eliminating the use > of REBOL. I've not investigated the optional pop access. >
I wonder how Windows messenger does it ... as it is unlikely to be using javascript to determine that you have new hotmail. -- Graham Chiu

 [5/9] from: jmalv:hotma:il at: 8-Mar-2002 1:21


Scott, Thanks for answering, I think my previous post was not clear. I have succesfully logged in to hotmail with a simple HTML form that initiates a https action (with no Javascript). I will try tomorrow to initiate a SSL connection with Command and see whether I can parse the HTML ( I would have to store the cookies to read the inbox, etc which I am not so familiar ) Any ideas welcome THanks again
>From: "G. Scott Jones" <[gscottjones--mchsi--com]> >Reply-To: [rebol-list--rebol--com]
<<quoted lines omitted: 36>>
>[rebol-request--rebol--com] with "unsubscribe" in the >subject, without the quotes.
_________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com

 [6/9] from: gscottjones:mchsi at: 7-Mar-2002 17:23


GSJ> > Accessing Hotmail thru http, if I recall correctly, GSJ> > requires a combination GSJ> > of cookie management and javascript, thereby effectively GSJ> > eliminating the use GSJ> > of REBOL. I've not investigated the optional pop access.
> >
From: "Graham Chiu"
> I wonder how Windows messenger does it ... as it is unlikely > to be using javascript to determine that you have new > hotmail.
Hi, Graham, I was just thinking about you today, in that I don't see you posting as much as you used to. You have a good question, and I don't know the answer. But the http login appears to use JavaScript to manage the SSL login, and then a computer generated key is used to identify the user, and the key is managed dynamically. A regular http connection is used after the log on. I am assuming that the cookie is storing the updated keys as they are generated, but I have not checked further into this possibility. The additional kink (again if I recall correctly) is that trying to access the site through the standard web http interface requires following redirected url's, which requires the http scheme hack that Maarten (I think) and I kind of batted around last spring. I guess Messenger could do a quick check with https (or a private channel??? Packet sniffer, anyone?). Outlook Express uses an http address for its sign in, so I can only assume that it is doing something similar. I guess I shouldn't have answered J M's mail, but I was trying to be helpful. Regards, --Scott Jones

 [7/9] from: webmaster::windsweptfarm::com at: 27-Feb-2002 20:19


For those that need a sniffer to ferret out network traffic... If you are looking for a free sniffer then perhaps you might try: http://www.ethereal.com/ I have been running it for quite a while and the only problemI have encountered is the scrolling sometimes gets lock in and will scroll the whole log before you can gain control of it again. Not a big issue when you consider that it works like a charm otherwise. Scott Jones Said:

 [8/9] from: jmalv::hotmail::com at: 8-Mar-2002 17:41

Re: Command SSL to read your web mail (Any HTTP / SSL gurus ?)


Why is this not working ? Do you think is the redirect ? I get invalid port spec error !! (the html form below works ok) Thanks =============================================================================== pass: ask/hide "Password ? " str: reduce [ "curmbox=ACTIVE&js=yes&lang=EN&frames=no&login=" login &passwd pass "&submit=GO" ] page: read/custom https://lc1.law5.hotmail.passport.com/cgi-bin/dologin reduce ['post str ] write %test.html page ================================================================================ <html> <head> </head> <body> <form action=https://lc1.law5.hotmail.passport.com/cgi-bin/dologin method=post name=passwordform target=_new> <input name=curmbox type=hidden value=ACTIVE> <input name=js type=hidden value=yes> <input name=_lang type=hidden value=EN> <input name=frames type=hidden value=no> <input name="login" type=hidden value="YOUR-LOGIN"> <input type="password" name="passwd" size="15" maxlength="16"> <input type="submit" name="GO" value="GO"> </form> </body> </html>

 [9/9] from: gchiu:compkarori at: 3-Apr-2002 0:07


On Fri, 08 Mar 2002 17:41:54 +0100 "j m" <[jmalv--hotmail--com]> wrote:
> Why is this not working ? Do you think is the redirect ? > > I get invalid port spec error !! (the html form below > works ok)
Hi, Did you get any further with this? It seems once you pass the login page, it returns 6 rather long cookies, and sends you a redirect address which, at least in rebol, is considered an error. I've been trying to do this using a mixture of a bat file, cURL to post to the https logon page, and Rebol to dynamically write out another bat file with the parsed redirect address. -- Graham Chiu

Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted