Command SSL to read your web mail
[1/9] from: jmalv:h:otmail at: 7-Mar-2002 18:32
Has anybody used SSL support to read email info in Yahoo or hotmail accounts
?
I currently use Yodlee service but would like to help build or test a client
based system so that one can consolidate multiple account info without
having to login to each account manually. I found Yodlee limiting and Rebol
would add great flexibility for this task.
Anybody interested ?
Jose
[2/9] from: gscottjones:mchsi at: 7-Mar-2002 13:02
From: "j m"
> Has anybody used SSL support to read email info in Yahoo or hotmail
accounts
Yahoo email can be reached by qualifying the request with your username and
password. I believe that this is sent in clear text, and therefore easily
read if your packet is sniffed. /Command is not required. At the command
prompt, try:
print read pop://my-name:[my-password--pop--mail--yahoo--com]
Of course, there will need to be some email there to check. 8-)
Accessing Hotmail thru http, if I recall correctly, requires a combination
of cookie management and javascript, thereby effectively eliminating the use
of REBOL. I've not investigated the optional pop access.
--Scott Jones
[3/9] from: jmalv::hotmail at: 7-Mar-2002 21:45
Yahoo provides both clear text and SSL authentication
https://login.yahoo.com/config/login?.src=ym&.v=0&.u=dapanbku8fk7a&.last=&promo=&.intl=us&.bypass=&.partner=&.done
Hotmail is SSL only
http://lc3.law5.hotmail.passport.com/cgi-bin/login
[4/9] from: gchiu:compkarori at: 8-Mar-2002 10:35
> Accessing Hotmail thru http, if I recall correctly,
> requires a combination
> of cookie management and javascript, thereby effectively
> eliminating the use
> of REBOL. I've not investigated the optional pop access.
>
I wonder how Windows messenger does it ... as it is unlikely
to be using javascript to determine that you have new
hotmail.
--
Graham Chiu
[5/9] from: jmalv:h:otmail at: 8-Mar-2002 1:21
Scott,
Thanks for answering, I think my previous post was not clear.
I have succesfully logged in to hotmail with a simple HTML form that
initiates a https action (with no Javascript).
I will try tomorrow to initiate a SSL connection with Command and see
whether I can parse the HTML ( I would have to store the cookies to read
the inbox, etc which I am not so familiar )
Any ideas welcome
THanks again
>From: "G. Scott Jones" <[gscottjones--mchsi--com]>
>Reply-To: [rebol-list--rebol--com]
<<quoted lines omitted: 36>>
>[rebol-request--rebol--com] with "unsubscribe" in the
>subject, without the quotes.
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
[6/9] from: gscottjones:mchsi at: 7-Mar-2002 17:23
GSJ> > Accessing Hotmail thru http, if I recall correctly,
GSJ> > requires a combination
GSJ> > of cookie management and javascript, thereby effectively
GSJ> > eliminating the use
GSJ> > of REBOL. I've not investigated the optional pop access.
> >
From: "Graham Chiu"
> I wonder how Windows messenger does it ... as it is unlikely
> to be using javascript to determine that you have new
> hotmail.
Hi, Graham,
I was just thinking about you today, in that I don't see you posting as much
as you used to.
You have a good question, and I don't know the answer. But the http login
appears to use JavaScript to manage the SSL login, and then a computer
generated key is used to identify the user, and the key is managed
dynamically. A regular http connection is used after the log on. I am
assuming that the cookie is storing the updated keys as they are generated,
but I have not checked further into this possibility. The additional kink
(again if I recall correctly) is that trying to access the site through the
standard web http interface requires following redirected url's, which
requires the http scheme hack that Maarten (I think) and I kind of batted
around last spring. I guess Messenger could do a quick check with https (or
a private channel??? Packet sniffer, anyone?). Outlook Express uses an
http address for its sign in, so I can only assume that it is doing
something similar. I guess I shouldn't have answered J M's mail, but I was
trying to be helpful.
Regards,
--Scott Jones
[7/9] from: webmaster::windsweptfarm::com at: 27-Feb-2002 20:19
For those that need a sniffer to ferret out network traffic...
If you are looking for a free sniffer then perhaps you might try:
http://www.ethereal.com/
I have been running it for quite a while and the only problemI have
encountered is the scrolling sometimes gets lock in and will scroll the
whole log before you can gain control of it again.
Not a big issue when you consider that it works like a charm otherwise.
Scott Jones Said:
[8/9] from: jmalv::hotmail::com at: 8-Mar-2002 17:41
Re: Command SSL to read your web mail (Any HTTP / SSL gurus ?)
Why is this not working ? Do you think is the redirect ?
I get invalid port spec error !! (the html form below works ok)
Thanks
===============================================================================
pass: ask/hide "Password ? "
str: reduce [ "curmbox=ACTIVE&js=yes&lang=EN&frames=no&login=" login
&passwd pass "&submit=GO" ]
page: read/custom https://lc1.law5.hotmail.passport.com/cgi-bin/dologin
reduce ['post str ]
write %test.html page
================================================================================
<html>
<head>
</head>
<body>
<form action=https://lc1.law5.hotmail.passport.com/cgi-bin/dologin
method=post name=passwordform target=_new>
<input name=curmbox type=hidden value=ACTIVE> <input name=js type=hidden
value=yes> <input name=_lang type=hidden value=EN> <input name=frames
type=hidden value=no> <input name="login" type=hidden value="YOUR-LOGIN">
<input type="password" name="passwd" size="15" maxlength="16">
<input type="submit" name="GO" value="GO">
</form>
</body>
</html>
[9/9] from: gchiu:compkarori at: 3-Apr-2002 0:07
On Fri, 08 Mar 2002 17:41:54 +0100
"j m" <[jmalv--hotmail--com]> wrote:
> Why is this not working ? Do you think is the redirect ?
>
> I get invalid port spec error !! (the html form below
> works ok)
Hi,
Did you get any further with this?
It seems once you pass the login page, it returns 6 rather
long cookies, and sends you a redirect address which, at
least in rebol, is considered an error.
I've been trying to do this using a mixture of a bat file,
cURL to post to the https logon page, and Rebol to
dynamically write out another bat file with the parsed
redirect address.
--
Graham Chiu
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted