Intro
JSESSIONID is a cookie created by the servlet engine after successful authentication attempt and used for session management in JSP applications for HTTP. But how to view it? After deep research I have found 3 easy ways. First two are CLI-based and are designed to the Linux systems only. Those utilize curl and wget commands. The last one is platform independent and utilizes Mozilla Firefox Live HTTP headers extension. The following section describes detailed instructions of how to accomplish that using each of the above solutions.
curl
With curl you only need to run a single command that will attempt an authentication against the specified URL. The corresponding JSESSIONID will be displayed as part of a result:
curl -u [login]:[password] '[URL]' --head
HTTP/1.1 302 Moved Temporarily
Date: Mon, 08 Jul 2013 05:53:18 GMT
X-AREQUESTID: 113x7408260x1
Set-Cookie: JSESSIONID=30C6F08DFEF05B08961C503DFCE2D88E; Path=/; Secure; HttpOnly
X-Seraph-LoginReason: OK
X-ASESSIONID: 1j16vj3
X-AUSERNAME: myuser
X-Content-Type-Options: nosniff
Location: http://mywebsite.com/SomeApp.jsp
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
wget
1) Gather the information required for CLI-based authentication. It means that you need to know the authentication form fields names. You may check that by viewing the web page source and analyzing the HTML code. The following example assumes that the fields are called login and password respectively.
2) Execute the following command that will attempt an authentication against the specified URL and create cookies.txt file containing the JSESSIONID:
wget --cookies=on --keep-session-cookies --save-cookies cookies.txt --post-data 'login=[login]&password=[password]' [URL]
3) You can find the JSESSIONID inside the cookies.txt file:
mywebsite.com FALSE / TRUE 0 JSESSIONID 7E830440B8EB9D1A43DA1452881285AE
Mozilla Firefox Live HTTP headers extension
1) From the Firefox menu select the Tools bar and then select the Add-ons.
2) Search for the Live HTTP Headers extension and then install it:
3) Restart the Firefox after it downloads the extension:
4) You will find the Live HTTP Headers on a list of your extensions installed:
5) Press the Preferences button. A new window appears. Make sure that the Capture check box is checked:
6) Log into the website. All headers will be captured. Just search for the JSESSIONID:
No comments:
Post a Comment