Re: Automate Web Configuration

Steve Holden <steve@xxxxxxxxxxxxx> writes:

D wrote:
I would like to write a program that will automate the configuation of
a firewall or router via HTTPS. So, I need to import the applicable
certificate, and be able to configure the unit as if I was
typing/selecting the appropriate fields manually using a web browser.
If there is a command-line based tool that would allow me to do this, I
would be more than willing to give it a try. Otherwise, is there a
Python library that would do the same? Thanks.

Look for the Mechanize and ClientForm libraries: they can be used to
automate all sorts of web tasks.

Note that neither mechanize nor the standard library do a great job
with HTTPS client certificates (nor server certificates, for that
matter: those are not checked at all): You have to convert your
certificate file to the right format (e.g. using the "openssl" program
from OpenSSL -- the mechanize API docs explain how), and the only way
to supply the password right now is on the console. Hmm, it occurs to
me right now that maybe if your key has no password, it won't insist
on console input? Perhaps the same applies if you're running some
sort of keyserver? I haven't looked at the OpenSSL API docs to check.
If not, no doubt one could improve mechanize's behaviour here by using
something like PyOpenSSL or M2Crypto (or use the facilities provided
by those libraries directly -- see below).

(If you want to use mechanize right now I recommend checking it out
from SVN rather than using the last-released version. The official
stable release is coming "RSN". Getting docs done is hard work!-)

A few other HTTPS problems (both stdlib and mechanize are affected):

- No special CONNECT support for HTTPS proxies (you can do it, but
it's a pain)

- I think socket timeouts don't work for HTTPS (I forget why, so not
sure what work-arounds would apply)


If any of those limitations affect you (note they DON'T affect lots of
people doing HTTPS), try M2Crypto or perhaps PyOpenSSL (I don't really
know either library, but I'm pretty sure M2Crypto has an httplib
work-alike).


John
.

Relevant Pages

  • IE https certificate attack
    ... A flaw in Microsoft Internet Explorer allows an attacker to perform ... server name with the name stored in the certificate. ... There is a flaw in the way IE checks HTTPS objects that are embedded into ... I don't know the source code of the Internet Explorer I cannot check the ...
    (Bugtraq)
  • Re: IE https certificate attack
    ... How non-interactive ssl clients in EAI and web services software handle ... Subject: IE https certificate attack ...
    (Vuln-Dev)
  • [NT] Internet Explore HTTPS Certificate Attack
    ... A flaw in Microsoft Internet Explorer allows an attacker to perform a SSL ... There is a flaw in the way Internet Explorer checks HTTPS objects that are ... Explorer does only check if the certificate of the HTTPS server is ... Internet Explorer will only check if the cert was signed by a trusted CA ...
    (Securiteam)
  • RE: Outlook HTTPS over RPC error - Inconsistent users
    ... If the clients are using Outlook with PRC over HTTP and issue ONLY occurs ... issue which means it might be a client Outlook configuration or workstation ... over HTTPS because there is a problem with the certificate assigned to the ... With RPC over HTTPS no such pop up ...
    (microsoft.public.windows.server.sbs)
  • Re: SSL for SharePoint errors
    ... everything is HTTPS and works fine. ... After you success run CEICW to create self-signed certificate for SBS, ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)