-1

On this website, you can enter your student-card-number, and then it will display how much money is left on that card. I want to obtain the information using JSOUP. This is my current code, but it does not work,

        String url = "http://kortladdning3.chalmerskonferens.se/CardLoad_Order.aspx";



        Connection.Response loginForm = Jsoup.connect(url)
                .method(Connection.Method.GET)
                .execute();

        Document document = Jsoup.connect(url)
                .userAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36")               
                 //.data("__VIEWSTATE","%2FwEPDwUHNjA4NDA1NQ9kFgQCAw9kFgoCAQ9kFgICAQ8PFgIeBFRleHQFClBUTSBLb3J0bnJkZAICDxYCHgdWaXNpYmxlaGQCAw8WAh8BaGQCBA8WAh8BaGQCBQ8WAh8BaBYCAgEPEGRkFgBkAgUPDxYCHwAFCShkZXNrdG9wKWRkZGzBhwMIv3yxqKnC0C7%2BPlC0PlDG")
                .data("__EVENTVALIDATION", "%2FwEWBAKG7bXPBQLi0uqnCgKF69rWBAK14fOOCgrUt4CBVP4K0VKe0uOPxLSAu26y")
                .data("hiddenIsMobile", "desktop")
                .data("txtCardNumber", "3819276248xxxxxx")
                .data("SavedCardNumber", "")
                .data("btnNext","N%C3%A4sta")
                .cookies(loginForm.cookies())
                .get();


        System.out.println(document.html());

I dont have much experience so I dont know where to look for the problem. Some thoughts:

  • Should I use .post() or .get()?
  • When looking in chrome devoloper tools, the post data is all the data I send with .data(.., ..) function. However if a send __VIEWSTATE I get an error, why?
  • Should I send decrypted or crypted data? (both are presented in chrome devoloper tools).
  • Am using the correct URL?
lijas
  • 466
  • 1
  • 6
  • 17
  • you should use `post`.see console network tab.http://i.imgur.com/a5NfLWs.png – Madhawa Priyashantha Sep 21 '15 at 15:13
  • possible duplicate of [knowing what header to send to server](http://stackoverflow.com/questions/32590398/knowing-what-header-to-send-to-server) – luksch Sep 21 '15 at 16:04
  • @FastSnail, If I set a correct cardnumber, then I get CardLoad_Order.aspx which has `get`. Does this mean the url should be `String url = "http://kortladdning3.chalmerskonferens.se/Default.aspx";` instead? Non of it works anyways.... – lijas Sep 21 '15 at 16:10
  • @lijas you will be redirect to cardload but before that number should be checked .if you inspect elements you can see form `
    `.you should use `default` page
     – Madhawa Priyashantha Sep 21 '15 at 16:17

1 Answers1

0

You should use both get and post:
First you have to send get request with no parameters to the URL - http://kortladdning3.chalmerskonferens.se/Default.aspx. The server replies with some cookies, and two values you'll use later - __VIEWSTATE and __EVENTVALIDATION. These values vary from request to request, so you can't use hard-coded values like you did.
After extracting these values, send post request, with the same fields you do now.
You can look at a very similar procedure here - Problems submitting a login form with Jsoup

Community
  • 1
  • 1
TDG
  • 5,909
  • 3
  • 30
  • 51
  • Thank you, it works. Quick qustion about security, what keeps from creating a for-loop and trying all card-number combinations? I guess the server has some limitation on how many times one ip cand send a request? – lijas Sep 21 '15 at 17:57
  • I'd also guess the server has some security measures, but trying all possible combination (AKA brute force attack) is not very effective - say you can send 10 requests per second. How long it will take to try all the possibilities? – TDG Sep 21 '15 at 18:10