Skip to content
This repository has been archived by the owner on Aug 17, 2022. It is now read-only.

Latest commit

 

History

History
106 lines (94 loc) · 4 KB

how-it-works.md

File metadata and controls

106 lines (94 loc) · 4 KB
Raw

How this Page Works:

Getting Cookies for DOE login page

GET /home/login
Host: healthscreening.schools.nyc
Cookie: ai_user=<TIME> _ga=<NO CLUE> ; _gid=<NO CLUE>
RESPONSE /home/login
Host: healthscreening.schools.nyc
RESPONSE: HTTP/1.1 302 Found 
Location: https://idp.nycenet.edu/mga/sps/oauth/oauth20/authorize?client_id=<REDACTED>&redirect_uri=https%3A%2F%2Fhealthscreening.schools.nyc%2Fauthorization-code%2Fcallback&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=<REDACTED>&state=<REDACTED>&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.<RANDOM B64 BLOB>=N
Set-Cookie: .AspNetCore.Correlation.OpenIdConnect.<RANDOM B64 BLOB>=N;
GET /mga/sps/oauth/oauth20/authorize?client_id=<REDACTED>&redirect_uri=https%3A%2F%2Fhealthscreening.schools.nyc%2Fauthorization-code%2Fcallback&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=<REDACTED>&state=<REDACTED>&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Host: idp.nycenet.edu
Cookie: NONE
RESPONSE /mga/sps/oauth/oauth20/authorize?client_id=<REDACTED>&redirect_uri=https%3A%2F%2Fhealthscreening.schools.nyc%2Fauthorization-code%2Fcallback&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=<REDACTED>&state=<REDACTED>&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Location: /mga/sps/auth
Set-Cookie: AMWEBJCT!%2Fmga!JSESSIONID=<RANDOM B64 BLOB>
Set-Cookie: BIGipServerPR_IDP_NYCENET_EDU_POOL=000000000.00000.0000  # These numbers have been changed
GET /mga/sps/auth 
Host: idp.nycenet.edu
Cookie: AMWEBJCT!%2Fmga!JSESSIONID=<RANDOM B64 BLOB>; BIGipServerPR_IDP_NYCENET_EDU_POOL=000000000.00000.0000  # These numbers have been changed
RESPONSE /mga/sps/auth 
Host: idp.nycenet.edu
Set-Cookie: PD-S-SESSION-ID=<REDACTED>
# This is the DOE login page, work done before this was to get the correct cookies

After Entering Credentials

POST /pkmslogin.form?token=Unknown HTTP/1.1
Host: idp.nycenet.edu
Cookie: AMWEBJCT!%2Fmga!JSESSIONID=<RANDOM B64 BLOB > ; BIGipServerPR_IDP_NYCENET_EDU_POOL=000000000.00000.0000; PD-S-SESSION-ID=<REDACTED>
POST-DATA : vusername=<USERNAME>&password=<PASSWORD>&login-form-type=pwd&username=<USERNAME>
RESPONSE /pkmslogin.form?token=Unknown HTTP/1.1
Host: idp.nycenet.edu
HTTP/1.1 302 Moved Temporarily
Set-Cookie: PD-S-SESSION-ID=<NEW BLOB>
location: https://idp.nycenet.edu/mga/sps/auth
GET /mga/sps/auth HTTP/1.1
Host: idp.nycenet.edu
Cookie: AMWEBJCT!%2Fmga!JSESSIONID=<RANDOM>; BIGipServerPR_IDP_NYCENET_EDU_POOL=000000000.00000.0000; PD-S-SESSION-ID=<NEW BLOB>
RESPONSE /mga/sps/auth HTTP/1.1
Host: idp.nycenet.edu
3 KEYS TO THE KINGDOM- Code, state, id_token

Redeeming Cookies at /authorization-code/callback

POST /authorization-code/callback HTTP/1.1
Host: healthscreening.schools.nyc
Cookie: .AspNetCore.OpenIdConnect.Nonce.<RANDOM B64 BLOB>=N; .AspNetCore.Correlation.OpenIdConnect.<RANDOM B64 BLOB>=N;
POST-DATA : code=<code>&id_token=<id_token>&state=<state>   # All this is from teh KEYS TO THE KINGDOM
RESPONSE /authorization-code/callback HTTP/1.1
Host: healthscreening.schools.nyc
HTTP/1.1 302 Found
Location: /home/login
Set-Cookie: .AspNetCore.Correlation.OpenIdConnect.<BLOB>=
Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.<BLOB>=
Set-Cookie: .AspNetCore.Cookies=chunks-2
Set-Cookie: .AspNetCore.CookiesC1=< MASSIVE BLOB>
Set-Cookie: .AspNetCore.CookiesC2=< SMALLER BLOB>

Back to login with new cookies

GET /home/login HTTP/1.1
Host: healthscreening.schools.nyc
Cookies: .AspNetCore.Cookies=chunks-2; .AspNetCore.CookiesC1=<MASSIVE BLOB>; .AspNetCore.CookiesC2=<SMALLER BLOB>
RESPONSE /home/login HTTP/1.1
Host: healthscreening.schools.nyc
HTTP/1.1 302 Found
Location: /