Form replay
Presentation
Form replay allows you to open a session on a protected application by replaying the form POST without asking anything to the user.
Please always try to find another solution to protect your application with LL::NG. At least, check if it is not a known application, or try to adapt its source code.
If you configure form replay with LL::NG, the Handler will catch configured POST URL and send a POST query to the target page (which can be different of the caught page). Each field can be filled with static values or data from user's session.
$_password to fill any password POST field.
LL::NG can catch a GET request and transform it internally in a POST request. All this work is transparent for the user, he cannot see what data are posted by LL::NG.
Configuration
You should grab some informations:
- URI of the page which contains the form
- URI of the page which receive POST data (optional if it is the same as the page holding the form)
- All fields name and values
For example:
- Form page URI: /login.php
- POST data URI: /process.php
- Fields:
- login: $uid (uid of the user)
- password: $_password (password of the user)
- static: 'StaticValue' (a static value)
- remember: '1' (checked box)
Then go in Manager, Virtual Hosts » virtualhost » Form replay and click on Add POST URL.
Fill values here:
- POST URL: /login.php
- Target URL: /process.php
Then click on New POST data and add all data with their values, for example:
Form replay with Apache mod_proxy
Due to a conflict between LL::NG form replay and Apache mod_proxy (see issue), you cannot use form replay on proxied applications, unless you use LL::NG internal proxy:
<VirtualHost> ServerName test2.example.com PerlHeaderParserHandler My::Package PerlModule Lemonldap::NG::Handler::Proxy SetHandler perl-script PerlHandler Lemonldap::NG::Handler::Proxy PerlSetVar LmProxyPass http://APPLICATION/ PerlSetVar LmLocationToReplace http://APPLICATION/,http://test2.example.com </VirtualHost>