Skip to content

Instantly share code, notes, and snippets.

@ChristianTremblay

ChristianTremblay/Niagara4 Scram exchange

Created April 25, 2017 01:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ChristianTremblay/19c88a35d7b17a1ab81618c4bbd81da3 to your computer and use it in GitHub Desktop.
Save ChristianTremblay/19c88a35d7b17a1ab81618c4bbd81da3 to your computer and use it in GitHub Desktop.
Download ZIP
Extract from wireshark TCP flow
Raw
Niagara4 Scram exchange
GET /prelogin?clear=true HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip, deflate
HTTP/1.1 302 Found
Set-Cookie: JSESSIONID=29d3613a82dc65dc7eab15c94d40d9e487ffe25aa868d7d84d;Path=/;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-frame-options: sameorigin
Set-Cookie: niagara_userid="";Version=1;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;HttpOnly
Location: http://192.168.210.10:88/prelogin
Content-Length: 0
GET /prelogin HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=29d3613a82dc65dc7eab15c94d40d9e487ffe25aa868d7d84d
HTTP/1.1 200 OK
x-frame-options: sameorigin
Content-Type: text/html;charset=utf-8
Content-Length: 2219
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width initial-scale=1.0 maximum-scale=1.0 target-densityDpi=medium-dpi">
<title>Login</title>
<link rel="stylesheet" type="text/css" href="login/loginN4.css"></link>
<script type="text/javascript" src="login/loginN4.js"></script>
</head>
<body onload="checkFail()">
<script type='text/javascript'>
if ('ontouchstart' in window) {
document.body.className += ' touch-enabled';
}
</script>
<form id="login-form" method="POST" action=prelogin>
<div id="login-logo-container">
<img id="login-logo" src="login/logo" alt="Custom Logo"/>
</div>
<fieldset id="login-form-container">
<div id="login-title-container">
<div id="login-title">Synergia_Srv</div>
</div>
<div>
<noscript>JavaScript must be enabled to login</noscript>
</div>
<div id="login-failed">
Login Failed
</div>
<div id="login-image">
<img src="login/keys.png" />
</div>
<div id="login-credentials">
<div class="login-group">
<label class="login-label" for="userName">Username:</label>
<input class="login-input" type="text" name="j_username" autofocus/>
</div>
<input id="login-submit" type="submit" value="Login"/>
</div>
</fieldset>
<div id="blanket" style="display:none">
<div id="licenseDiv" style="display:block">
<div id="licenseTitle"><div id="licenseFileName"></div><div><img id="closeButton" src="login/close.png" alt="Close" onclick="closeLicense()"/></div></div>
<iframe id="licenseFile" onload="fixStyle(this)" src=""></iframe>
</div>
</div>
<div id="licenseAgreements">
Use of this software is subject to the<br />
<a href="#" onclick="openLicense('End User License Agreement', 'eula');">End User License Agreement</a>
and other <a href="#" onclick="openLicense('Third Party Licenses', 'thirdPartyLicenses');">Third Party Licenses</a>
</div>
</form>
<p>
<div id="webStartLogin" class="">
To connect using Java Web Start <a id="niagara_webStartJnlpLink" href="/webstart/jnlp">click here</a>
</div>
</p>
</body>
</html>POST /prelogin?j_username=pyhaystack HTTP/1.1
Host: 192.168.210.10:88
Accept: */*
Content-Length: 0
Accept-Encoding: gzip, deflate
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Cookie: JSESSIONID=29d3613a82dc65dc7eab15c94d40d9e487ffe25aa868d7d84d
HTTP/1.1 302 Found
x-frame-options: sameorigin
Set-Cookie: niagara_userid=pyhaystack;Path=/;Expires=Wed, 25-Apr-2018 01:50:29 GMT;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=fd5096bac04d630456bd853c3080de152fa2e3d81b6c22a1f6;Path=/;HttpOnly
Set-Cookie: niagara_use_kerb_creds="";Version=1;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;HttpOnly
Location: http://192.168.210.10:88/login
Content-Length: 0
GET /login HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: */*
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=fd5096bac04d630456bd853c3080de152fa2e3d81b6c22a1f6; niagara_userid=pyhaystack
HTTP/1.1 200 OK
x-frame-options: sameorigin
Set-Cookie: niagara_userid=pyhaystack;Expires=Wed, 25-Apr-2018 01:50:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 2965
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width initial-scale=1.0 maximum-scale=1.0 target-densityDpi=medium-dpi">
<title>Login</title>
<link rel="stylesheet" type="text/css" href="login/loginN4.css"></link>
<script type="text/javascript" src="login/loginN4.js"></script>
</head>
<body onload="checkFail()">
<script type='text/javascript'>
if ('ontouchstart' in window) {
document.body.className += ' touch-enabled';
}
</script>
<form id="login-form" method="POST" action=j_security_check>
<div id="login-logo-container">
<img id="login-logo" src="login/logo" alt="Custom Logo"/>
</div>
<fieldset id="login-form-container">
<div id="login-title-container">
<div id="login-title">Synergia_Srv</div>
</div>
<div>
<noscript>JavaScript must be enabled to login</noscript>
</div>
<div id="login-failed">
Login Failed
</div>
<div id="login-image">
<img src="login/keys.png" />
</div>
<div id="login-credentials">
<script type="text/javascript" src="login/digestLoginN4.js"></script>
<script type="text/javascript" src="login/core/auth.min.js"></script>
<div class="login-group">
<label class="login-label" for="userName">Username:</label>
<input id="username" class="login-input" type="text" name="j_username" value="pyhaystack" readonly/>
</div>
<div class='login-change-user' style="text-align:right">
<a href="/prelogin?clear=true">Change User</a>
</div>
<div class="login-group">
<label class="login-label" for="password">Password:</label>
<input id="password" class="login-input" type="password" name="j_password" autocomplete="off" autofocus/>
</div>
<input id="login-submit" type="submit" value="Login" onclick="return doLogin();" disabled/>
<script type="text/javascript">
if (typeof doLogin === 'function') { document.getElementById('login-submit').disabled = false; }
</script>
</div>
</fieldset>
<div id="blanket" style="display:none">
<div id="licenseDiv" style="display:block">
<div id="licenseTitle"><div id="licenseFileName"></div><div><img id="closeButton" src="login/close.png" alt="Close" onclick="closeLicense()"/></div></div>
<iframe id="licenseFile" onload="fixStyle(this)" src=""></iframe>
</div>
</div>
<div id="licenseAgreements">
Use of this software is subject to the<br />
<a href="#" onclick="openLicense('End User License Agreement', 'eula');">End User License Agreement</a>
and other <a href="#" onclick="openLicense('Third Party Licenses', 'thirdPartyLicenses');">Third Party Licenses</a>
</div>
</form>
<p>
<div id="webStartLogin" class="">
To connect using Java Web Start <a id="niagara_webStartJnlpLink" href="/webstart/jnlp">click here</a>
</div>
</p>
</body>
</html>POST /j_security_check HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Accept: text/html, application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Content-Length: 91
Accept-Encoding: gzip, deflate
Content-Type: application/x-niagara-login-support
Referer: http://192.168.210.10:88/login
Connection: Keep-Alive
Cookie: HttpOnly=; Path=/; JSESSIONID=fd5096bac04d630456bd853c3080de152fa2e3d81b6c22a1f6; niagara_userid=pyhaystack
action=sendClientFirstMessage&clientFirstMessage=n,,n=pyhaystack,r=zkCWSOm-Qr5ZKCyhaAopKA==HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=f1fd97a53d94723118533807ea65ecc14d14a583d4c283e66c;Path=/;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain;charset=iso-8859-1
Transfer-Encoding: chunked
54
r=zkCWSOm-Qr5ZKCyhaAopKA==yMVVrnuUjojJfFpvjjHfxA==,s=VWDTaVrX091U4WlEFBC+3g==,i=4096
0
POST /j_security_check HTTP/1.1
Host: 192.168.210.10:88
Accept: */*
Content-Length: 153
Accept-Encoding: gzip, deflate
Content-Type: application/x-niagara-login-support
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Cookie: HttpOnly=; Path=/; JSESSIONID=f1fd97a53d94723118533807ea65ecc14d14a583d4c283e66c; niagara_userid=pyhaystack
action=sendClientFinalMessage&clientFinalMessage=c=biws,r=zkCWSOm-Qr5ZKCyhaAopKA==yMVVrnuUjojJfFpvjjHfxA==,p=oUX+vFVgsSdSEJ7xap+Du2tUyyyC2OLXWFS4aUpIvAk=HTTP/1.1 200 OK
Content-Type: text/plain;charset=iso-8859-1
Transfer-Encoding: chunked
2E
v=Y/gUJmwWyauLClZQ/ecS6CHiMA3Z03hNX0z1JscgK1k=
0
GET /haystack/about HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: text/zinc
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=f1fd97a53d94723118533807ea65ecc14d14a583d4c283e66c; niagara_userid=pyhaystack
HTTP/1.1 302 Found
Location: http://192.168.210.10:88/login
Content-Length: 0
GET /login HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: text/zinc
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=f1fd97a53d94723118533807ea65ecc14d14a583d4c283e66c; niagara_userid=pyhaystack
HTTP/1.1 200 OK
x-frame-options: sameorigin
Set-Cookie: niagara_userid=pyhaystack;Expires=Wed, 25-Apr-2018 01:50:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 2965
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width initial-scale=1.0 maximum-scale=1.0 target-densityDpi=medium-dpi">
<title>Login</title>
<link rel="stylesheet" type="text/css" href="login/loginN4.css"></link>
<script type="text/javascript" src="login/loginN4.js"></script>
</head>
<body onload="checkFail()">
<script type='text/javascript'>
if ('ontouchstart' in window) {
document.body.className += ' touch-enabled';
}
</script>
<form id="login-form" method="POST" action=j_security_check>
<div id="login-logo-container">
<img id="login-logo" src="login/logo" alt="Custom Logo"/>
</div>
<fieldset id="login-form-container">
<div id="login-title-container">
<div id="login-title">Synergia_Srv</div>
</div>
<div>
<noscript>JavaScript must be enabled to login</noscript>
</div>
<div id="login-failed">
Login Failed
</div>
<div id="login-image">
<img src="login/keys.png" />
</div>
<div id="login-credentials">
<script type="text/javascript" src="login/digestLoginN4.js"></script>
<script type="text/javascript" src="login/core/auth.min.js"></script>
<div class="login-group">
<label class="login-label" for="userName">Username:</label>
<input id="username" class="login-input" type="text" name="j_username" value="pyhaystack" readonly/>
</div>
<div class='login-change-user' style="text-align:right">
<a href="/prelogin?clear=true">Change User</a>
</div>
<div class="login-group">
<label class="login-label" for="password">Password:</label>
<input id="password" class="login-input" type="password" name="j_password" autocomplete="off" autofocus/>
</div>
<input id="login-submit" type="submit" value="Login" onclick="return doLogin();" disabled/>
<script type="text/javascript">
if (typeof doLogin === 'function') { document.getElementById('login-submit').disabled = false; }
</script>
</div>
</fieldset>
<div id="blanket" style="display:none">
<div id="licenseDiv" style="display:block">
<div id="licenseTitle"><div id="licenseFileName"></div><div><img id="closeButton" src="login/close.png" alt="Close" onclick="closeLicense()"/></div></div>
<iframe id="licenseFile" onload="fixStyle(this)" src=""></iframe>
</div>
</div>
<div id="licenseAgreements">
Use of this software is subject to the<br />
<a href="#" onclick="openLicense('End User License Agreement', 'eula');">End User License Agreement</a>
and other <a href="#" onclick="openLicense('Third Party Licenses', 'thirdPartyLicenses');">Third Party Licenses</a>
</div>
</form>
<p>
<div id="webStartLogin" class="">
To connect using Java Web Start <a id="niagara_webStartJnlpLink" href="/webstart/jnlp">click here</a>
</div>
</p>
</body>
</html>GET /haystack/about HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: text/zinc
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=f1fd97a53d94723118533807ea65ecc14d14a583d4c283e66c; niagara_userid=pyhaystack
HTTP/1.1 302 Found
Location: http://192.168.210.10:88/login
Content-Length: 0
GET /login HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: text/zinc
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=f1fd97a53d94723118533807ea65ecc14d14a583d4c283e66c; niagara_userid=pyhaystack
HTTP/1.1 200 OK
x-frame-options: sameorigin
Set-Cookie: niagara_userid=pyhaystack;Expires=Wed, 25-Apr-2018 01:50:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 2965
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width initial-scale=1.0 maximum-scale=1.0 target-densityDpi=medium-dpi">
<title>Login</title>
<link rel="stylesheet" type="text/css" href="login/loginN4.css"></link>
<script type="text/javascript" src="login/loginN4.js"></script>
</head>
<body onload="checkFail()">
<script type='text/javascript'>
if ('ontouchstart' in window) {
document.body.className += ' touch-enabled';
}
</script>
<form id="login-form" method="POST" action=j_security_check>
<div id="login-logo-container">
<img id="login-logo" src="login/logo" alt="Custom Logo"/>
</div>
<fieldset id="login-form-container">
<div id="login-title-container">
<div id="login-title">Synergia_Srv</div>
</div>
<div>
<noscript>JavaScript must be enabled to login</noscript>
</div>
<div id="login-failed">
Login Failed
</div>
<div id="login-image">
<img src="login/keys.png" />
</div>
<div id="login-credentials">
<script type="text/javascript" src="login/digestLoginN4.js"></script>
<script type="text/javascript" src="login/core/auth.min.js"></script>
<div class="login-group">
<label class="login-label" for="userName">Username:</label>
<input id="username" class="login-input" type="text" name="j_username" value="pyhaystack" readonly/>
</div>
<div class='login-change-user' style="text-align:right">
<a href="/prelogin?clear=true">Change User</a>
</div>
<div class="login-group">
<label class="login-label" for="password">Password:</label>
<input id="password" class="login-input" type="password" name="j_password" autocomplete="off" autofocus/>
</div>
<input id="login-submit" type="submit" value="Login" onclick="return doLogin();" disabled/>
<script type="text/javascript">
if (typeof doLogin === 'function') { document.getElementById('login-submit').disabled = false; }
</script>
</div>
</fieldset>
<div id="blanket" style="display:none">
<div id="licenseDiv" style="display:block">
<div id="licenseTitle"><div id="licenseFileName"></div><div><img id="closeButton" src="login/close.png" alt="Close" onclick="closeLicense()"/></div></div>
<iframe id="licenseFile" onload="fixStyle(this)" src=""></iframe>
</div>
</div>
<div id="licenseAgreements">
Use of this software is subject to the<br />
<a href="#" onclick="openLicense('End User License Agreement', 'eula');">End User License Agreement</a>
and other <a href="#" onclick="openLicense('Third Party Licenses', 'thirdPartyLicenses');">Third Party Licenses</a>
</div>
</form>
<p>
<div id="webStartLogin" class="">
To connect using Java Web Start <a id="niagara_webStartJnlpLink" href="/webstart/jnlp">click here</a>
</div>
</p>
</body>
</html>GET /haystack/about HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: text/zinc
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=f1fd97a53d94723118533807ea65ecc14d14a583d4c283e66c; niagara_userid=pyhaystack
HTTP/1.1 302 Found
Location: http://192.168.210.10:88/login
Content-Length: 0
GET /login HTTP/1.1
Host: 192.168.210.10:88
User-Agent: python-requests/2.7.0 CPython/3.4.3 Linux/4.4.50-v7+
Connection: keep-alive
Accept: text/zinc
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=f1fd97a53d94723118533807ea65ecc14d14a583d4c283e66c; niagara_userid=pyhaystack
HTTP/1.1 200 OK
x-frame-options: sameorigin
Set-Cookie: niagara_userid=pyhaystack;Expires=Wed, 25-Apr-2018 01:50:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 2965
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width initial-scale=1.0 maximum-scale=1.0 target-densityDpi=medium-dpi">
<title>Login</title>
<link rel="stylesheet" type="text/css" href="login/loginN4.css"></link>
<script type="text/javascript" src="login/loginN4.js"></script>
</head>
<body onload="checkFail()">
<script type='text/javascript'>
if ('ontouchstart' in window) {
document.body.className += ' touch-enabled';
}
</script>
<form id="login-form" method="POST" action=j_security_check>
<div id="login-logo-container">
<img id="login-logo" src="login/logo" alt="Custom Logo"/>
</div>
<fieldset id="login-form-container">
<div id="login-title-container">
<div id="login-title">Synergia_Srv</div>
</div>
<div>
<noscript>JavaScript must be enabled to login</noscript>
</div>
<div id="login-failed">
Login Failed
</div>
<div id="login-image">
<img src="login/keys.png" />
</div>
<div id="login-credentials">
<script type="text/javascript" src="login/digestLoginN4.js"></script>
<script type="text/javascript" src="login/core/auth.min.js"></script>
<div class="login-group">
<label class="login-label" for="userName">Username:</label>
<input id="username" class="login-input" type="text" name="j_username" value="pyhaystack" readonly/>
</div>
<div class='login-change-user' style="text-align:right">
<a href="/prelogin?clear=true">Change User</a>
</div>
<div class="login-group">
<label class="login-label" for="password">Password:</label>
<input id="password" class="login-input" type="password" name="j_password" autocomplete="off" autofocus/>
</div>
<input id="login-submit" type="submit" value="Login" onclick="return doLogin();" disabled/>
<script type="text/javascript">
if (typeof doLogin === 'function') { document.getElementById('login-submit').disabled = false; }
</script>
</div>
</fieldset>
<div id="blanket" style="display:none">
<div id="licenseDiv" style="display:block">
<div id="licenseTitle"><div id="licenseFileName"></div><div><img id="closeButton" src="login/close.png" alt="Close" onclick="closeLicense()"/></div></div>
<iframe id="licenseFile" onload="fixStyle(this)" src=""></iframe>
</div>
</div>
<div id="licenseAgreements">
Use of this software is subject to the<br />
<a href="#" onclick="openLicense('End User License Agreement', 'eula');">End User License Agreement</a>
and other <a href="#" onclick="openLicense('Third Party Licenses', 'thirdPartyLicenses');">Third Party Licenses</a>
</div>
</form>
<p>
<div id="webStartLogin" class="">
To connect using Java Web Start <a id="niagara_webStartJnlpLink" href="/webstart/jnlp">click here</a>
</div>
</p>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment