pfSense English Support > webGUI

webGUI based backup

(1/1)

alan.johnson:
I have used wget to backup the conifg.xml file for a handful of pfSense boxes connected via VPN.  A recent upgrade to 2.3 has caused those backups to fail.

wget -qO- --keep-session-cookies --save-cookies cookies.txt --no-check-certificate https://192.168.0.1/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt

wget -qO- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=admin&passwordfld=012503&__csrf_magic=$(cat csrf.txt)" https://192.168.0.1/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt

wget --keep-session-cookies --load-cookies cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(cat csrf2.txt)" https://192.168.0.1/diag_backup.php -O config-router-corp-`date +%Y%m%d%H%M%S`.xml

Putting these in manually gives me this error on the last command.

--2016-04-19 09:33:59--  https://192.168.0.1/diag_backup.php
Connecting to 192.168.0.1:443... connected.
WARNING: The certificate of 192.168.0.1 is not trusted.
WARNING: The certificate of 192.168.0.1 hasn't got a known issuer.
The certificate's owner does not match hostname 192.168.0.1
HTTP request sent, awaiting response... 403 Forbidden
2016-04-19 09:33:59 ERROR 403: Forbidden.


I understand that the GUI has switched to nginx.  Does anyone have an updated method for grabbing the config remotely?

Thanks
Alan


 

jimp:
This set of commands (from https://doc.pfsense.org/index.php/Remote_Config_Backup) works for me against a 2.3 box.


--- Code: ---# wget -qO- --keep-session-cookies --save-cookies cookies.txt --no-check-certificate https://192.168.1.1/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
# wget -qO- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=admin&passwordfld=pfsense&__csrf_magic=$(cat csrf.txt)" https://192.168.1.1/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
# wget --keep-session-cookies --load-cookies cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 csrf2.txt)" https://192.168.1.1/diag_backup.php -O config-router-`date +%Y%m%d%H%M%S`.xml

--- End code ---

alan.johnson:
Thank you!

jimp:
The main difference seems to be that yours has "$(cat csrf2.txt)" and mine has "$(head -n 1 csrf2.txt)", that second run can have multiple CSRF tokens in the HTML so it's best to only take one, or it can fail.

Vorkbaard:
Trying to get this to work on 2.4.2 but all I'm getting (using jimp's lines, adapted with my own credentials and addresses) is the php page again: it downloads the download php page. It creates the cookies and csrf files but no backup xml file.

Doesn't matter which user I use (admin or dedicated backup user). Fiddled around with the password (for testing now only using a simple word with no fancy characters). Wget doesn't generate any errors (because from its point of view everything is ok).

Any suggestions?

Navigation

[0] Message Index

Go to full version