Netgate SG-1000 microFirewall

Author Topic: [SOLVED]Control webGUI via wget  (Read 197 times)

0 Members and 1 Guest are viewing this topic.

Offline highc

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
[SOLVED]Control webGUI via wget
« on: December 24, 2017, 07:01:26 am »
Hi,

I'm trying to enable/disable a firewall rule via a script on another machine in the LAN here.

Inspired by the docs https://doc.pfsense.org/index.php/Remote_Config_Backup, I have put the following together:

Code: [Select]
wget -qO- --keep-session-cookies --save-cookies cookies.txt \
  --no-check-certificate https://192.168.1.1/diag_backup.php \
  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
wget -qO- --keep-session-cookies --load-cookies cookies.txt \
  --save-cookies cookies.txt --no-check-certificate \
  --post-data "login=Login&usernamefld=admin&passwordfld=pfsense&__csrf_magic=$(cat csrf.txt)" \
  https://192.168.1.1/firewall_rules.php  | grep "name='__csrf_magic'" \
  | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
wget --keep-session-cookies --load-cookies cookies.txt --no-check-certificate \
  --post-data "if=opt1&act=toggle&id=106__csrf_magic=$(head -n 1 csrf2.txt)" \
  https://192.168.1.1/firewall_rules.php

However, that doesn't quite do the trick, as I'm getting the following in response to the third wget:

Code: [Select]
403 Forbidden
2017-12-24 13:58:39 ERROR 403: Forbidden.

Not sure what the problem is?

The link that works is https://192.168.1.1/firewall_rules.php?if=opt1&act=toggle&id=106

Thanks for any hint!
« Last Edit: January 03, 2018, 01:54:37 am by highc »
pfSense 2.4.2-RELEASE-p1 on Netgate SG-2440

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Control webGUI via wget
« Reply #1 on: December 26, 2017, 09:22:31 am »
Use the same page in all three requests. Your first command still hits diag_backup.php
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline highc

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Re: Control webGUI via wget
« Reply #2 on: December 29, 2017, 08:33:10 am »
Yes, sorry. That was left over from my various attempts to get it working. Also with firewall_rules.php in the first command, I get error 403.
pfSense 2.4.2-RELEASE-p1 on Netgate SG-2440

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Control webGUI via wget
« Reply #3 on: January 02, 2018, 01:16:47 pm »
You are also missing a & between the ID and the csrf parameters in the third command.

Plus you'll need to apply changes.

This works:
Code: [Select]
wget -qO- --keep-session-cookies --save-cookies cookies.txt \
  --no-check-certificate https://192.168.1.1/firewall_rules.php \
  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
wget -qO- --keep-session-cookies --load-cookies cookies.txt \
  --save-cookies cookies.txt --no-check-certificate \
  --post-data "login=Login&usernamefld=admin&passwordfld=pfsense&__csrf_magic=$(cat csrf.txt)" \
  https://192.168.1.1/firewall_rules.php  | grep "name='__csrf_magic'" \
  | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
wget -qO- --keep-session-cookies --load-cookies cookies.txt --no-check-certificate \
  --post-data "if=opt1&act=toggle&id=28&__csrf_magic=$(tail -n 1 csrf2.txt)" \
  https://192.168.1.1/firewall_rules.php | grep "name='__csrf_magic'" \
  | sed 's/.*value="\(.*\)".*/\1/' > csrf3.txt
wget -q --keep-session-cookies --load-cookies cookies.txt --no-check-certificate \
  --post-data "apply=Apply%20Changes&__csrf_magic=$(tail -n 1 csrf3.txt)" \
  https://192.168.1.1/firewall_rules.php -O /dev/null
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline highc

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Re: Control webGUI via wget
« Reply #4 on: January 03, 2018, 01:54:10 am »
Indeed, that works - thank you!

I had thought I'd need to apply changes to the rules by running /etc/rc.filter_configure via ssh, but this is even simpler.
pfSense 2.4.2-RELEASE-p1 on Netgate SG-2440