[SOLVED]Control webGUI via wget



  • Hi,

    I'm trying to enable/disable a firewall rule via a script on another machine in the LAN here.

    Inspired by the docs https://doc.pfsense.org/index.php/Remote_Config_Backup, I have put the following together:

    wget -qO- --keep-session-cookies --save-cookies cookies.txt \
      --no-check-certificate https://192.168.1.1/diag_backup.php \
      | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
    wget -qO- --keep-session-cookies --load-cookies cookies.txt \
      --save-cookies cookies.txt --no-check-certificate \
      --post-data "login=Login&usernamefld=admin&passwordfld=pfsense&__csrf_magic=$(cat csrf.txt)" \
      https://192.168.1.1/firewall_rules.php  | grep "name='__csrf_magic'" \
      | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
    wget --keep-session-cookies --load-cookies cookies.txt --no-check-certificate \
      --post-data "if=opt1&act=toggle&id=106__csrf_magic=$(head -n 1 csrf2.txt)" \
      https://192.168.1.1/firewall_rules.php
    

    However, that doesn't quite do the trick, as I'm getting the following in response to the third wget:

    403 Forbidden
    2017-12-24 13:58:39 ERROR 403: Forbidden.
    

    Not sure what the problem is?

    The link that works is https://192.168.1.1/firewall_rules.php?if=opt1&act=toggle&id=106

    Thanks for any hint!


  • Rebel Alliance Developer Netgate

    Use the same page in all three requests. Your first command still hits diag_backup.php



  • Yes, sorry. That was left over from my various attempts to get it working. Also with firewall_rules.php in the first command, I get error 403.


  • Rebel Alliance Developer Netgate

    You are also missing a & between the ID and the csrf parameters in the third command.

    Plus you'll need to apply changes.

    This works:

    wget -qO- --keep-session-cookies --save-cookies cookies.txt \
      --no-check-certificate https://192.168.1.1/firewall_rules.php \
      | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
    wget -qO- --keep-session-cookies --load-cookies cookies.txt \
      --save-cookies cookies.txt --no-check-certificate \
      --post-data "login=Login&usernamefld=admin&passwordfld=pfsense&__csrf_magic=$(cat csrf.txt)" \
      https://192.168.1.1/firewall_rules.php  | grep "name='__csrf_magic'" \
      | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
    wget -qO- --keep-session-cookies --load-cookies cookies.txt --no-check-certificate \
      --post-data "if=opt1&act=toggle&id=28&__csrf_magic=$(tail -n 1 csrf2.txt)" \
      https://192.168.1.1/firewall_rules.php | grep "name='__csrf_magic'" \
      | sed 's/.*value="\(.*\)".*/\1/' > csrf3.txt
    wget -q --keep-session-cookies --load-cookies cookies.txt --no-check-certificate \
      --post-data "apply=Apply%20Changes&__csrf_magic=$(tail -n 1 csrf3.txt)" \
      https://192.168.1.1/firewall_rules.php -O /dev/null
    
    


  • Indeed, that works - thank you!

    I had thought I'd need to apply changes to the rules by running /etc/rc.filter_configure via ssh, but this is even simpler.


Log in to reply