Hacking Gmail

(Grace) #1

Chapter 5 — How Gmail Works 69


Logging In


Start by requesting the page http://gmail.google.com. Whereupon,
Gmail replies back with an http 302 redirect to https://gmail.google.
com/?dest=http%3A%2F%2Fgmail.google.com%2Fgmail, which the browser
automatically follows, switching to encrypted traffic:

192.168.016.053.64142-216.239.057.106.00080: GET / HTTP/1.1
Host: gmail.google.com

216.239.057.106.00080-192.168.016.053.64142: HTTP/1.1 302


Moved Temporarily
Location:
https://gmail.google.com/?dest=http%3A%2F%2Fgmail.google.com%2
Fgmail
Cache-control: private
Content-Length: 0
Content-Type: text/html
Server: GFE/1.3
Date: Sun, 16 Jan 2005 17:11:18 GMT

192.168.016.053.64143-216.239.057.106.00443
LOTS OF ENCRYPTED TRAFFIC CLIPPED OUT FROM THIS SECTION

Because the login page is encrypted — the traffic flows over HTTPS not HTTP —
you can’t follow what it does using the log. You need to use a script to follow the
URLs until you get back to the trace. I used the following snippet of Perl code to
pretend to be a browser to see what is going on:
#!/usr/bin/perl -w

use LWP::UserAgent;
use HTTP::Request;

This Is Going to Break

During the writing of this book, the Gmail login sequence has changed at least three times. Not
massively so, it must be said, but enough to break code until I worked out just what had
changed. This section, and the chapters following, therefore, must be taken as guides to reverse
engineering the thing yourself, and not as a definitive reference to the Gmail login sequence. If
what I describe here no longer matches reality completely, I apologize. Take solace in the fact
that I have no idea what Google is up to either.

Free download pdf