View Single Post
  #6  
Old 20.10.2010, 14:20
Ciaccia
Guest
 
Posts: n/a
Default Tomato 1.25 (on WRT54GL)

Hi all,
Since I couldn't find a LiveHeader script for my Tomato 1.25 router, I wrote one:

Spoiler:
Code:
[[[HSRC]]]
    [[[STEP]]]
        [[[REQUEST]]]
        GET / HTTP/1.1
        Host: %%%routerip%%%
        Authorization: Basic %%%basicauth%%%
        [[[/REQUEST]]]
        [[[RESPONSE keys="tid"]]]
        .*_http_id=(TID[a-zA-Z0-9]{2,16}).*
        [[[/RESPONSE]]]
    [[[/STEP]]]

    [[[STEP]]]
        [[[REQUEST]]]
        POST /service.cgi HTTP/1.1
        Host: %%%routerip%%%
        Authorization: Basic %%%basicauth%%%

_service=wan-stop&_redirect=status-overview.asp&_sleep=2&_http_id=%%%tid%%%
        [[[/REQUEST]]]
    [[[/STEP]]]

    [[[STEP]]]
        [[[WAIT seconds="2"/]]]
    [[[/STEP]]]

    [[[STEP]]]
        [[[REQUEST]]]
        POST /service.cgi HTTP/1.1
        Host: %%%routerip%%%
        Authorization: Basic %%%basicauth%%%

_service=wan-restart&_redirect=status-overview.asp&_sleep=5&_http_id=%%%tid%%%
        [[[/REQUEST]]]
    [[[/STEP]]]


    [[[STEP]]]
        [[[WAIT seconds="5"/]]]
    [[[/STEP]]]
[[[/HSRC]]]


In new Tomato versions, the HTML page contains a dynamically generated ID that has to be submitted together with the POST, in order to avoid cross site scripting vulnerability.

The above script first downloads the main page, and extracts the "secret" ID (tid). Then stops the wan service, sleeps 2 seconds, restarts the wan-service and at the end sleeps other 5 seconds.

I tested it and it works flawless on my WRT54GL router.
Could you add the script to the knowledge/wiki page?

Thanks
Reply With Quote