Curiosity supports form based authentication - even through https connections.
<webSource
name="aSource">
<formAuth>
<postVerb>
<url>https://www.example.com/post.htm</url>
<param>
<name>aParam</name>
<value>itsValue</value>
</param>
<param>
<name>userId</name>
<value>theUser</value>
</param>
<param>
<name>pwd</name>
<value>itsPassword</value>
</param>
</postVerb>
</formAuth>
</webSource>
Anyway, sometimes authentication forms have a lot of parameters which should be set: in order to lessen the burden of listing all the parameters with their names and values, you can let Curiosity automatically compile that list for you, by defining the url of the login page - that is, the page containing the target form - and the xpath to the form node itself. This way, you will have just to list the relevant parameters.
<webSource
name="aSource">
<formAuth>
<postVerb>
<preloadUrl>http://.../login.htm</
preloadUrl>
<formPicker>//form[@id
=
'loginForm']</formPicker>
<param>
<name>userId</name>
<value>theUser</value>
</param>
<param>
<name>pwd</name>
<value>itsPassword</value>
</param>
</postVerb>
</formAuth>
</webSource>
Moreover, in order to protect - to some extent - passwords and other sensitive information needed to be defined for authentication purposes, you can specify encrypted data by using the pwd attribute:
<webSource
name="aSource">
<formAuth>
<postVerb>
...
<param
pwd="true">
<name>pwd</name>
<value>5WFEvFwgbOFMRpwZB3=</value>
</param>
...
</postVerb>
</formAuth>
</webSource>
In order to ecrypt your data, you must execute from the command line:
curiosity.exe --encode "aPasswordToBeEncoded"
and the encoded value will be printed to the standard output.