Commands.page Logo

Use Wget to Download Files Behind Login Forms on Ubuntu

This guide explains how to use the wget command-line utility on Ubuntu to download files protected by login forms. You will learn how to handle session cookies, POST data, and authentication headers to maintain a logged-in state while retrieving resources automatically.

Inspect the Login Form

Before running wget, you must identify the login URL and the required input field names. Open your web browser and navigate to the login page. Right-click the username and password fields to inspect the element. Note the name attributes for the username and password inputs, as well as the action URL of the form. You also need the direct URL to the file you intend to download once authenticated.

Authenticate and Save Cookies

Use wget to send a POST request with your credentials and save the resulting session cookies to a local file. Run the following command in your Ubuntu terminal, replacing the placeholders with your actual data:

wget --save-cookies cookies.txt --keep-session-cookies \
--post-data 'username=YOUR_USER&password=YOUR_PASS' \
https://example.com/login.php

The --save-cookies flag stores the authentication tokens in cookies.txt. The --keep-session-cookies option ensures temporary session cookies are saved rather than discarded. The --post-data flag sends your login credentials to the server.

Download the Protected File

Once the cookies are saved, use them to access the protected file. Execute the following command, ensuring you point to the correct file URL and the cookie file you just created:

wget --load-cookies cookies.txt https://example.com/protected/file.zip

The --load-cookies flag tells wget to send the stored session data with the request, allowing the server to recognize you as logged in.

Security Considerations

Avoid hardcoding passwords directly into shell scripts that are stored in version control or shared directories. Instead, use environment variables or prompt for input at runtime. Additionally, ensure your cookies.txt file has restricted permissions using chmod 600 cookies.txt to prevent other users on the system from accessing your session tokens.