Number Ones - Air Force 1 Shoes - Debt Consolidation - Cheap Cameras - Air Jordans
PDA

View Full Version : I failed to imitate a login with curl

xrvel
Feb 22nd 2009, 6:46 pm
Hi,

There was a local website (non https). I tried to imitate the login process with php curl. But i failed.
Here are my steps

I visit the home page to get some cookie (PHPSESSID thing)
I just do the login process to the correct login script

I've :

Imitated the referer.
Imitated the user agent with $_SERVER['HTTP_USER_AGENT'];
used CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR. And the cookie file was filed succesfully.


The response that i got from the login script is a 100% blank page.
Nothing there.
And the http header is 200 OK (i checked from curl_getinfo function)

Do you have any idea what i've missed there? :confused:
Thanks again.

Edit: the php code is on the next post.
Dennis M.
Feb 22nd 2009, 6:56 pm
How is the output coming back? Are you trying to just gather a result or are you outputing the page back into a visible output?

Regards,
Dennis M.
xrvel
Feb 22nd 2009, 7:00 pm
How is the output coming back? Are you trying to just gather a result or are you outputing the page back into a visible output?

Regards,
Dennis M.I tried to outputing the curl result (on the login page) back to the browser.
There was nothing there. Just like a 0 byte html page.
And the HTTP header was

HTTP/1.1 200 OK
Date: Mon, 23 Feb 2009 02:57:59 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4-8+etch6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Dennis M.
Feb 22nd 2009, 7:22 pm
hmm ok. I'm no cURL expert but you said the script was local - no? So I wrote up a test script so you can see a sort of format which works for this purpose. If you want to post all or part of your code, I can take a look at the actual code itself. But here goes. (I separated into 3 pages for sake of example)

index.php (All the cURL info)
<?php

// Do some generic cURL stuff
$ch = curl_init();

// Set our options...
curl_setopt($ch,CURLOPT_URL,'http://YOURDOMAIN.COM/page1.php');
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,'username=w00t&password=test');
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

// Execute the login
$login = curl_exec($ch);

// Now continue
curl_setopt($ch,CURLOPT_URL,'http://YOURDOMAIN.COM/page2.php');

// Show the next one
$content = curl_exec($ch);

curl_close($ch);

// View page
print $content;

?>

page1.php (Ultimately the "processor" of the data)
<?php
session_start();

// Just a simple little form..
if($_POST['username'] == "w00t" AND $_POST['password'] == "test"){
$_SESSION['username'] = $_POST['username'];
} else {
print "Epic fail >.< on the cURL's POSTVARS side";
}
?>

page2.php (Hit or miss. Since I didn't create a form, going to this doc directly will result in an error msg)
<?php
session_start();

if(!$_SESSION['username']){
print "Epic fail >.< on cURLs saving sessions";
exit;
} else {
print "This page actually works quite fine with the simple<br /><br />
cURL login!<br /><br />User: ".$_SESSION['username'];

session_destroy(); // Kill it
}
?>

Maybe that will help some?

Regards,
Dennis M.
javaongsan
Feb 22nd 2009, 7:42 pm
Why don't you show your code here, it will be easier
xrvel
Feb 22nd 2009, 8:02 pm
Thanks dennis it works on the local test script, but when i test it on a remote url, it fails.

Ok here is a simple testing script that i've just made, based on your script
real-init.php
<?php
session_start();
$_SESSION['init'] = 1;
$pass = md5(microtime());
?>
<table><form action="real-login.php" method=post autocomplete=off name=ab6c500c8daf6d673056dd201cb19c06>
<input type=hidden name=logref value="/isi/personal/index.php">
<input type=hidden name=nama_field value="pass<?php echo $pass; ?>">
<tr><td>User Id</td><td><input type=text name="userid" size=20></td></tr>
<tr><td>Password</td><td><input type="password" name="pass<?php echo $pass; ?>" size=20></td></tr>
<tr><td>&nbsp;</td><td><input type=submit name=bSubmit value="login"></td></tr>
</form></table>


"real-login.php"
<?php
session_start();

if (!isset($_SESSION['init'])) {
echo 'do not login straightly here.';
} else {
$pass_field = $_POST['nama_field'];
$username = $_POST['userid'];
$password = $_POST[$pass_field];
if ($username == 'woot' && $password == 'test') {
$_SESSION['loggedin'] = 1;
header('Location: real-member-home.php');
exit();
} else {
echo 'login fails, username = '.$username.', password = '.$password;
}
}
?>

And here is the curl file
<?php
set_time_limit(30);
define('DIR', dirname(__FILE__).'/');

header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: '.gmdate('D, d M Y H:i:s',time()-60).' GMT');
header('Cache-Control: private, no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0');
header('Pragma: no-cache');

$user = 'woot';
$pass = 'test';

$basicURL = array(
'login-init' => 'http://localhost/privates/real-init.php',
'login-process' => 'http://localhost/privates/real-login.php'
);

//////////////////////////////////////////////
//
// Step 1, get password field name
//
//////////////////////////////////////////////
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $basicURL['login-init']);
curl_setopt($ch, CURLOPT_REFERER, $basicURL['login-init']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, DIR.'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, DIR.'cookie.txt');
$result = curl_exec($ch);
$info = curl_getinfo($ch);
//curl_close($ch);

//echo $result;

preg_match('/name\=nama\_field value\=\"([a-z0-9]+)\"\>/i', $result, $match);
$pass_field = $match[1];

$post_data = sprintf('logref=/isi/personal/index.php'.'&'.'nama_field=%s'.'&'.'userid=%s'.'&'.'%s=%s'.'&'.'bSumit=login', $pass_field, $user, $pass_field, $pass);
/*
echo '<hr /><hr /><hr />';
print_r($info);
echo "<p>php sess id = $php_sess_id<br />pass field = $pass_field<br />Post data = $post_data</p>";
echo '<hr /><hr /><hr />';
*/

sleep(5);

//////////////////////////////////////////////
//
// Step 2, login
//
//////////////////////////////////////////////
curl_setopt($ch, CURLOPT_URL, $basicURL['login-process']);
curl_setopt($ch, CURLOPT_REFERER, $basicURL['login-init']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_HEADER, true);
//curl_setopt($ch, CURLOPT_COOKIEFILE, DIR.'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, DIR.'cookie.txt');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$result = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
print_r($info);
echo($result);
?>

It works fine on the testing script, the login success. But on remote URL, it fails. I guess the original web programmer prevents login automation with a method? :confused:
websecrets
Feb 23rd 2009, 12:37 pm
Did you check for JavaScript stored cookies?
xrvel
Feb 23rd 2009, 4:55 pm
Did you check for JavaScript stored cookies?I have checked the javascript on real remote URL. It seems nothing special there.
wmtips
Feb 24th 2009, 10:55 am
Simulating only user agent is not enough in some cases. There are Accept, Accept-Language headers and more, different from browser to browser. And there are scripts like Bad Behaviour (http://www.bad-behavior.ioerror.us/) for detecting and blocking such a "suspicious" requests.
xrvel
Feb 24th 2009, 4:07 pm
Simulating only user agent is not enough in some cases. There are Accept, Accept-Language headers and more, different from browser to browser. And there are scripts like Bad Behaviour (http://www.bad-behavior.ioerror.us/) for detecting and blocking such a "suspicious" requests.Thanks, it sounds complicated verification from the server. Never heard it before. I'll take a time to read it. Thanks :)