How To Download PHP files from Server

I want to download a file and see it's source code but
its a 302 redirect like this:

http://www.example1.com/redirect.php

<?php
header("Location: http://www.example2.com");

exit;
?>

i want to download the redirect.php file but when i do it, it downloads the
the file found in www.example2.com I dont know how a http header
redirect works, but does anyone know how can i download the actual
redirect.php file? i tried with a spider simulator to see what's inside the file
but it does not work, any php file downloader? maybe? any help appriciated.

 

Imagine you could download PHP files like you want and see it's source code.

I'd go to http://forums.digitalpoint.com/includes/config.php

And I'd have all of DP's MySQL information.


Simple put, it's not possible.

 

dont be stupid, a protected php file is way different than a redirect , if you dont know let the pros answer it

 

You have to trust nico_swd on this.

For security reasons, Apache prevents PHP files from being downloaded so that their source code is readable, unless there is a server failure while you attempt the download. Normally, you'll only get the HTML output of a PHP file on your local computer as a "gift", not the source code. So if source contains a PHP redirect, you'll just get the output = be redirected. No download possible.

 

Lol, sorry, I apologize 14 times for being stupid and take back everything I said.
Now it's YOUR turn to find a "pro" to accomplish what you're trying to do. And show me the result.

Good luck...


And thanks, Clive. I bet he won't believe you though, lol.

 

its imposible now

 

LOL, that was a diss. Anyways, it's not impossible to view the source of a 301 redirect... except all yoru going to do is see http headers. Use a packet sniffer to view whatever you want to... but use it only for good (evil packet sniffers not allowed... don't be trying to crack SSL... and if you do please send me the schema)

 

He's asking how to download PHP files and see its source code. THAT is impossible. Getting the headers from a requested page is easy, using get_headers(). But that doesn't seem to be what he wants to do.

 

You cant download a php file because the php engine will be running and showing what its meant to show/doing what its meant to do. So you get the redirected page and not the .php file.

 

$file = ("package.rar");
header ("Content-Type: application/octet-stream");
header ("Accept-Ranges: bytes");
header ("Content-Length: ".filesize($file));
header ("Content-Disposition: attachment; filename=".$file);
readfile($file);

source:
http://www.phpinform.com/2009/06/27/file-download-from-server-upload-to-user-download-window/

 

HI,

Even if the directory listing is enabled, then also? I understand that if the directory listing is not enabled, then the script will be executed. But what if the directory listing is enabled. Cant i do simply "Save As"...???

 

ya..
it is possible ..
right click then select save as then your file is download..

 

It will still run the PHP and all you will get is the HTML output, so if the pages only output is a 301 redirect you will simply get headers.

The only way to get the PHP code itself is via a non-http method of connecting to the server (FTP, telnet, VPN/VPC etc)

 

PHP is a server-side programing language , you cannot do this

 

First, PHP is a server-side scripting language.
When a request to that file comes from port 80 (http request), it will handle from a web server (apache, IIS, nginx, etc...)
and execute it. The and the result will be return to the client.
So when you try to download the .php file, it will return you the html file. And in your case it is redirected to another url.
So the result you got from download the script would be the html from the redirected url.
It is not possible to download any server-side script from http request.
one way to download the server-side script is through ftp.
Or write another script like arthur.x sample, to download a php file. It will send the php file as binary.

 

you will need to upload shell script on the server which is vulnerable.

 

what do you mean by "arthur.x"? can you give some example code?

 

You need to find a hole on that server, then find a 777 folder and upload a filemanager or shell script, then just grab the source. simple.

You can use this website for "educational" purposes http://www.hackthissite.org/

 

You can't just download a.php file and view it's source like you do with an HTML file. How is a "protected php file" different than a redirect file? First of all, there really are no "protected php file" and the redirect is a php file (redirect.php).

 

Other than hacking or web server misconfiguration, it is not possible. php file will be processed by web server to turn into regular HTML file. What the browser gets will be regular HTML code, which is the out put of that pre-process. The source will never be revealed. Just like Perl cgi script. What you get is the output, not the source.