Jump to content

login using curl


jakebur01

Recommended Posts

A 3rd party hosts our online ordering site that is integrated with our inventory software program.  I have a customer login page on our "Corporate Site" and I am wanting to login to our "online ordering site" directly from this page.

 

First I tried:

    <p class="main_body"><form action="http://mysite.com/login javascript:window.location=http://my3rdparysite.com/login" method="post" id="contactform"><table><tr><td><input name="username" type="hidden" value="demo" /></td></tr><tr><td><input name="password" type="hidden" value="demo" /></td></tr><tr><td> </td><td><input name="Submit" type="submit" value="Sign in to Demo account" /></td></tr></table></form></p>

 

This takes me to http://my3rdpartysite.com/login. The text on the page displays {"success":true,"route":"\/myname\/customer\/"} .  So when I change the url in the browser from http://my3rdpartysite.com/login to http://my3rdpartysite.com/customer, I am logged in.

 

So, then I researched to see if there is a way to inject javascript in the form or url so when it reaches 3rdpartysite.com/login, it would automatically redirect to 3rdpartysite.com/customer, then I would be logged in.

 

_____________

 

Here is the other idea.  Log into 3rdpartysite.com/login from customer login page on corporate site using curl, grab the sessionid, then redirect to the 3rdpartysite.com/customer?SESSIONID=$session....... except.. I do not know how to store the SESSIONID into $session.

     <?PHP
   
$headers = array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0. Gecko/20061025 Firefox/1.5.0.8");

$url="http://my3rdpartysite.com/login";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "username=demo&password=demo");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_MAXREDIRS, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
$store = curl_exec ($ch);
curl_close ($ch);
print_r($store);



?>
<script type="text/javascript">
<!--
window.location = "http://my3rdpartysite.com/customer?SESSIONID=<?PHP echo"$SESSION";?>"
//-->
</script>

 

Any ideas?

 

Link to comment
Share on other sites

Seemed intrigueing, here;

 

curl.php

<?php

session_start();
   
$headers = array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0. Gecko/20061025 Firefox/1.5.0.8");

$url="http://localhost/curl_remote.php";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=demo&password=demo");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
// curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_MAXREDIRS, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HEADER, 1);

$result = curl_exec($ch);
curl_close ($ch);

// get headers
preg_match("/(.*)<!--RESPONSE_BODY-->/si",$result,$matches);
$header_block = $matches[0];
$theaders = preg_split("/\n/",$header_block);
array_pop($theaders); // get rid of the two empty lines/not headers
array_pop($theaders);

// put the header content into an easily accessible array
$headers = array();
$cookies = array();

for($i=0;$i<count($theaders);$i++){
// Get rid of first one as it doesnt have a key-value pair
if($i == 0 && strpos($theaders[$i],":") === FALSE){
	echo("\n<br>count1!");
	$headers['Protocol'] = $theaders[$i];
	continue;
}

// move cookies to a different array
$key_val = preg_split("/\:/", $theaders[$i], 2);
if($key_val[0] == "Set-Cookie"){
	$cookie_params = explode(";", $key_val[1]);
	$cookie_key_val = explode("=", $cookie_params[0]);

	$cookies[trim($cookie_key_val[0])] = trim($cookie_key_val[1]);

	continue;
}
$headers[$key_val[0]] = $key_val[1];
}

// Get Body
$body = str_replace($header_block, "", $result);

// Get Cookies

// Set the cookie session
setcookie("PHPSESSID", $cookies['PHPSESSID'], time()+64000);
print_r($_COOKIE);

print_r($headers);
echo "\n\n<BR>";
print_r($cookies);
echo "\n\n<BR>";
print_r($body);


?>

 

curl_remote.php

<?php

session_start();
if(!isset($_SESSION['test'])){
$_SESSION['test'] = date("h:i:s");
}


echo("<!--RESPONSE_BODY-->");
echo $_SESSION['test'];

?>

 

hehe :P hope this helps.

(seemed to work for me)

Link to comment
Share on other sites

Thanks! It works, although I get header errors.

 

How can I store the SESSIONID in the variable $session ?

 

Example:

<script type="text/javascript">
<!--
window.location = "http://my3rdpartysite.com/customer?SESSIONID=<?PHP echo"$session";?>"
//-->
</script>

Link to comment
Share on other sites

Ok upon further investigation i cannot find a way to do this. (well, one idea but could be a major task).

 

a) You cannot set a cookie using another domain (you cant make cookies for other domains to use, cookies are tied to the domain they were made from).

b) You cannot spoof a domain/ip address (at least, via php setcookie).

c) You cannot pass PHPSESSID via a URL to another website, there are several reasons for this but it is all about security, eg, http_referer checks etc.

 

This is how far I got before I gave up...

 

curl.php

<?php

session_start();
   
$custom_headers = array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0. Gecko/20061025 Firefox/1.5.0.8");

$url="http://local/phpf/curl_remote.php";
$remote_domain = "local"; // No HTTP, no Slash /
$cookie_time = 30; // 60*60*24*30;
$cURL_post = "username=demo&password=demo";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $cURL_post);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $custom_headers);
curl_setopt($ch, CURLOPT_MAXREDIRS, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HEADER, 1);

$result = curl_exec($ch);
curl_close ($ch);

if($result === FALSE){
exit("cURL Fail.");
}

// get headers
preg_match("/(.*)<!--RESPONSE_BODY-->/si",$result,$matches);
if(count($matches) <= 0){
exit("Cannot Find a Match in Response for Header");
}

$header_block = $matches[0];
$theaders = preg_split("/\n/",$header_block);

array_pop($theaders); // get rid of the two empty lines/not headers
array_pop($theaders);

if($theaders <= 0){
exit("No Headers from cURL Response.");
}

// put the header content into an easily accessible array
$headers = array();
$cookies = array();

for($i=0;$i<count($theaders);$i++){

// Get rid of first one as it doesnt have a key-value pair
if($i == 0 && strpos($theaders[$i],":") === FALSE){
	$headers['Protocol'] = $theaders[$i];
	continue;
}

// move cookies to a different array
$key_val = preg_split("/\:/", $theaders[$i], 2);

if(count($key_val) <= 1){
	exit("Malformed Header Encountered. No Value or Key.");
}

if($key_val[0] == "Set-Cookie"){
	$cookie_params = explode(";", $key_val[1]);
	if(count($cookie_params) <= 1){
		exit("Malformed Cookie Data in Header. Not Enough Parameters.");
	}

	$cookie_key_val = explode("=", $cookie_params[0]);
	if(count($cookie_key_val) <= 1){
		exit("Malformed Cookie Parameters in Header. Missing Key or Value.");
	}

	$cookies[trim($cookie_key_val[0])] = trim($cookie_key_val[1]);

	continue;
}
$headers[$key_val[0]] = $key_val[1];
}

// Get Body
$body = str_replace($header_block, "", $result);
if($body === $result){
exit("Could Not Remove Header From Response. Unknown Error.");
}

$redirect_url = $url.'?PHPSESSID='.$cookies['PHPSESSID'];

// Print some debug information:
$debug = "<!--//
cURL Target: ".$url."
cURL Post Data: ".$cURL_post."
cURL Custom Header String: ".implode("\n\t\t",$custom_headers)."

cURL Header Response: ".str_replace("<!--RESPONSE_BODY-->",NULL,$header_block)."
cURL Cookie Values: ".implode("\n\t\t", $cookies)."

Header Redirect URL: ".$redirect_url."

//-->";

$fp = fopen("debug.txt", "a+");
fwrite($fp, $debug);
fclose($fp);

Header('location: '.$redirect_url);

echo($debug."\n\n Check Source Code (rightclick->view source), also check 'debug.txt', it will hold the debug info so you can view it after the header redirect.");
?>

 

NOTE:

The only other solution would be to make a sort of "cURL Browser", so that you would basically browse the remote website via cURL requests (never actually going to that site, only the PHP server will request stuff for you). This way you can make cookies persist and hopefully, subsequent cURL requests via a planted cookie in the request should let you hold your session :).

 

hope this helps :S

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.