Jump to content

login using curl


jakebur01

Recommended Posts

A 3rd party hosts our online ordering site that is integrated with our inventory software program.  I have a customer login page on our "Corporate Site" and I am wanting to login to our "online ordering site" directly from this page.

 

First I tried:

    <p class="main_body"><form action="http://mysite.com/login javascript:window.location=http://my3rdparysite.com/login" method="post" id="contactform"><table><tr><td><input name="username" type="hidden" value="demo" /></td></tr><tr><td><input name="password" type="hidden" value="demo" /></td></tr><tr><td> </td><td><input name="Submit" type="submit" value="Sign in to Demo account" /></td></tr></table></form></p>

 

This takes me to http://my3rdpartysite.com/login. The text on the page displays {"success":true,"route":"\/myname\/customer\/"} .  So when I change the url in the browser from http://my3rdpartysite.com/login to http://my3rdpartysite.com/customer, I am logged in.

 

So, then I researched to see if there is a way to inject javascript in the form or url so when it reaches 3rdpartysite.com/login, it would automatically redirect to 3rdpartysite.com/customer, then I would be logged in.

 

_____________

 

Here is the other idea.  Log into 3rdpartysite.com/login from customer login page on corporate site using curl, grab the sessionid, then redirect to the 3rdpartysite.com/customer?SESSIONID=$session....... except.. I do not know how to store the SESSIONID into $session.

     <?PHP
   
$headers = array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0. Gecko/20061025 Firefox/1.5.0.8");

$url="http://my3rdpartysite.com/login";
$ch = curl_init();
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "username=demo&password=demo");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_MAXREDIRS, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
$store = curl_exec ($ch);
curl_close ($ch);
print_r($store);



?>
<script type="text/javascript">
<!--
window.location = "http://my3rdpartysite.com/customer?SESSIONID=<?PHP echo"$SESSION";?>"
//-->
</script>

 

Any ideas?

 

Link to comment
Share on other sites

Seemed intrigueing, here;

 

curl.php

<?php

session_start();
   
$headers = array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0. Gecko/20061025 Firefox/1.5.0.8");

$url="http://localhost/curl_remote.php";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=demo&password=demo");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
// curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_MAXREDIRS, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HEADER, 1);

$result = curl_exec($ch);
curl_close ($ch);

// get headers
preg_match("/(.*)<!--RESPONSE_BODY-->/si",$result,$matches);
$header_block = $matches[0];
$theaders = preg_split("/\n/",$header_block);
array_pop($theaders); // get rid of the two empty lines/not headers
array_pop($theaders);

// put the header content into an easily accessible array
$headers = array();
$cookies = array();

for($i=0;$i<count($theaders);$i++){
// Get rid of first one as it doesnt have a key-value pair
if($i == 0 && strpos($theaders[$i],":") === FALSE){
	echo("\n<br>count1!");
	$headers['Protocol'] = $theaders[$i];
	continue;
}

// move cookies to a different array
$key_val = preg_split("/\:/", $theaders[$i], 2);
if($key_val[0] == "Set-Cookie"){
	$cookie_params = explode(";", $key_val[1]);
	$cookie_key_val = explode("=", $cookie_params[0]);

	$cookies[trim($cookie_key_val[0])] = trim($cookie_key_val[1]);

	continue;
}
$headers[$key_val[0]] = $key_val[1];
}

// Get Body
$body = str_replace($header_block, "", $result);

// Get Cookies

// Set the cookie session
setcookie("PHPSESSID", $cookies['PHPSESSID'], time()+64000);
print_r($_COOKIE);

print_r($headers);
echo "\n\n<BR>";
print_r($cookies);
echo "\n\n<BR>";
print_r($body);


?>

 

curl_remote.php

<?php

session_start();
if(!isset($_SESSION['test'])){
$_SESSION['test'] = date("h:i:s");
}


echo("<!--RESPONSE_BODY-->");
echo $_SESSION['test'];

?>

 

hehe :P hope this helps.

(seemed to work for me)

Link to comment
Share on other sites

Ok upon further investigation i cannot find a way to do this. (well, one idea but could be a major task).

 

a) You cannot set a cookie using another domain (you cant make cookies for other domains to use, cookies are tied to the domain they were made from).

b) You cannot spoof a domain/ip address (at least, via php setcookie).

c) You cannot pass PHPSESSID via a URL to another website, there are several reasons for this but it is all about security, eg, http_referer checks etc.

 

This is how far I got before I gave up...

 

curl.php

<?php

session_start();
   
$custom_headers = array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0. Gecko/20061025 Firefox/1.5.0.8");

$url="http://local/phpf/curl_remote.php";
$remote_domain = "local"; // No HTTP, no Slash /
$cookie_time = 30; // 60*60*24*30;
$cURL_post = "username=demo&password=demo";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $cURL_post);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $custom_headers);
curl_setopt($ch, CURLOPT_MAXREDIRS, 4);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_HEADER, 1);

$result = curl_exec($ch);
curl_close ($ch);

if($result === FALSE){
exit("cURL Fail.");
}

// get headers
preg_match("/(.*)<!--RESPONSE_BODY-->/si",$result,$matches);
if(count($matches) <= 0){
exit("Cannot Find a Match in Response for Header");
}

$header_block = $matches[0];
$theaders = preg_split("/\n/",$header_block);

array_pop($theaders); // get rid of the two empty lines/not headers
array_pop($theaders);

if($theaders <= 0){
exit("No Headers from cURL Response.");
}

// put the header content into an easily accessible array
$headers = array();
$cookies = array();

for($i=0;$i<count($theaders);$i++){

// Get rid of first one as it doesnt have a key-value pair
if($i == 0 && strpos($theaders[$i],":") === FALSE){
	$headers['Protocol'] = $theaders[$i];
	continue;
}

// move cookies to a different array
$key_val = preg_split("/\:/", $theaders[$i], 2);

if(count($key_val) <= 1){
	exit("Malformed Header Encountered. No Value or Key.");
}

if($key_val[0] == "Set-Cookie"){
	$cookie_params = explode(";", $key_val[1]);
	if(count($cookie_params) <= 1){
		exit("Malformed Cookie Data in Header. Not Enough Parameters.");
	}

	$cookie_key_val = explode("=", $cookie_params[0]);
	if(count($cookie_key_val) <= 1){
		exit("Malformed Cookie Parameters in Header. Missing Key or Value.");
	}

	$cookies[trim($cookie_key_val[0])] = trim($cookie_key_val[1]);

	continue;
}
$headers[$key_val[0]] = $key_val[1];
}

// Get Body
$body = str_replace($header_block, "", $result);
if($body === $result){
exit("Could Not Remove Header From Response. Unknown Error.");
}

$redirect_url = $url.'?PHPSESSID='.$cookies['PHPSESSID'];

// Print some debug information:
$debug = "<!--//
cURL Target: ".$url."
cURL Post Data: ".$cURL_post."
cURL Custom Header String: ".implode("\n\t\t",$custom_headers)."

cURL Header Response: ".str_replace("<!--RESPONSE_BODY-->",NULL,$header_block)."
cURL Cookie Values: ".implode("\n\t\t", $cookies)."

Header Redirect URL: ".$redirect_url."

//-->";

$fp = fopen("debug.txt", "a+");
fwrite($fp, $debug);
fclose($fp);

Header('location: '.$redirect_url);

echo($debug."\n\n Check Source Code (rightclick->view source), also check 'debug.txt', it will hold the debug info so you can view it after the header redirect.");
?>

 

NOTE:

The only other solution would be to make a sort of "cURL Browser", so that you would basically browse the remote website via cURL requests (never actually going to that site, only the PHP server will request stuff for you). This way you can make cookies persist and hopefully, subsequent cURL requests via a planted cookie in the request should let you hold your session :).

 

hope this helps :S

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.