Jump to content

how to know when websites generate hidden variables


liber77

Recommended Posts

when I post to forms through php curl, there are some variables being sent that are not entered by the user when using a web browser. I am able to see which variables are being sent using livehttpheaders. Some variables are changing values dynamically, and it is not always possible to find the value of the hidden variables in the source code of the webpage. I want to find those values, so that I can post to specific websites.

 

I am usually able to find the hidden variables in the source code, but sometimes that's not possible.

 

hidden variables can look like e.g. sid=qt44ry2wr5y45ywhy55he5ty. You can find the previous value in livehttpheaders, but the value might change dynamically, so that next time you visit the page the variable is different.

Link to comment
Share on other sites

Hey, I have figured out the answer if anyone is interested. It is not always possible to find the variables by fetching them from the website source. Sometimes they are generated on the server side, or it might be done on the client side in a complicated way to make it difficult to reproduce. Sometimes complicated forms are encoded and sent through the headers.

 

One answer is to use selenium firefox plugin and reverse engineer the actions done by the browser. You can record the actions and then export as php, java, C/C++ or whatever. This doesn't actually have any limitations, and it can automate any action done by a web browser.

 

PHP curl does have it's limitations, and the variables sent through the headers might change every time, so they can't be used for future automation.

Link to comment
Share on other sites

You have to know which data will be variable, figure out how the data is calculated, and if it's random, use two cURL commands. Use the first one to grab any data that may be variable, and the second to send the variable data along with the data yoiu may want to post.

 

That's all the help I can give, considering it's probably there to circumvent automated posting.

 

cURL can be used to emulate most browser functionality, it just requires you to do all the background work your browser usually does for you.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.