用php curl登录instagram

Question

I want to login this page with php: But I get error when I try to login with php.

When I try to login below code is always changing. So I cannot login.

The code is:

 <input type="hidden" name="csrfmiddlewaretoken" value="728a44ea6f15dee51406b0c82be3a03b"/>

Thanks for advance help

Answer 1

Obviously Instagram is protected against cross-site request forgery. You can read all about this attack here .

Actually the Instagram guys do not want you to submit the login form without showing it first. That is what csrfmiddlewaretoken is for: They give it to you (random value) when the form is displayed and when you submit it, they check whether you returned the one they gave you. See the OWASP cross-site request forgery prevention cheat sheet .

So basically what you have to do is request the login form, get the token from it and then log in in a second request and include that token in it.

(Maybe they do some double checking there; in this case you'll have to send the token twice: both in your post data and as a cookie.)

Answer 2

You must open the page with the form and read the value of "csrfmiddlewaretoken" into a var (with a regex for example).

You also have to store the session cookie (curl has a method for storing cookies in a container file, or you can do it yourself by parsing the answer headers and storing the cookie value to set it in you request header for later requests).

Then you can set the "csrfmiddlewaretoken" in your login request (which needs to send the session cookie).