CSRF验证失败。 使用CURL时(divar)
[英]CSRF Verification Failed. When Using CURL (divar)
问题描述
i'm trying to get content of divar.com by curl but error "CSRF verification failed. Request aborted." 
我试图通过curl获取divar.com的内容,但出现错误“ CSRF验证失败。请求中止。”
browser request 浏览器要求
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:107
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:did=MEcBYcwueB4uxA; submitButtonColor=green-colored; _ga=GA1.2.835389468.1497328087; _gat=1; csrftoken=9By33xqnFS5JH5qRHuDVyZg7ZU7M1b4Z; sessionid=q7sm28egcbdpuxrchfxgs01bqg6j1pfw
Host:divar.ir
Origin:https://divar.ir
Referer:https://divar.ir//guard/captcha_simple/?token=helper.py:wrapper_func
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
X-Requested-With:XMLHttpRequest
form Data 表格数据
captcha_input:649
guard_token:helper.py:wrapper_func
csrfmiddlewaretoken:9By33xqnFS5JH5qRHuDVyZg7ZU7M1b4Z
php Code PHP代码
function getWebPageSsl( $url,$param=NULL )
{
$headers[] = 'Accept:application/json, text/javascript, */*; q=0.01';
$headers[] = 'Accept-Encoding:gzip, deflate, br';
$headers[] = 'Accept-Language:en-US,en;q=0.8';
$headers[] = 'Connection:Keep-Alive';
$headers[] = 'Content-Type:application/x-www-form-urlencoded; charset=UTF-8';
$headers[] = 'Origin:https://divar.ir';
$headers[] = 'X-Requested-With:XMLHttpRequest';
$useragent = 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5';
$options = array(
CURLOPT_HTTPHEADER => $headers,
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_POST => ($param)?true:false,
CURLOPT_ENCODING => "", // handle all encodings
CURLOPT_USERAGENT => $useragent, // who am i
CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
CURLOPT_TIMEOUT => 120, // timeout on response
CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
CURLOPT_SSL_VERIFYPEER => true, // Disabled SSL Cert checks
CURLOPT_SSL_VERIFYHOST => 1,
CURLOPT_COOKIEJAR => __DIR__.DIRECTORY_SEPARATOR.'cookies.txt',
CURLOPT_COOKIEFILE => __DIR__.DIRECTORY_SEPARATOR.'cookies.txt',
CURLOPT_CAINFO =>__DIR__.DIRECTORY_SEPARATOR.'CertumTrustedNetworkCA.crt',
CURLOPT_REFERER => 'http://www.google.com'
);
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt_array( $ch, $options );
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
if($param){
curl_setopt($ch,CURLOPT_POST, strlen(json_encode($param)));
curl_setopt($ch,CURLOPT_POSTFIELDS, json_encode($param));
}
$content = curl_exec( $ch );
$last = curl_getinfo($ch);
curl_close( $ch );
return $content;
}
response curl_getinfo 响应curl_getinfo
array(27) {
["url"]=>
string(38) "https://divar.ir/guard/captcha_simple/"
["content_type"]=>
string(9) "text/html"
["http_code"]=>
int(403)
["header_size"]=>
int(288)
["request_size"]=>
int(833)
["filetime"]=>
int(-1)
["ssl_verify_result"]=>
int(0)
["redirect_count"]=>
int(0)
["total_time"]=>
float(0.265)
["namelookup_time"]=>
float(0)
["connect_time"]=>
float(0.046)
["pretransfer_time"]=>
float(0.171)
["size_upload"]=>
float(107)
["size_download"]=>
float(545)
["speed_download"]=>
float(2056)
["speed_upload"]=>
float(403)
["download_content_length"]=>
float(-1)
["upload_content_length"]=>
float(107)
["starttransfer_time"]=>
float(0.265)
["redirect_time"]=>
float(0)
["redirect_url"]=>
string(0) ""
["primary_ip"]=>
string(14) "79.175.191.253"
["certinfo"]=>
array(0) {
}
["primary_port"]=>
int(443)
["local_ip"]=>
string(11) "192.168.1.5"
["local_port"]=>
int(56034)
["request_header"]=>
string(726) "POST /guard/captcha_simple/ HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5
Host: divar.ir
Referer: http://www.google.com
Cookie: _ga=GA1.2.835389468.1497328087; _gat=1; csrftoken=N9CiDEDm1hPrbfrHBdAHDGGvloc1hyMC; did=ee2WWcXnUvswNA; sessionid=qe5zgp8mwh44pgc6tt0vnf06kvj08f71; submitButtonColor=green-colored
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Connection:Keep-Alive
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:https://divar.ir
X-Requested-With:XMLHttpRequest
Content-Length: 107
"
}
but I get this error: 但是我得到这个错误:
Forbidden (403) 禁止的(403)
CSRF verification failed. CSRF验证失败。 Request aborted. 请求中止。
2 个解决方案
解决方案1
0 2017-06-13 06:38:57
add this to the constructor 将此添加到构造函数
$this->middleware('auth')->except('getWebPageSsl');
By this the middleware will not try to authenticate you by csrf token. 这样,中间件将不会尝试通过csrf令牌对您进行身份验证。 getWebPageSsl is the php function name. getWebPageSsl是php函数的名称。
解决方案2
0 2017-06-13 09:32:59
看,令牌没错,没问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
CSRF验证失败。 使用cURL时 - CSRF verification failed. when using cURL
Laravel 命令 CSRF 验证失败 - Laravel Commands CSRF verification failed
我不断收到“主机密钥验证失败”的信息。 在Mac OS X上从PHP调用`ssh`时 - I keep getting 'Host key verification failed.' when calling `ssh` from PHP on Mac OS X
curl服务器证书验证失败 - curl server certificate verification failed
curl +“验证视图状态MAC失败。” - curl + “Validation of viewstate MAC failed.”
CurlException:[curl] 51:SSL:证书验证失败 - CurlException: [curl] 51: SSL: certificate verification failed
使用php / curl登录具有csrf保护的网站 - using php/curl to login to a site with csrf protection
在cURL中使用被盗的cookie来绕过CSRF - Using stolen cookie in cURL to bypass CSRF
进行CURL发布请求时CakePHP中的CSRF令牌 - CSRF Token in CakePHP when doing a CURL Post request
贝宝(PayPal)退货验证在WordPress上使用BreezingForms失败 - PayPal Return Verification failed using BreezingForms on WordPress
相关标签