使用php / curl登录具有csrf保护的网站
[英]using php/curl to login to a site with csrf protection
问题描述
I am trying to login to a site, with my own credentials (not trying to hijack a session), that uses csrf protection. 
我正在尝试使用自己的凭据(不是试图劫持会话)登录使用CSRF保护的站点。 I have some code written in python that scans the page, extracts the csrf string and sends it along with the username and password to be able to gain access to the restricted pages. 我用Python编写一些代码,扫描页面,提取CSRF串并用的用户名和密码,并将其发送一起能够获得对受限制的页面访问。 I have tried searching for something similar in php/curl but cannot find anything. 我尝试在php / curl中搜索类似内容,但找不到任何内容。
All the google searching so far has only led to me links on how to integrate csrf protection to your login page, but not how to login to a site that uses it. 到目前为止,所有的google搜索都仅导致我获得有关如何将csrf保护集成到您的登录页面的链接,而不是如何登录到使用它的网站的链接。
If someone could point me in the right direction or some basic code to get me started that would be wonderful! 如果有人可以指出正确的方向或一些基本的代码来帮助我入门,那就太好了!
1 个解决方案
解决方案1
0 2012-11-12 22:11:12
I dont think this is a very good question, as you dont show much of your research. 我认为这不是一个很好的问题,因为您没有展示很多研究成果。 But to get you going a sort of plan: 但是为了使您有一个计划:
- Get the page with the token (use curl and make sure to enable a cookiejar) 获取带有令牌的页面(使用curl并确保启用cookiejar)
- Extract the token (use explode or preg_?) 提取令牌(使用explode或preg_?)
- Post to the page with your credentials and the 'ripped' token with curl 使用您的凭据和带有curl的“翻录”令牌发布到页面
- done ? 完成了吗?
When your code is ready and does not work, post another question and we are willing to help with all love :-) 当您的代码准备就绪且无法使用时,请提出另一个问题,我们将竭诚为您服务:-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.