HTTP Header POST Request with Curl

Question

I grabbed the following Post request with Fiddler, i only masked the URL because i dont want to make an advertisement

POST http://xyz.com/dialogs/track HTTP/1.1
Host: www.xyz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: de
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/json; charset=utf-8
X-CSRFToken: uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU
X-Requested-With: XMLHttpRequest
Referer: http://www.xyz.com/referer/
Content-Length: 2
Cookie: csrftoken=uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

{}

I need a Tutorial (Link would be usefull) to "fake" this Request with Curl, i found some stuff on Google but nothing is working an i receive errors.

-EDIT-

$headers = array(
'POST http://www.example.com/dialogs/track HTTP/1.1',
'Host: www.example.com',
'User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0',
'Accept: application/json, text/javascript, */*; q=0.01',
'Accept-Language: de',
'Accept-Encoding: gzip, deflate',
'DNT: 1',
'Content-Type: application/json; charset=utf-8',
'X-CSRFToken: uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU',
'X-Requested-With: XMLHttpRequest',
'Referer: http://www.example.com',
'Content-Length: 2',
'Cookie: __cfduid=d0db16cb5c4c58db770a1374f09a61d7d1375100590810; csrftoken=uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU; __utma=1.2111538523.1375265099.1375427020.1375431064.5; __utmz=1.1375348556.2.2.utmcsr=example.de|utmccn=(referral)|utmcmd=referral|utmcct=/game/index.php; __gads=ID=88f0a0a8b0698e1e:T=1375265099:S=ALNI_MYX8OxkwPxXQd7VY4qDImLK7fq_yQ; __utmb=1.4.9.1375431089319; __utmc=1',
'Connection: keep-alive',
'Pragma: no-cache',
'Cache-Control: no-cache',
'',
'{}'
);



//set POST variables
$url = 'http://www.example.com/dialogs/track';

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_HTTPHEADER, $headers);


//execute post
$result = curl_exec($ch);

//close connection
if (curl_error($ch)) {
print "Error: " . curl_error($ch);
}
else
{
var_dump($data);
curl_close($ch);
}

Error Message

Error: Recv failure: Connection reset by peer

-EDIT 2-

I played a little bit around and now the connection is working, but it seems that the CSRF Token is not submittet correctly i recieve an error!

Forbidden (403)

CSRF verification failed. Request aborted.

Is their a solution?

Answer 1

Your missing :

curl_setopt($ch, CURLOPT_POST, true);

I think your issue is not with Curl but with how CSRF verification works.

Lets say a request is made to a server the server sets a session (basically a string in a cookie that identifies you to data on the server). You then post that data back to the server, where it compares the CSRF token with the SESSION token linked to the COOKIE you also sent back.

There is only one possible session cookie in you request - csrftoken (the others belonging to google and cloudflare).

That would mean that the CSRF Token and the Session Identifier ( csrftoken value) are exactly the same ie uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU , which is not how CSRF verification works.

You would need to get the session cookie and CSRF token when the GET response is returned and send them both back, one as a COOKIE value, the other as POST value (possibly 2 header values, but 2 different values) when you make your POST request.