I grabbed the following Post request with Fiddler, i only masked the URL because i dont want to make an advertisement
POST http://xyz.com/dialogs/track HTTP/1.1
Host: www.xyz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: de
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/json; charset=utf-8
X-CSRFToken: uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU
X-Requested-With: XMLHttpRequest
Referer: http://www.xyz.com/referer/
Content-Length: 2
Cookie: csrftoken=uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{}
I need a Tutorial (Link would be usefull) to "fake" this Request with Curl, i found some stuff on Google but nothing is working an i receive errors.
-EDIT-
$headers = array(
'POST http://www.example.com/dialogs/track HTTP/1.1',
'Host: www.example.com',
'User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0',
'Accept: application/json, text/javascript, */*; q=0.01',
'Accept-Language: de',
'Accept-Encoding: gzip, deflate',
'DNT: 1',
'Content-Type: application/json; charset=utf-8',
'X-CSRFToken: uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU',
'X-Requested-With: XMLHttpRequest',
'Referer: http://www.example.com',
'Content-Length: 2',
'Cookie: __cfduid=d0db16cb5c4c58db770a1374f09a61d7d1375100590810; csrftoken=uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU; __utma=1.2111538523.1375265099.1375427020.1375431064.5; __utmz=1.1375348556.2.2.utmcsr=example.de|utmccn=(referral)|utmcmd=referral|utmcct=/game/index.php; __gads=ID=88f0a0a8b0698e1e:T=1375265099:S=ALNI_MYX8OxkwPxXQd7VY4qDImLK7fq_yQ; __utmb=1.4.9.1375431089319; __utmc=1',
'Connection: keep-alive',
'Pragma: no-cache',
'Cache-Control: no-cache',
'',
'{}'
);
//set POST variables
$url = 'http://www.example.com/dialogs/track';
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_HTTPHEADER, $headers);
//execute post
$result = curl_exec($ch);
//close connection
if (curl_error($ch)) {
print "Error: " . curl_error($ch);
}
else
{
var_dump($data);
curl_close($ch);
}
Error Message
Error: Recv failure: Connection reset by peer
-EDIT 2-
I played a little bit around and now the connection is working, but it seems that the CSRF Token is not submittet correctly i recieve an error!
Forbidden (403)
CSRF verification failed. Request aborted.
Is their a solution?
Your missing :
curl_setopt($ch, CURLOPT_POST, true);
I think your issue is not with Curl
but with how CSRF
verification works.
Lets say a request is made to a server the server sets a session (basically a string in a cookie that identifies you to data on the server). You then post that data back to the server, where it compares the CSRF
token with the SESSION
token linked to the COOKIE
you also sent back.
There is only one possible session cookie in you request - csrftoken
(the others belonging to google and cloudflare).
That would mean that the CSRF Token and the Session Identifier ( csrftoken
value) are exactly the same ie uuihXszJrkrXwnCkLKKDNQ8BrPRDqXvU
, which is not how CSRF verification works.
You would need to get the session cookie and CSRF token when the GET
response is returned and send them both back, one as a COOKIE
value, the other as POST
value (possibly 2 header values, but 2 different values) when you make your POST
request.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.