I am trying to bypass the login page of a "Ubiquiti Networks- CPE" using the following php code. Although, my code saves the cookie info correctly, it's unable to login and I am redirected to the login page with an error message:
'Invalid Credentials'
Cookie Info from the actual page
Additional info from the actual login page
Request URL:https://192.168.179.75/login.cgi Request Method:POST Status Code:302 Found Remote Address:192.168.179.75:443 Response Headers view source Content-Type:text/html Date:Tue, 28 May 2013 18:58:05 GMT Location:/index.cgi Server:lighttpd/1.4.31 Set-cookie:show_security_warning=true Set-cookie:ui_language=en_US; expires=Tuesday, 19-Jan-38 03:14:07 GMT Transfer-Encoding:chunked Request Headers view source Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding:gzip, deflate, br Accept-Language:en-US,en;q=0.8,en-GB;q=0.6 Cache-Control:max-age=0 Connection:keep-alive Content-Length:332 Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryszePSjmcB2JJIDDa Cookie:last_check=1467001323935; AIROS_SESSIONID=8057f38405a60c6a17f05ef8d759bb42; ui_language=en_US Host:192.168.179.75 Origin:https://192.168.179.75 Referer:https://192.168.179.75/login.cgi Upgrade-Insecure-Requests:1 User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 Request Payload ------WebKitFormBoundaryszePSjmcB2JJIDDa Content-Disposition: form-data; name="uri" ------WebKitFormBoundaryszePSjmcB2JJIDDa Content-Disposition: form-data; name="username" ubnt ------WebKitFormBoundaryszePSjmcB2JJIDDa Content-Disposition: form-data; name="password" ubnt ------WebKitFormBoundaryszePSjmcB2JJIDDa-
PHP CODE:
<?php
define('USERNAME', 'ubnt');
define('PASSWORD', 'ubnt');
define('USER_AGENT', 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36');
$cookie_file_path = str_replace('\\','/', getcwd().'/cookies');
define('COOKIE_FILE', $cookie_file_path);
define('LOGIN_FORM_URL', 'https://192.168.179.75/login.cgi');
define('REQUESTED_URL', 'https://192.168.179.75/status.cgi');
define('LOGIN_ACTION_URL', 'https://192.168.179.75/login.cgi');
$postValues = array(
'username' => USERNAME,
'password' => PASSWORD,
);
$curl = curl_init(LOGIN_FORM_URL);
curl_setopt($curl, CURLOPT_URL, LOGIN_ACTION_URL);
//curl_setopt($curl, CURLOPT_HEADER, 1);
//curl_setopt($curl, CURLOPT_COOKIE, $cookies);
//curl_setopt($curl,CURLOPT_COOKIESESSION,'AIROS_SESSIONID=ae60748359be4bd0468f51a346f4f3b9; last_check=1467001323935; show_security_warning=true; ui_language=en_US');
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
curl_setopt($curl, CURLOPT_COOKIEFILE, COOKIE_FILE);
curl_setopt($curl, CURLOPT_POST, true);
//curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");
//Set our post fields / date (from the array above).
//curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postValues));
curl_setopt($curl, CURLOPT_POSTFIELDS,$postValues);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
//curl_setopt($curl, CURLOPT_HTTPHEADER, array('REMOTE_ADDR: 192.168.179.75','Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6'));
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Host: 192.168.179.75','Expect: ','Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6'));
curl_setopt($curl, CURLOPT_REFERER, LOGIN_FORM_URL);
$result = curl_exec($curl);
if(curl_errno($curl)){
throw new Exception(curl_error($curl));
}
//curl_setopt($curl, CURLOPT_URL, 'https://192.168.179.75/status.cgi');
//
//curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
//curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
//curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
//$result = curl_exec($curl);
//echo $result;
print_r($result);
curl_close($curl);
?>
Setting a forced boundary like boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6
is not going to work. curl generates its own boundary that it'll use. If you set that custom one, the POST will end up badly formatted. Remove the entire custom Content-Type:
header as curl will do that itself. You also don't need to set the Host:
header like that, curl extracts the necessary host from the URL you use.
It is possible or even likely that the login page sets cookies that you need to have at the time the login POST is made. That's a common practice. To make that work, you first need to GET the login page and store the cookies and then use them in the subsequent login POST.
You want to let curl follow the redirect that the login post most likely sends you to. Set CURLOPT_FOLLOWLOCATION
to true.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.