PHP CURL到ASPX页面

Question

所以我一直在努力使它正常工作，但是在过去的3个小时中，我仍然获得的只是登录页面。

首先，我浏览了页面的源代码并获得了所有输入，并在下面列出：

__EVENTTARGET

__EVENTARGUMENT

__VIEWSTATE

__EVENTVALIDATION

__VIEWSTATEGENERATOR

编辑令牌

sUserName

密码

sParentUID

hidIE11BugFix

编码：

<?php
//Login url, if i hit the page without logging in it will ask for username, password, and key then then will go to the page i an looking for.
$url = "https://domain.com/7000/7000.aspx?filtertype=2";
$ckfile = tempnam("/tmp", "CURLCOOKIE");
$useragent = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2';

$username = "username";
$password = "password";
$key = "key";

$f = fopen('/tmp/log.txt', 'w'); // file to write request header for debug purpose

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);

//I have tried to toggle these but does not make a difference
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

$html = curl_exec($ch);

curl_close($ch);

preg_match('~<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="(.*?)" />~', $html, $viewstate);
preg_match('~<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="(.*?)" />~', $html, $eventValidation);
preg_match('~<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="(.*?)" />~', $html, $viewstategenerator);
preg_match('~<input type=\'hidden\' name=\'EditToken\' id=\'EditToken\' value =\'(.*?)\'/>~', $html, $edittoken);

$viewstate = $viewstate[1];
$eventValidation = $eventValidation[1];
$viewstategenerator = $viewstategenerator[1];
$edittoken = $edittoken[1];

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $f);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);

// Collecting all POST fields
$postfields = array();
$postfields['__EVENTTARGET'] = "";
$postfields['__EVENTARGUMENT'] = "";
$postfields['__VIEWSTATE'] = $viewstate;
$postfields['__EVENTVALIDATION'] = $eventValidation;
$postfields['__VIEWSTATEGENERATOR'] = $viewstategenerator;
$postfields['EditToken'] = $edittoken;
$postfields['sUserName'] = $username;
$postfields['sPassword'] = $password;
$postfields['sParentUID'] = $key;
$postfields['hidIE11BugFix'] = "";

curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch); // Get result after login page.

print $ret;
?>

日志文件：我是刚接触谷歌搜索响应代码的新手，我看到几个项目可能是危险信号，但我不确定。

* About to connect() to domain.com port 443 (#0)
*   Trying 123.123.123.123... * connected
* Connected to domain.com (1123.123.123.123) port 443 (#0)
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
*       subject: CN=domain.com,OU=COMODO SSL,OU=Issued through Domain Neme E-PKI Manager,OU=Domain Control Validated
*       start date: Dec 10 00:00:00 2015 GMT
*       expire date: Jan 21 23:59:59 2018 GMT
*       common name: domain.com
*       issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> POST /7000/7000.aspx?filtertype=2 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2
Host: domain.com
Accept: */*
Referer: https://domain.com/7000/7000.aspx?filtertype=2
Cookie: ASP.NET_SessionId=1j4tzm4gp15myudy4hgtc3ua; GRI%5FLOGIN=NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2
Content-Length: 5658
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------4e03c9b32001

< HTTP/1.1 100 Continue
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Location: /Login_Entry.aspx
< X-dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< X-dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
* Replaced cookie GRI%5FLOGIN="NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2" for domain domain.com, path /, expire 0
< Set-Cookie: GRI%5FLOGIN=NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2; path=/
* Replaced cookie ASP.NET_SessionId="" for domain domain.com, path /, expire 0
< Set-Cookie: ASP.NET_SessionId=; path=/
< X-dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< X-U2: ATLVP1WEB02
< X-FRAME-OPTIONS: SAMEORIGIN
< Date: Sat, 25 Jun 2016 01:09:24 GMT
< Content-Length: 134
< 
* Ignoring the response-body
* Connection #0 to host domain.com left intact
* Issue another request to this URL: 'https://domain.com/Login_Entry.aspx'
* Violate RFC 2616/10.3.3 and switch from POST to GET
* Re-using existing connection! (#0) with host domain.com
* Connected to domain.com (165.193.56.22) port 443 (#0)
> GET /Login_Entry.aspx HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2
Host: domain.com
Accept: */*
Referer: https://domain.com/7000/7000.aspx?filtertype=2
Cookie: ASP.NET_SessionId=; GRI%5FLOGIN=NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2

< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Expires: -1
< X-dynaTrace: PT=19807;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< dynaTrace: PT=19807;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
* Replaced cookie ASP.NET_SessionId="hzfobhtjmshwj2w45yiyappm" for domain domain.com, path /, expire 0
< Set-Cookie: ASP.NET_SessionId=hzfobhtjmshwj2w45yiyappm; path=/; HttpOnly
< X-U2: ATLVP1WEB02
< X-FRAME-OPTIONS: SAMEORIGIN
< Date: Sat, 25 Jun 2016 01:09:24 GMT
< Content-Length: 23876
< Vary: Accept-Encoding
< 
* Connection #0 to host domain.com left intact
* Closing connection #0

Cookie：我不太确定是否重要，但是是否有帮助。

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

domain.com     FALSE   /       FALSE   0       GRI%5FLOGIN     NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2
#HttpOnly_domain.com   FALSE   /       FALSE   0       ASP.NET_SessionId       hzfobhtjmshwj2w45yiyappm

Answer 1

好吧，我想通了，

登录页面为：

https://domain.com/login_entry.aspx

查看源代码，该行：

<form method="POST" action="login_confirm.ashx" id="form1">

https://domain.com/login_confirm.ashx

我变了：

$url = "https://domain.com/7000/7000.aspx?filtertype=2";

至：

$url = "https://domain.com/login_confirm.ashx";

现在，我看到了我想要的。

我不确定这是否应该显而易见。