php curl带有csrf-token验证模拟提交方法

通常为了安全会在表单里加入一个随机的token值来防止csrf攻击。 
要想模拟提交有token验证的网站其实也不难。

1.通过正则获取token 
2.带上获取到的token模拟提交

下面是一个成功的例子 
目录结构

│ form.php –需要模拟的表单 
│ getForm.php – 模拟提交程序 
│ post.php –表单验证程序 
│ 
└─cookie – cookie存放目录

getForm.php

<?php
$cookie_file = './cookie/'.time().'.cookie';
$str = getResponse('http://a.curl.com:81/form.php',[],$cookie_file);
setcookie("PHPSESSID", "vc0heoa6lfsi3gger54pkns152");
preg_match('/<input name="token" type="hidden" value="(.*)"/U', $str, $match);

$post['token'] = $match[1];
$post['name'] = '3333333';
$post['password'] = '12121213';
print_r(getResponse('http://a.curl.com:81/post.php', $post, $cookie_file));

function getResponse($url, $data=[],  $cookie_file='', $timeout = 3)
    {
        if(empty($cookie_file))
        {
            $cookie_file = '.cookie';
        }

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_REFERER, "https://www.baidu.com");   //构造来路
       curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36");

        if(!empty($data))
        {
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
        }
        curl_setopt($ch,  CURLOPT_COOKIEJAR, $cookie_file);// 取cookie的参数是
        curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie_file); //发送cookie
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
        try
        {
             $handles = curl_exec($ch);
              curl_close($ch);
              return $handles;
        }
        catch (Exception $e)
        {
            echo 'Caught exception: ',  $e->getMessage(), "\n";
        }
        unlink($cookie_file);
    }


 
 
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46

form.php

<?php
session_start();
$_SESSION['token'] = md5($_SERVER['REQUEST_TIME']);
$_SESSION['time'] = date("Y-m-d H:i:s");
session_write_close();
//echo $_SESSION['auth'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <title> new document </title>
  <meta name="generator" content="editplus" />
  <meta name="author" content="" />
  <meta name="keywords" content="" />
  <meta name="description" content="" />
 </head>
 <body>
<form action="post.php"  method="post">
    <p><input name="name" type="text"></p>
    <p><input name="password" type="password"></p>
    <p><input name="token" type="hidden" value="<?php echo $_SESSION['token']?>"></p>
    <p><input type="submit"></p>
</form>
 </body>
</html>
 
 
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25

post.php

<?php
session_start();
if(empty($_POST['token']))
{
    exit ("token is empty!");
}

if(empty($_SESSION['token']))
{
 exit ("session is empty");
}

if($_POST['token'] != $_SESSION['token'])
{
    exit ("token ");
} else
{
    unset($_SESSION['token']);
}

echo PHP_EOL;
echo "pass";
print_r($_REQUEST);

echo PHP_EOL;
print_r($_SERVER);
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值