Aziz Ozbek
WordPress Expert from Zürich
submit post with php curl

PHP cURL Submit Form Post (Session Hijacking)

byAziz Ozbek
December 9, 2017
2 minute read
Total
0
Shares
0
0
0

In this Article we are gonna see, how to get content of target Website with submitting the Form post using Php cURL. Normally it’s easy to get content of the Website, but if the target has a CSRF (Cross site request forgery) Defender or something to equals the active Session ID with Visitors session, then you can not log in.

In this Case we use the Session Hijacking trick to deceive the target Website. First lets see what is Cross site request Forgery and how its works ?

What is Cross Site Request Forgery, csrf

What is Cross Site Request Forgery?

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. See more…

What is Session Hijacking?

During Session Hijacking, a valid session is hijacked by an attacker. After a successful abduction, the attacker can in the worst case take over the identity of the user and use the application in his name.

See more

Session_Hijacking_php curl
Session Hijacking

Explaining the Codes

  1. Fist of all if you don’t know, how to find Form Fields in a Website,  just change the action="" in target website. Set the action target to your website and with following code you can see the all POST data from the target site.
    if($_GET){foreach ($_POST as $key => $value) echo htmlspecialchars($key)." = ".htmlspecialchars($value)."n";}
form action redirect to localhost

  1. Now you got the Post Fields. See how they have written the name="" of the Fields. Usually they are “username” and “password” that is why i wrote it in my code so. You can change it, if they are different in your target site. Just change the array parameters in line 11.
    $postValues = array(
    	    'username' => $name,
    	    'password' => $pass
    	);
  2. Than look if action="" goes to another page, in most case its goes to same page, but if it is different in your target site, write it in the $LOGIN_ACTION_URL = "" Else let the $LOGIN_ACTION_URL = $loginForm and $LOGIN_FORM_URL = $loginForm same.
  3. Now you can create a file, which keeps the Session Infos. I didn’t code it, cause if you use it in Linux without admin permission its can’t be created automatically. But if you wanna create it automatically, you can use following code instead of $COOKIE_FILE = 'cookie.txt';
    if(!file_exists("cookie.txt")){
     	$COOKIE_FILE = 'cookie.txt';
     }else{
    	$COOKIE_FILE = fopen("cookie.txt", "w");
    }
  4. Now we have everything in our function. (For the other codes i wrote explanation next to codes).
    $username = ""; // your username
    $password = ""; // your password
    $formPage = ""; // login form page 
    $indexseite = ""; //after login which page do we wanna go 
    $get = get_curl($username, $password, $formPage, $indexseite);$formPage this page where Login Form is.
    $indexseite This is which page you wanna see after successfully login.
Rating: 5.0/5. From 6 votes.
Please wait...
December 9, 2017
Total
0
Shares
Share 0
Tweet 0
Pin it 0

2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *