Aziz Ozbek in cURL, PHP
PHP cURL Submit Form Post (Session Hijacking)
Table of Contens
In this Article we are gonna see, how to get content of target Website with submitting the Form post using Php cURL. Normally it’s easy to get content of the Website, but if the target has a CSRF (Cross site request forgery) Defender or something to equals the active Session ID with Visitors session, then you can not log in.
In this Case we use the Session Hijacking trick to deceive the target Website. First lets see what is Cross site request Forgery and how its works ?
What is Cross Site Request Forgery?
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. See more...
What is Session Hijacking?
During Session Hijacking, a valid session is hijacked by an attacker. After a successful abduction, the attacker can in the worst case take over the identity of the user and use the application in his name.
Explaining the Codes
- Fist of all if you don’t know, how to find Form Fields in a Website, just change the
action=""in target website. Set the action target to your website and with following code you can see the all POST data from the target site.if($_GET){foreach ($_POST as $key => $value) echo htmlspecialchars($key)." = ".htmlspecialchars($value)."\n";}
- Now you got the Post Fields. See how they have written the
name=""of the Fields. Usually they are “username” and “password” that is why i wrote it in my code so. You can change it, if they are different in your target site. Just change the array parameters in line 11.$postValues = array( 'username' => $name, 'password' => $pass );
- Than look if
action=""goes to another page, in most case its goes to same page, but if it is different in your target site, write it in the$LOGIN_ACTION_URL = ""Else let the$LOGIN_ACTION_URL = $loginFormand$LOGIN_FORM_URL = $loginFormsame. - Now you can create a file, which keeps the Session Infos. I didn’t code it, cause if you use it in Linux without admin permission its can’t be created automatically. But if you wanna create it automatically, you can use following code instead of
$COOKIE_FILE = 'cookie.txt';if(!file_exists("cookie.txt")){ $COOKIE_FILE = 'cookie.txt'; }else{ $COOKIE_FILE = fopen("cookie.txt", "w"); } - Now we have everything in our function. (For the other codes i wrote explanation next to codes).
$username = ""; // your username $password = ""; // your password $formPage = ""; // login form page $indexseite = ""; //after login which page do we wanna go $get = get_curl($username, $password, $formPage, $indexseite);
$formPagethis page where Login Form is.
$indexseiteThis is which page you wanna see after successfully login.
Recent Posts
- Fatal error: Allowed memory size of bytes exhaustedJanuary 9, 2024If you are facing the Error “Fatal error: […]
- Install FOSSBilling with DDEV (Docker + Apple Silicon)November 14, 2023I love Virtualisation. It is the perfect way to work […]
- WordPress Custom Product Loop (woocommerce_product_query)September 19, 2023If you want to loop the woocommerce products with your […]
- WordPress get Tag Cloud by ShortcodeSeptember 13, 2023I was creating a WordPress Website and i needed use […]
WordPress Non-zero exit status returned by script [Solution]December 7, 2022You are either installing a new WordPress Website or […]
Comments
2 Comments
hello Aziz wie geht es dir
Liebe Grüsse Adam
Hoi Adam, danke gut, bei dir ?
L.G. Aziz
Leave a Comment