欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

详解php curl带有csrf-token验证模拟提交方法

程序员文章站 2023-11-06 20:39:22
通常为了安全会在表单里加入一个随机的token值来防止csrf攻击。 要想模拟提交有token验证的网站其实也不难。 1.通过正则获取token 2.带上获取...

通常为了安全会在表单里加入一个随机的token值来防止csrf攻击。

要想模拟提交有token验证的网站其实也不难。

1.通过正则获取token
2.带上获取到的token模拟提交

下面是一个成功的例子

目录结构

│ form.php –需要模拟的表单 
│ getform.php – 模拟提交程序 
│ post.php –表单验证程序 
│ 
└─cookie – cookie存放目录

getform.php

<?php
$cookie_file = './cookie/'.time().'.cookie';
$str = getresponse('http://a.curl.com:81/form.php',[],$cookie_file);
setcookie("phpsessid", "vc0heoa6lfsi3gger54pkns152");
preg_match('/<input name="token" type="hidden" value="(.*)"/u', $str, $match);

$post['token'] = $match[1];
$post['name'] = '3333333';
$post['password'] = '12121213';
print_r(getresponse('http://a.curl.com:81/post.php', $post, $cookie_file));

function getresponse($url, $data=[], $cookie_file='', $timeout = 3)
  {
    if(empty($cookie_file))
    {
      $cookie_file = '.cookie';
    }

    $ch = curl_init();
    curl_setopt($ch, curlopt_url, $url);
    curl_setopt($ch, curlopt_referer, "https://www.baidu.com");  //构造来路
    curl_setopt($ch, curlopt_useragent,"mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/54.0.2840.59 safari/537.36");

    if(!empty($data))
    {
      curl_setopt($ch, curlopt_post, true);
      curl_setopt($ch, curlopt_postfields, $data);
    }
    curl_setopt($ch, curlopt_cookiejar, $cookie_file);// 取cookie的参数是
    curl_setopt ($ch, curlopt_cookiefile, $cookie_file); //发送cookie
    curl_setopt($ch, curlopt_returntransfer, 1);
    curl_setopt($ch, curlopt_connecttimeout, $timeout);
    try
    {
       $handles = curl_exec($ch);
       curl_close($ch);
       return $handles;
    }
    catch (exception $e)
    {
      echo 'caught exception: ', $e->getmessage(), "\n";
    }
    unlink($cookie_file);
  }

form.php

<?php
session_start();
$_session['token'] = md5($_server['request_time']);
$_session['time'] = date("y-m-d h:i:s");
session_write_close();
//echo $_session['auth'];
?>
<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title> new document </title>
 <meta name="generator" content="editplus" />
 <meta name="author" content="" />
 <meta name="keywords" content="" />
 <meta name="description" content="" />
 </head>
 <body>
<form action="post.php" method="post">
  <p><input name="name" type="text"></p>
  <p><input name="password" type="password"></p>
  <p><input name="token" type="hidden" value="<?php echo $_session['token']?>"></p>
  <p><input type="submit"></p>
</form>
 </body>
</html>

post.php

<?php
session_start();
if(empty($_post['token']))
{
  exit ("token is empty!");
}

if(empty($_session['token']))
{
 exit ("session is empty");
}

if($_post['token'] != $_session['token'])
{
  exit ("token ");
} else
{
  unset($_session['token']);
}

echo php_eol;
echo "pass";
print_r($_request);

echo php_eol;
print_r($_server);

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。