时间:2021-07-01 10:21:17 帮助过:47人阅读
通常为了安全会在表单里加入一个随机的token值来防止csrf攻击。
要想模拟提交有token验证的网站其实也不难。
1.通过正则获取token
2.带上获取到的token模拟提交
下面是一个成功的例子
目录结构
- │ form.php –需要模拟的表单
- │ getForm.php – 模拟提交程序
- │ post.php –表单验证程序
- │
- └─cookie – cookie存放目录
getForm.php
- <?php
- $cookie_file = './cookie/'.time().'.cookie';
- $str = getResponse('http://a.curl.com:81/form.php',[],$cookie_file);
- setcookie("PHPSESSID", "vc0heoa6lfsi3gger54pkns152");
- preg_match('/<input name="token" type="hidden" value="(.*)"/U', $str, $match);
- $post['token'] = $match[1];
- $post['name'] = '3333333';
- $post['password'] = '12121213';
- print_r(getResponse('http://a.curl.com:81/post.php', $post, $cookie_file));
- function getResponse($url, $data=[], $cookie_file='', $timeout = 3)
- {
- if(empty($cookie_file))
- {
- $cookie_file = '.cookie';
- }
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_REFERER, "https://www.baidu.com"); //构造来路
- curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36");
- if(!empty($data))
- {
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
- }
- curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);// 取cookie的参数是
- curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie_file); //发送cookie
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
- try
- {
- $handles = curl_exec($ch);
- curl_close($ch);
- return $handles;
- }
- catch (Exception $e)
- {
- echo 'Caught exception: ', $e->getMessage(), "\n";
- }
- unlink($cookie_file);
- }
form.php
- <?php
- session_start();
- $_SESSION['token'] = md5($_SERVER['REQUEST_TIME']);
- $_SESSION['time'] = date("Y-m-d H:i:s");
- session_write_close();
- //echo $_SESSION['auth'];
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title> new document </title>
- <meta name="generator" content="editplus" />
- <meta name="author" content="" />
- <meta name="keywords" content="" />
- <meta name="description" content="" />
- </head>
- <body>
- <form action="post.php" method="post">
- <p><input name="name" type="text"></p>
- <p><input name="password" type="password"></p>
- <p><input name="token" type="hidden" value="<?php echo $_SESSION['token']?>"></p>
- <p><input type="submit"></p>
- </form>
- </body>
- </html>
post.php
- <?php
- session_start();
- if(empty($_POST['token']))
- {
- exit ("token is empty!");
- }
- if(empty($_SESSION['token']))
- {
- exit ("session is empty");
- }
- if($_POST['token'] != $_SESSION['token'])
- {
- exit ("token ");
- } else
- {
- unset($_SESSION['token']);
- }
- echo PHP_EOL;
- echo "pass";
- print_r($_REQUEST);
- echo PHP_EOL;
- print_r($_SERVER);
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持脚本之家。