当前位置:Gxlcms > php框架 > 详解php curl带有csrf-token验证模拟提交方法

详解php curl带有csrf-token验证模拟提交方法

时间:2021-07-01 10:21:17 帮助过:47人阅读

通常为了安全会在表单里加入一个随机的token值来防止csrf攻击。

要想模拟提交有token验证的网站其实也不难。

1.通过正则获取token
2.带上获取到的token模拟提交

下面是一个成功的例子

目录结构

  1. │ form.php –需要模拟的表单
  2. │ getForm.php – 模拟提交程序
  3. │ post.php –表单验证程序
  4. └─cookie – cookie存放目录

getForm.php

  1. <?php
  2. $cookie_file = './cookie/'.time().'.cookie';
  3. $str = getResponse('http://a.curl.com:81/form.php',[],$cookie_file);
  4. setcookie("PHPSESSID", "vc0heoa6lfsi3gger54pkns152");
  5. preg_match('/<input name="token" type="hidden" value="(.*)"/U', $str, $match);
  6. $post['token'] = $match[1];
  7. $post['name'] = '3333333';
  8. $post['password'] = '12121213';
  9. print_r(getResponse('http://a.curl.com:81/post.php', $post, $cookie_file));
  10. function getResponse($url, $data=[], $cookie_file='', $timeout = 3)
  11. {
  12. if(empty($cookie_file))
  13. {
  14. $cookie_file = '.cookie';
  15. }
  16. $ch = curl_init();
  17. curl_setopt($ch, CURLOPT_URL, $url);
  18. curl_setopt($ch, CURLOPT_REFERER, "https://www.baidu.com"); //构造来路
  19. curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36");
  20. if(!empty($data))
  21. {
  22. curl_setopt($ch, CURLOPT_POST, true);
  23. curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
  24. }
  25. curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);// 取cookie的参数是
  26. curl_setopt ($ch, CURLOPT_COOKIEFILE, $cookie_file); //发送cookie
  27. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  28. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  29. try
  30. {
  31. $handles = curl_exec($ch);
  32. curl_close($ch);
  33. return $handles;
  34. }
  35. catch (Exception $e)
  36. {
  37. echo 'Caught exception: ', $e->getMessage(), "\n";
  38. }
  39. unlink($cookie_file);
  40. }

form.php

  1. <?php
  2. session_start();
  3. $_SESSION['token'] = md5($_SERVER['REQUEST_TIME']);
  4. $_SESSION['time'] = date("Y-m-d H:i:s");
  5. session_write_close();
  6. //echo $_SESSION['auth'];
  7. ?>
  8. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  9. <html xmlns="http://www.w3.org/1999/xhtml">
  10. <head>
  11. <title> new document </title>
  12. <meta name="generator" content="editplus" />
  13. <meta name="author" content="" />
  14. <meta name="keywords" content="" />
  15. <meta name="description" content="" />
  16. </head>
  17. <body>
  18. <form action="post.php" method="post">
  19. <p><input name="name" type="text"></p>
  20. <p><input name="password" type="password"></p>
  21. <p><input name="token" type="hidden" value="<?php echo $_SESSION['token']?>"></p>
  22. <p><input type="submit"></p>
  23. </form>
  24. </body>
  25. </html>

post.php

  1. <?php
  2. session_start();
  3. if(empty($_POST['token']))
  4. {
  5. exit ("token is empty!");
  6. }
  7. if(empty($_SESSION['token']))
  8. {
  9. exit ("session is empty");
  10. }
  11. if($_POST['token'] != $_SESSION['token'])
  12. {
  13. exit ("token ");
  14. } else
  15. {
  16. unset($_SESSION['token']);
  17. }
  18. echo PHP_EOL;
  19. echo "pass";
  20. print_r($_REQUEST);
  21. echo PHP_EOL;
  22. print_r($_SERVER);

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持脚本之家。

人气教程排行