Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP CURL saves cookie into cookiejar but doesn't use it

Tags:

php

curl

cookies

I have a PHP script which uses CURL to log into a site with a simple login page. It sends an initial request to the site and sees if it's already logged in (due to cookies) or if the login page comes up - and if it does, logs in.

However, recently I noticed that every time the script runs it is never logged in. Deep diving into the headers using VERBOSE shows that the cookie in the COOKIEFILE/COOKIEJAR is never used, only the cookies that are received by the site for that particular session. If I manually add cookies to the cookiejar in the middle of the run (something that used to work) - it doesn't work anymore as the cookies in the COOKIEFILE aren't actually used.

This happens both locally and on the production server, meaning it doesn't seem to be a system issue. I created test versions for other login pages with the same results. I use a fullpath to the cookie file (which is updated with cookies, just not used) and use curl_close().

Following is the CURL function:

private function curlPage($url, $postParameters) {
    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_POST, TRUE);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postParameters);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_COOKIEJAR, __DIR__.'/cookie.txt');
    curl_setopt($ch, CURLOPT_COOKIEFILE, __DIR__.'/cookie.txt');
    curl_setopt($ch, CURLOPT_ENCODING, '');
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); 
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
    curl_setopt($ch, CURLOPT_POSTREDIR, 3);
    if ($this->verbose == 1) curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
    curl_setopt($ch, CURLOPT_TIMEOUT, $this->defaultTimeout); 
    curl_setopt($ch, CURLOPT_USERAGENT, $this->useragent);
    $pageResponse = curl_exec($ch);
    curl_close($ch); 
    return $pageResponse;
}

Following is the verbose response of the CURL request to the main page, where it is supposed to check whether or not it is logged in. As the site is of a client, I redacted it.

* Rebuilt URL to: *********
* Hostname was NOT found in DNS cache
*   Trying : *********...
* Connected to : ********* (*********) port 80 (#0)
> GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
Host: *********
Accept: */*

< HTTP/1.1 200 OK
< Date: Wed, 20 Jul 2016 20:42:22 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=15
< Vary: Accept-Encoding
< Expires: Mon, 26 Jul 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store, must-revalidate
* Server ********* is not blacklisted
< Server: *********
< 

As can be seen - no cookie in sight, despite having a COOKIEFILE available.

Any assistance would be highly appreciated.

like image 519
Idan Avatar asked Mar 12 '23 15:03

Idan


1 Answers

The first you must make sure __DIR__ have write permission.

The second when you run code. You can check cookie.txt file had been create or not.

The third you must use ONE cookie for all session. So the victim know you logged in.

And try my source

$cookies = tempnam('/tmp','cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
like image 74
Quynh Nguyen Avatar answered Mar 19 '23 12:03

Quynh Nguyen