通常为了安全会在表单里加入一个随机的token值来防止csrf攻击。
要想模拟提交有token验证的网站其实也不难。
1.通过正则获取token 2.带上获取到的token模拟提交
下面是一个成功的例子
目录结构
getForm.PHP
rush:PHP;">
PHP
$cookie_file = './cookie/'.time().'.cookie';
$str = getResponse('http://a.curl.com:81/form.PHP',[],$cookie_file);
setcookie("PHPSESSID","vc0heoa6lfsi3gger54pkns152");
preg_match('/$post['token'] = $match[1];
$post['name'] = '3333333';
$post['password'] = '12121213';
print_r(getResponse('http://a.curl.com:81/post.php',$post,$cookie_file));
$post['name'] = '3333333';
$post['password'] = '12121213';
print_r(getResponse('http://a.curl.com:81/post.php',$post,$cookie_file));
function getResponse($url,$data=[],$cookie_file='',$timeout = 3)
{
if(empty($cookie_file))
{
$cookie_file = '.cookie';
}
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_REFERER,"https://www.baidu.com"); //构造来路
curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/54.0.2840.59 Safari/537.36");
if(!empty($data))
{
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$data);
}
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie_file);// 取cookie的参数是
curl_setopt ($ch,CURLOPT_COOKIEFILE,$cookie_file); //发送cookie
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
try
{
$handles = curl_exec($ch);
curl_close($ch);
return $handles;
}
catch (Exception $e)
{
echo 'Caught exception: ',$e->getMessage(),"\n";
}
unlink($cookie_file);
}
form.PHP
rush:PHP;">
new document