Have nothing to do, play a Linux curl command. Very simple requirements to carry cookies to forge legitimate post requests.
-a/--user-agent <string> Set User agent sent to server
-b/--cookie <name=string/file> cookie string or file read location
write the cookie to this file after the-c/--cookie-jar <file> operation
-c/--continue-at <offset> Breakpoint continues
-d/- -dump-header <file> writes header information to the file
-e/--referer Source URL
-f/--fail failed to display HTTP error when connection fails
-o/--output writes the output to the file
-o/--remote-name writes the output to the file, keeping the file name of the remote file
-r/--range <range> retrieves the
-s/--silent mute mode from the http/1.1 or FTP server byte range . Do not output anything
-t/--upload-file <file> upload files
-u/--user <user[:p assword]> set up the user and password for the server
-w/--write-out [format] what output is finished
-x/--proxy
Of course, the above is not detailed enough, the rest will be left to add later.
Back to the topic, my demo is this, first through the Curl command to obtain a website cookie, and then carry this cookie, as well as some parameters, in the site exposed to the interface to submit the request. (Don't know what this behavior is)
The steps are as follows:
1. Use the '-d ' command by curl down cookies directly.
Nohup curl-d cookie.txt https://zhidao.baidu.com
The cookie information is now written to the Cookie.txt file, as shown below.
2. Ok,cookie got it, left to destroy, or use the local test URL, direct exposure to other people's bugs is not very honest.
Nohup curl-a "mozilla/5.0" (Macintosh; Intel Mac OS X 10.11; rv:50.0) gecko/20100101 firefox/50.0 "-B cookie001.txt-d" a=2660884526 "-D" b=2660884526 "-D" c=2660884526 " http://" li.wukong.com/arr.php
The PHP code is as follows:
<?php
$headers = Getallheaders ();
echo php_eol. ' Header header: '. Php_eol;
Print_r ($headers);
$content = file_get_contents (' php://input ');
echo Php_eol. ' Accesses the read-only stream of the requested raw data: '. Php_eol;
Print_r ($content);
Echo Php_eol. Php_eol. ' Post data parameter: '. Php_eol;
Print_r ($_post);
Exit
The output is as follows:
% Total % Received% xferd Average Speed time Time current
dload Upload Total spent left Speed
0 0 0 0 0 0 0 0--:--:----::--- -:--:-- 0 474 6571 526--:--:----:--:----:--:-- 6676
Header header:
Array
(
[Host] => li.wukong.com
[user-agent] => mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:50.0) gecko/20100101 firefox/50.0
[Accept] => */*
[Cookie] => name1=1; name2=2; name3=3
[ Content-length] =>
[content-type] => application/x-www-form-urlencoded
) Access the read-
only stream of the requested raw data:
a=2660884526&b=2660884526&c=2660884526
Post data parameters:
Array
(
[a] => 2660884526
[b] => 2660884526
[c] => 2660884526
)
Well, the point is to carry cookie,post data to the legal request data. Of course, the demo above is only Application/x-www-form-urlencode format, the following paste a Application/json format, also very simple
Nohup Curl -A "mozilla/5.0" (Macintosh; Intel Mac OS X 10.11; rv:50.0) gecko/20100101 firefox/50.0 "-B cookie.txt-h ' Content-type:application/json '-d ' {" A ":" 2660884526 "," B ":" 2660884526 "," C ":" 2660884526 "} ' http://li.wukong.com/arr.php
The response is as follows:
% Total % Received% xferd Average Speed time Time current
dload Upload Total spent left Speed
0 0 0 0 0 0 0 0--:--:----::--- -:--:-- 0 461 407 19760 2621--:--:----:--:----:--: --21421 Header
:
Array
(
[Host] => li.wukong.com
[user-agent] => mozilla/5.0 ( Macintosh; Intel Mac OS X 10.11; rv:50.0) gecko/20100101 firefox/50.0
[Accept] => */*
[Cookie] => name1=1; name2=2; name3=3
[ Content-type] => Application/json
[content-length] =>
to access the requested raw data read-only stream:
{"A": " 2660884526 "," B ":" 2660884526 "," C ":" 2660884526 "}
Post data parameters:
Array
(
)
Also simple, just use the-h parameter to directly modify the custom header header.
The following code is attached to a pure PHP analog post form submission:
<?php
$post = ' {' A ': ' 2660884526 ', ' B ': ' 2660884526 ', ' C ': ' 2660884526 '} ';
$post = Json_decode ($post, true);
$ch = Curl_init ();
Curl_setopt_array ($ch, Array (
curlopt_url => "http://li.wukong.com/arr.php",
curlopt_httpheader => [
' Host:li.wukong.com ',
' user-agent:mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:50.0) gecko/20100101 firefox/50.0 ',
],
// Curlopt_cookie => ' name1=1; name2=2; Name3=3 ",
curlopt_cookiefile =>" Cookie.txt ",
curlopt_followlocation => 1,
Curlopt_ Returntransfer => True,
curlopt_customrequest => ' POST ',
curlopt_postfields => $post,
));
$res = curl_exec ($ch);
Curl_close ($ch);
Var_dump ($res);
The response is as follows:
String (503) Header
header:
Array
(
[Host] => li.wukong.com
[Accept] => */*
[Cookie] => Name1=1; name2=2; Name3=3
[user-agent] => mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:50.0) gecko/20100101 firefox/50.0
[content-length] => 346
[Expect] => 100-continue
[ Content-type] => multipart/form-data; boundary=------------------------a40cc9c12f3efc06
)
read-only streaming of the requested raw data:
post data parameter:
Array
(
[A] => 2660884526
[b] => 2660884526
[c] => 2660884526
)
"
One thing to note is that when the Post's data is a string rather than an array, the content-type automatically becomes application/x-www-form-urlencoded.
The above PHP code, will json_decode that line of comments after the following response:
String (489) header
Header:
Array
(
[Host] => li.wukong.com
[Accept] => */*
[Cookie] => Name1=1; name2=2; Name3=3
[user-agent] => mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:50.0) gecko/20100101 firefox/50.0
[content-length] =>
[Content-type] => application/ x-www-form-urlencoded
)
access to the requested raw data read-only stream:
{"A": "2660884526", "B": "2660884526", "C": "2660884526"}
Post Data parameters:
Array
(
[{"A": "2660884526", _ "B": "2660884526", _ "C": "2660884526"}] =>
)
"