PHP Curl with Csrf-token validation simulation submission Example

This time for everyone to bring PHP curl with Csrf-token Verification simulation Submission example, PHP curl with Csrf-token Verification simulation submission of attention to what, the following is the actual case, together to see.

1. Get tokens through regular
2. Bring the token simulation submission on the Get

Here is an example of success

Directory structure

│form.php– a form that needs to be simulated │getform.php– simulation submitter │post.php– Form Validator │└─cookie–cookie Store directory

getform.php

<?php$cookie_file = './cookie/'. Time (). Cookies '; $str = GetResponse (' http://a.curl.com:81/form.php ', [], $cookie _file); Setcookie ("Phpsessid", " vc0heoa6lfsi3gger54pkns152 ");p reg_match ('/<input name=" token "type=" hidden "value=" (. *) "/U", $str, $match); $post [' token '] = $match [1]; $post [' name '] = ' 3333333 '; $post [' password '] = ' 12121213 ';p rint_r (GetResponse (' http:// A.curl.com:81/post.php ', $post, $cookie _file)), function GetResponse ($url, $data =[], $cookie _file= ", $timeout = 3) {i    F (Empty ($cookie _file)) {$cookie _file = '. Cookie ';    } $ch = Curl_init ();    curl_setopt ($ch, Curlopt_url, $url);  curl_setopt ($ch, Curlopt_referer, "https://www.baidu.com"); Construct the routing curl_setopt ($ch, Curlopt_useragent, "mozilla/5.0 (Windows NT 10.0; Win64;    x64) applewebkit/537.36 (khtml, like Gecko) chrome/54.0.2840.59 safari/537.36 ");      if (!empty ($data)) {curl_setopt ($ch, Curlopt_post, true);    curl_setopt ($ch, Curlopt_postfields, $data); } curl_setopt ($ch, Curlopt_cookieJAR, $cookie _file);//The parameter to take the cookie is curl_setopt ($ch, Curlopt_cookiefile, $cookie _file);    Send Cookie curl_setopt ($ch, Curlopt_returntransfer, 1);    curl_setopt ($ch, Curlopt_connecttimeout, $timeout);       try {$handles = curl_exec ($ch);       Curl_close ($ch);    return $handles;    } catch (Exception $e) {echo ' Caught Exception: ', $e->getmessage (), "\ n";  } unlink ($cookie _file); }

form.php

<?phpsession_start (); $_session[' token '] = MD5 ($_server[' request_time ')); $_session[' time ' = Date ("y-m-d h:i:s"); Session_write_close ();//echo $_session[' auth '];? ><! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd ">
post.php

<?phpsession_start (), if (Empty ($_post[' token ')) {  exit ("token is empty!");} if (Empty ($_session[' token ')) {exit ("SESSION is Empty");} if ($_post[' token ']! = $_session[' token ') {  exit ("token");} else{  unset ($_session[' token ');} echo Php_eol;echo "Pass";p Rint_r ($_request); Echo Php_eol;print_r ($_server);
Believe that you have read the case of this article you have mastered the method, more exciting please pay attention to the PHP Chinese network other related articles!

Recommended reading:

PHP Bubble Sort using detailed

PHP implementation of two fork tree depth and breadth first traversal algorithm steps