php利用curl伪造session

curl -x 172.93.36.118:8088 "http://www.test.com/1.php"

wget -e "http_proxy=172.93.36.118:8088" http://www.test.com/1.php

1、利用传统的表单来提交数据生成session

form.php

<?php 

session_start();

?>

<form name=myform action="check.php" method="post">

<input type=text name=username>

<input type=submit value="submit" name=submit>

</form>

check.php

<?php 

session_start();

#echo "<br>";

$username=$_POST["username"];

if($username=="test"){

echo "right";

$_SESSION["username"]=$username;

setcookie("username",$username,time()+60,"/");

print_r($_SESSION);

# header("location:show.php");

}else{

echo "error";

}

#echo "<br>";

#echo "<hr>";

#echo "session<br>";

#print_r($_SESSION);

#echo $_SESSION["username"];

#echo "<hr>";

#echo "cookie<br>";

#print_r($_COOKIE);

show.php
<?php 
session_start();
echo "server=><br>";
var_dump($_SERVER);
$username=$_SESSION["username"];
if($username!="test"){
echo "error,no right";
exit;
}
echo "session=><br>";
var_dump($_SESSION);
echo "<hr>";
echo "cookie=><br>";
var_dump($_COOKIE);
#phpinfo();
echo "<hr>";
echo "post=><br>";
var_dump($_POST);
 
2、利用curl伪造session提交
submit.php
<?php
    function vlogin($url,$request){ 
    session_start();
    $cookie_jar = tempnam('./tmp','cookie');//在当前目录下生成一个随机文件名的临时文件 
    $ch = curl_init($url); //初始化curl模块 
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);//post方式提交 
    curl_setopt($ch, CURLOPT_POSTFIELDS, $request);//要提交的内容 
    //把返回$cookie_jar来的cookie信息保存在$cookie_jar文件中 
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_jar); 
    $xianshi=curl_exec ($ch); 
    curl_close($ch); //get data after login   
    $curl="http://phpjx.local.com/login/session/show.php";//要抓取数据的页面,该页面有session判断权限
    $ch=curl_init($curl);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1); 
    curl_setopt($ch, CURLOPT_POSTFIELDS, "sitename=phpjx.com&siteurl=http://www.phpjx.com");
    curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_jar);
    $xianshi=curl_exec($ch);
    curl_close($ch);
    return $xianshi;
    }
    $url="http://phpjx.local.com/login/session/check.php";//我们向该页面传值,用来生成session,接着传递到想要抓取的那个页面
    $request="username=test";
    echo vlogin($url, $request)
?>
 

 

    A+
发布日期:2014年01月08日  所属分类:未分类

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: