All geek questions in one place

Unable to get cookie.ASPXAUTH value for login with PHP cURL

I am almost 100% sure that I have all the messages on the Internet that contain the keywords asp login curl php.ASPXAUTH, but I could not find a solution. I'm more of a code hacker than an elegant developer, so I hope someone can help me.

I have a curl script that logs on two other sites to submit forms due to login. However, I recently tried using a variant of this script for a third website. It works until the first page returns after logging in, but then processes any further cURL calls, as if I hadn't logged in. I found (as I think) that this is because cookie.ASPXAUTH is not set. I have a cookie and a cookiejar setting in my cURL code and it successfully catches the .ASP.NET_SessionID file, but not the cookie.ASPXAUTH.

I noticed that I can see the cookie.ASPXAUTH value in the headers when I watch "Live HTTP headers", but I can not get my cURL script to easily return the header using this set-cookie. It seems that the cookie is set to 302 after logging in, and cURL does not handle this correctly. So I turned off CURLOPT_FOLLOWLOCATION and tried to handle the redirection myself, but I still can’t figure it out right (the server returns a really strange redirect URL, and I don’t think I am doing this part correctly)

But I would really appreciate it if someone could help me ...

Here is my code:

    //setup Curl
  $cookiename = substr($from,4,5);
  $cookiefile = $cookiename . ".txt";
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
  curl_setopt($ch, CURLOPT_HEADER, 1); 
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (Windows; MSIE 6.0; U; Windows NT 5.1)");
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
  curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);

  //read login page
  curl_setopt($ch, CURLOPT_URL, "Login.aspx"); 
  $result = curl_exec ($ch);

  echo $result;



  // extract values for hidden form fields __REQUESTDIGEST __VIEWSTATE __EVENTVALIDATION fields

  //extract __REQUESTDIGEST
  $start = strpos($result,"id=\"__REQUESTDIGEST\" value=\"") + 28;
  $end = $start + 157;
  $rdigest = substr($result  , $start  , $end - $start );

  //extract __VIEWSTATE
  $start = strpos($result,"id=\"__VIEWSTATE\" value=\"") + 24;
  $end = $start + 16300;
  $vstate = substr($result  , $start  , $end - $start );
  $vstate = urlencode($vstate);

  //extract __EVENTVALIDATION
  $start = strpos($result,"id=\"__EVENTVALIDATION\" value=\"") + 30;
  $end = $start + 120;
  $event = substr($result  , $start  , $end - $start );
  $event = urlencode($event);


  //set login form values and login

  //curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_REFERER, 'Login.aspx');
  curl_setopt($ch, CURLOPT_HEADER, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, '__REQUESTDIGEST=' . $rdigest . '&__VIEWSTATE=' . $vstate . '&__EVENTVALIDATION=' . $event . '&UserName=' . $from . '&Password=' . $password);
  $result = curl_exec ($ch);

  echo $result;

  //extract __redirect
  $start = strpos($result,"Location:") + 10;
  $end = strpos($result,".aspx") +5;
  $redirect = substr($result  , $start  , $end - $start );
                $redirect = "https://www.domain.com/" . $redirect;

  echo $redirect ."<br /><br />";

  echo $result;

  curl_setopt($ch, CURLOPT_URL, $redirect);
  $result = curl_exec ($ch);

  echo $result;

And here is the conclusion:

    //Login page headers
HTTP/1.1 200 OK Date: Tue, 30 Nov 2010 12:57:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 81835 
//Login page body

Submit login page headers
HTTP/1.1 100 Continue HTTP/1.1 302 Found Date: Tue, 30 Nov 2010 13:40:30 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Location: /(F(RZPDiDBb9OPbTuBnj2RAgH8KglRdj4B4u8trRMpa6QbBjff4evKMtHnOFNyX046Xdr33PZA3-6dHoZjxQpeZ7aNTevF75gArtpeScCjE9fI1))/default.aspx Set-Cookie: ASP.NET_SessionId=bhugr045cyybck45xvhpeb55; path=/; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: -1 Content-Type: text/html; charset=utf-8 Content-Length: 82196


//Redirect page body

//The login page body is displayed again

//More headers
HTTP/1.1 100 Continue HTTP/1.1 500 Internal Server Error Date: Tue, 30 Nov 2010 13:29:05 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 3026 

//Error message from server
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
+3
source share
1 answer

useragent cookie.ASPXAUTH ( ) cookie:)

:

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (Windows; MSIE 6.0; U; Windows NT 5.1)");

:

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729)");

cookie curl - .

!

+1

Source: https://habr.com/ru/post/1777672/

More articles:


All Articles