{"id":8196,"date":"2021-11-30T22:30:06","date_gmt":"2021-11-30T21:30:06","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=8196"},"modified":"2021-12-01T09:41:04","modified_gmt":"2021-12-01T08:41:04","slug":"curl-login-and-get-a-website-protected-by-a-php-session","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/curl-login-and-get-a-website-protected-by-a-php-session\/","title":{"rendered":"cURL: Login and get a website protected by a php session"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_8196 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_8196')){$('.twoclick_social_bookmarks_post_8196').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"cURL%3A%20Login%20and%20get%20a%20website%20protected%20by%20a%20php%20session\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Ato%20get%20the%20timetable%2C%20and%20the%20last%20changes%20of%20these%2C%20of%20my%20daughters%20school%20class%20I%20have%20to%20logon%20to%20the%20schools%20website%20and%20get%20the%20information%20there.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/curl-login-and-get-a-website-protected-by-a-php-session\\\/\",\"post_id\":8196,\"post_title_referrer_track\":\"cURL%3A+Login+and+get+a+website+protected+by+a+php+session\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>to get the timetable, and the last changes of these, of my daughters school class I have to logon to the schools website and get the information there.<br \/>\n<!--more--><\/p>\n<p>Ok, time to write a script to get this every morning before she leaves the house \ud83d\ude42<\/p>\n<p>PHP seesion is protected against a Cross-Site-Request-Forgery attack. That means, to login, you need the session (PHPSESSID) and the csrf id. In this case the PHPSESSID is a cookie and the csrf is written to with the html source, to the form tag as proberty &#8220;value&#8221;:<br \/>\n<code><br \/>\n&lt;form class='form-signin' action='\/auth\/login.php' method='post'&gt;&lt;input type='hidden' name='csrf' value='576505bb764576fd'&gt;&lt;div class=\"logo-head\"&gt;<br \/>\n<\/code><\/p>\n<p>To get the session id and the csrf id I simply get the login page, this saves the cookies to a file (-b and -c reads and save cookies from\/to \/tmp\/cookies.txt) and also the whole html page to \/tmp\/page.html.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # curl -c \/tmp\/cookies.txt -b \/tmp\/cookies.txt https:\/\/schoolsWebpage.org\/ -o \/tmp\/page.html\r\n<\/pre>\n<p>If you want to mask curl set the user agent by<br \/>\n<code><br \/>\n-H \"User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko\/20100101 Firefox\/94.0\"<br \/>\n<\/code><\/p>\n<p>Get the csrf id by grep the line and then the ID<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # export CSRF=$(grep -oEi &quot;name='csrf' value='&#x5B;a-z0-9]{16}'&quot; \/tmp\/page.html | grep -oEi &quot;&#x5B;a-z0-9]{16}&quot;\r\n<\/pre>\n<p>Then start the Login process. The correct variables which must be set by the POST request can be capture by tracing a login session with firefox (tools\/tools for web developer) or chrome.<br \/>\n Firefox can export the complete curl command line from which the whole -d parameter can copied. This is usefull because the string and characters are already html escaped (Example @ = %40).<br \/>\nLogin to the page:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # curl -d &quot;csrf=$CSRF&amp;username=myUser&amp;password=mySecretPass&quot; -c \/tmp\/cookies.txt -b \/tmp\/cookies.txt -X POST &quot;https:\/\/schoolsWebpage.org\/auth\/login.php&quot;\r\n<\/pre>\n<p>Get the site you want \ud83d\ude42<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmichael@debdev ~ # curl -c \/tmp\/cookies.txt -b \/tmp\/cookies.txt -H  https:\/\/schoolsWebpage.org\/service\/timetable\r\n<\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, to get the timetable, and the last changes of these, of my daughters school class I have to logon to the schools website and get the information there.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1714,1715,9],"tags":[1718,1716,1719,697,621,1717,90],"class_list":["post-8196","post","type-post","status-publish","format-standard","hentry","category-curl","category-php","category-scripting","tag-csrf","tag-curl","tag-get-site","tag-login","tag-php","tag-phpsession","tag-session"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=8196"}],"version-history":[{"count":19,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8196\/revisions"}],"predecessor-version":[{"id":8215,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8196\/revisions\/8215"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=8196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=8196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=8196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}