I have a really strange issue with a cURL request. Basically I have some code that I use to wrap a legacy PHP app on Symfony2 (http://symfonybricks.com/it/brick/wrap-legacy-php-code-by-a-symfony2-application). They are basic cURL commands that should pull a webpage and display it. However, I have noticed the following :
If I make a query to an existing file, it's working fine
If I make a query to a file that doesn't exist, cURL time out (Because I have set up a time out of 8sec), and during that time, it freeze the whole server, I can't access my website from any other devices until it actually time out.
Here's my code :
/**
* #Route("/", defaults={"controller" = "index.php", "controller2" = "", "controller3" = ""})
* #Route("/{controller}", defaults={"controller2" = "index.php", "controller3" = ""})
* #Route("/{controller}/", defaults={"controller2" = "index.php", "controller3" = ""})
* #Route("/{controller}/{controller2}", defaults={"controller3" = ""})
* #Route("/{controller}/{controller2}/", defaults={"controller3" = ""})
* #Route("/{controller}/{controller2}/{controller3}", defaults={"controller3" = "index.php"})
*/
public function getLegacyResourceAction($controller, $controller2, $controller3, Request $request)
{
$path_to_legacy_code = "http://XXX/";
$originalController = $request->getPathInfo();
$originalQueryString = $request->getQueryString();
$url = "{$path_to_legacy_code}{$originalController}?{$originalQueryString}";
//open connection
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
//Timeout
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8);
curl_setopt($ch, CURLOPT_TIMEOUT, 8);
curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
$stderr = fopen("{$this->container->getParameter('kernel.root_dir')}/logs/curl.txt", "a");
curl_setopt($ch, CURLOPT_STDERR, $stderr);
//echo "Login stuff in ".$this->container->getParameter('kernel.root_dir')."/logs/curl.txt";
curl_setopt($ch, CURLOPT_COOKIESESSION, 0);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
$result = curl_exec($ch);
if (false === $result) {
echo curl_error($ch);
exit;
}
curl_close($ch);
fclose($stderr);
$Response = new Response($result);
return $Response;
Here's the log I'm getting from a valid response :
* About to connect() to www.xxx.com port 80 (#0)
* Trying 178.32.223.113...
* connected
* Connected to www.xxx.com (178.32.223.113) port 80 (#0)
> GET /web/legacy/index.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefo$
Host: www.xxx.com
Accept: */*
Cookie: idto=116; PHPSESSID=a159rcjvh0fk6otukqqq9bkrd5
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Date: Sat, 05 Sep 2015 04:26:32 GMT
< Server: Apache/2.2.22 (Debian)
< X-Powered-By: PHP/5.5.28-1~dotdeb+7.1
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< Content-Type: text/html
<
* Connection #0 to host www.xxx.com left intact
* Closing connection #0
And here's the code from an invalid response :
* About to connect() to www.xxx.com port 80 (#0)
* Trying 178.32.223.113...
* connected
* Connected to www.xxx.com (178.32.223.113) port 80 (#0)
> GET /web/legacy/whatever.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefo$
Host: www.xxx.com
Accept: */*
Cookie: idto=116; PHPSESSID=a159rcjvh0fk6otukqqq9bkrd5
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* Operation timed out after 8001 milliseconds with 0 bytes received
* Closing connection #0
* About to connect() to www.xxx.com port 80 (#0)
* Trying 178.32.223.113...
* connected
* Connected to www.xxx.com (178.32.223.113) port 80 (#0)
> GET /web/legacy/legacy/whatever.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefo$
Host: www.xxx.com
Accept: */*
Cookie: idto=116; PHPSESSID=a159rcjvh0fk6otukqqq9bkrd5
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* Operation timed out after 8001 milliseconds with 0 bytes received
* Closing connection #0
* About to connect() to www.xxx.com port 80 (#0)
* Trying 178.32.223.113...
* connected
* Connected to www.xxx.com (178.32.223.113) port 80 (#0)
> GET /web/legacy/legacy/legacy/whatever.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefo$
Host: www.xxx.com
Accept: */*
Everything that's bellow curl_exec($ch); is not executed until it time out, not giving me a chance to check for a 404 error or something. I've been searching for days, no luck so far.
Thanks a lot !
EDIT :
Okay, so I solved the issue by removing this line :
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
Now it give a proper 404 error. I have no idea why it's working without this line. The problem is, without this line I'm breaking some session stuff from my legacy code !
EDIT 2 :
I've changed :
curl_setopt($ch, CURLOPT_COOKIESESSION, 0);
to
curl_setopt($ch, CURLOPT_COOKIESESSION, 1);
And now it's working fine with 404 error and my session. I have NO IDEA why.
EDIT 3 :
Okay, I thing I finally understand what's going on :
On every cURL request, it write on the cookie.txt file
If someone query a 404 url, before the time out, it file lock the cookie.txt file, and that's why the whole thing seems to be frozen.
As of my understanding, the best solution would be to generate a different cookie.txt file for each user, preventing a file lock.
I finally got to the bottom of this, turns out I had two issues :
No timeout configured, so if I'd try to query a non-existing webpage, it would loop indefinitely.
I was using the same cookies file for everyone, and if someone was stuck in such loop as mentionned before, it would file lock the cookie file, preventing other users to access the site.
Related
I'm trying to make a request to payment processing page. This requires authorization, which takes place through a set of redirects. In the second step, I get "411 Length Required" error, which means that content-length was lost along the way. Indeed, I cannot see it in the log. What can be done here? Change tool (programming language)?
CURLOPT_VERBOSE:
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connected to api.dev.example.com (188.186.236.44) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.dev.example.com
* start date: Apr 27 00:00:00 2019 GMT
* expire date: Apr 26 23:59:59 2021 GMT
* subjectAltName: host "api.dev.example.com" matched cert's "*.dev.example.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
* SSL certificate verify ok.
> POST /p2p/v2/payer HTTP/1.1
Host: api.dev.example.com
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Length: 224
* upload completely sent off: 224 out of 224 bytes
< HTTP/1.1 302 Found
< Server: nginx
< Date: Mon, 13 Jul 2020 14:22:54 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 213
< Connection: keep-alive
< Keep-Alive: timeout=20
< Cache-Control: private
< Location: /api/payer/auth?sessionToken=e744a95992fa405ba10662bbc6908d6bedd48a73cc0d45d589f4ef2f7d7a0b88
< Set-Cookie: returnUrl=http://example.com/returnurl.php; path=/
<
* Ignoring the response-body
* Connection #0 to host api.dev.walletone.com left intact
* Issue another request to this URL: 'https://api.dev.example.com/auth?sessionToken=e744b95992fa405ba10662bbc6908d6b7dd48a73cc0d45d589f4ef2f7d7a0b88'
* Switch from POST to GET
* Found bundle for host api.dev.example.com: 0x5649fd243480 [can pipeline]
* Re-using existing connection! (#0) with host api.dev.example.com
* Connected to api.dev.example.com (188.186.236.44) port 443 (#0)
> POST /auth?sessionToken=e744b95992fa405ba10662bbc6908d6b7dd48a73cc0d45d589f4ef2f7d7a0b88 HTTP/1.1
Host: api.dev.example.com
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
< HTTP/1.1 411 Length Required
< Server: nginx
< Date: Mon, 13 Jul 2020 14:22:54 GMT
< Content-Type: text/html; charset=us-ascii
< Content-Length: 344
< Connection: keep-alive
< Keep-Alive: timeout=20
<
* Connection #0 to host api.dev.example.com left intact
My code is:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $path);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, Array (
"Content-Type: application/x-www-form-urlencoded",
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $curl_method);
curl_setopt($ch, CURLOPT_POSTFIELDS, $order_data);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_STDERR, $verbose);
$response = curl_exec($ch);
curl_close($ch);
Set the content-length in the header, which would be set to the string length strlen() of $order_data
curl_setopt($ch, CURLOPT_HTTPHEADER, Array (
"Content-Type: application/x-www-form-urlencoded",
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Content-Length: ". strlen($order_data)
));
you can also debug this by checking out curl_setopt($ch, CURLINFO_HEADER_OUT, true); which makes curl_getinfo() include the request's headers in its output.
The problem was in using curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $curl_method). Curl tryed to swithc to GET, like mostly browsers do, but cannot. Use curl_setopt($ch, CURLOPT_POST, 1); indeed.
Please check the code below. I am trying to scrape website using proxy and it's working now. The problem is in print_r data displaying in non-readable format. I need to make it "normal" html source code. How can I do it?
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.amazon.com');
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, '142.234.203.59:12345');
curl_setopt($ch, CURLOPT_PROXYUSERPWD, 'haris20202:veryfastplease123');
$data = curl_exec($ch);
curl_close($ch);
print_r($data);
Using a slightly more fully featured curl function that the one above the response looks good BUT it includes a Robot Check
* Rebuilt URL to: https://www.amazon.com/
* Trying 142.234.203.59...
* TCP_NODELAY set
* Connected to 142.234.203.59 (142.234.203.59) port 12345 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.amazon.com:443
* Proxy auth using Basic with user 'haris20202'
> CONNECT www.amazon.com:443 HTTP/1.1
Host: www.amazon.com:443
Proxy-Authorization: Basic aGFyaXMyMDIwMjp2ZXJ5ZmFzdHBsZWFzZTEyMw==
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* successfully set certificate verify locations:
CAfile: c:/wwwroot/cacert.pem
CApath: none
* CONNECT phase completed!
* CONNECT phase completed!
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=www.amazon.com
* start date: Sep 18 00:00:00 2019 GMT
* expire date: Aug 23 12:00:00 2020 GMT
* subjectAltName: host "www.amazon.com" matched cert's "www.amazon.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Global CA G2
* SSL certificate verify ok.
> GET / HTTP/1.1
Host: www.amazon.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Accept: */*
Accept-Encoding: deflate, gzip
< HTTP/1.1 200 OK
< Content-Type: text/html
< Content-Length: 2097
< Connection: keep-alive
< Server: Server
< Date: Tue, 26 Nov 2019 10:14:10 GMT
< Vary: Content-Type,Cookie,Referer,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
< Content-Encoding: gzip
< x-amz-rid: DTAY61T1CN3HGSADJG16
< Edge-Control: no-store
< X-Cache: Miss from cloudfront
< Via: 1.1 274469ea4a9ada6e05630e17982ca5de.cloudfront.net (CloudFront)
< X-Amz-Cf-Pop: PHL50
< X-Amz-Cf-Id: R3hAZb_0qdQYB25p3WwZ5D-wK_1ujzleVSOS7EZo_zsTyMx9oYU6CA==
<
* Connection #0 to host 142.234.203.59 left intact
Amazon have an API - have you considered using that? Amazon for Developers
Include header('Content-Type: application/json'); in your file to get response in string type
I have curl command working through terminal and when I converts that command in PHP, it is giving me an error.
Here is Curl command from terminal:
[root#localhost ~]# curl -XPOST -v http://localhost:5636/api/1/event/AVyWHzgsJ-3JxxYdx60x/archive
* About to connect() to localhost port 5636 (#0)
* Trying ::1...
* Connected to localhost (::1) port 5636 (#0)
> POST /api/1/event/AVyWHzgsJ-3JxxYdx60x/archive HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:5636
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json
< X-Evebox-Git-Revision: 8ef8639
< X-Evebox-Session-Id: IUi21/bP7TkbJ11jpYcihe1w/S41vyAbP1L1qBIJKJiL8E3440J3imOSGxKYO9j5ffqAPyv2Q3tCXqUQxhIqnw
< Date: Wed, 05 Jul 2017 06:34:31 GMT
< Content-Length: 14
<
* Connection #0 to host localhost left intact
{"status":200}[root#localhost ~]#
Here is the curl command in PHP:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://localhost:5636/api/1/event/AVyWHzgsJ-3JxxYdx60x/archive");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
This is response: 400 Bad Request
Here is the Verbose Output:
Verbose information:
* About to connect() to localhost port 5636 (#6)
* Trying ::1...
* Connected to localhost (::1) port 5636 (#6)
> POST /api/1/event/AVyWHzgsJ-3JxxYdx60x/archive HTTP/1.1
Host: localhost:5636
Accept: */*
Content-Length: -1
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
< HTTP/1.1 400 Bad Request
< Content-Type: text/plain; charset=utf-8
< Connection: close
<
* Closing connection 6
400 Bad Request
Using the Requests library you could convert that cURL query as
include('vendor/rmccue/requests/library/Requests.php');
Requests::register_autoloader();
$headers = array();
$response = Requests::post('http://localhost:5636/api/1/event/AVyWHzgsJ-3JxxYdx60x/archive', $headers);
Use
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)');
or using urlencode($url);
Add this line, as your API will respond only to POST requests, and 400 error means you are asking API with Non-POST method,
Add this line and it should work ...
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
So i have been trying to get this working, however for the past 3 hours all i am still getting is the login page.
To start I have gone trough the source code of the page and gotten all the inputs and are listed below:
__EVENTTARGET
__EVENTARGUMENT
__VIEWSTATE
__EVENTVALIDATION
__VIEWSTATEGENERATOR
EditToken
sUserName
sPassword
sParentUID
hidIE11BugFix
The Code:
<?php
//Login url, if i hit the page without logging in it will ask for username, password, and key then then will go to the page i an looking for.
$url = "https://domain.com/7000/7000.aspx?filtertype=2";
$ckfile = tempnam("/tmp", "CURLCOOKIE");
$useragent = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2';
$username = "username";
$password = "password";
$key = "key";
$f = fopen('/tmp/log.txt', 'w'); // file to write request header for debug purpose
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
//I have tried to toggle these but does not make a difference
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
$html = curl_exec($ch);
curl_close($ch);
preg_match('~<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="(.*?)" />~', $html, $viewstate);
preg_match('~<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="(.*?)" />~', $html, $eventValidation);
preg_match('~<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="(.*?)" />~', $html, $viewstategenerator);
preg_match('~<input type=\'hidden\' name=\'EditToken\' id=\'EditToken\' value =\'(.*?)\'/>~', $html, $edittoken);
$viewstate = $viewstate[1];
$eventValidation = $eventValidation[1];
$viewstategenerator = $viewstategenerator[1];
$edittoken = $edittoken[1];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $f);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
// Collecting all POST fields
$postfields = array();
$postfields['__EVENTTARGET'] = "";
$postfields['__EVENTARGUMENT'] = "";
$postfields['__VIEWSTATE'] = $viewstate;
$postfields['__EVENTVALIDATION'] = $eventValidation;
$postfields['__VIEWSTATEGENERATOR'] = $viewstategenerator;
$postfields['EditToken'] = $edittoken;
$postfields['sUserName'] = $username;
$postfields['sPassword'] = $password;
$postfields['sParentUID'] = $key;
$postfields['hidIE11BugFix'] = "";
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch); // Get result after login page.
print $ret;
?>
The log file: I am new to reading response codes i have googled around and i see a couple items that might be red flags but im not really sure.
* About to connect() to domain.com port 443 (#0)
* Trying 123.123.123.123... * connected
* Connected to domain.com (1123.123.123.123) port 443 (#0)
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=domain.com,OU=COMODO SSL,OU=Issued through Domain Neme E-PKI Manager,OU=Domain Control Validated
* start date: Dec 10 00:00:00 2015 GMT
* expire date: Jan 21 23:59:59 2018 GMT
* common name: domain.com
* issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> POST /7000/7000.aspx?filtertype=2 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2
Host: domain.com
Accept: */*
Referer: https://domain.com/7000/7000.aspx?filtertype=2
Cookie: ASP.NET_SessionId=1j4tzm4gp15myudy4hgtc3ua; GRI%5FLOGIN=NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2
Content-Length: 5658
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------4e03c9b32001
< HTTP/1.1 100 Continue
< HTTP/1.1 302 Found
< Cache-Control: private
< Content-Type: text/html; charset=utf-8
< Location: /Login_Entry.aspx
< X-dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< X-dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
* Replaced cookie GRI%5FLOGIN="NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2" for domain domain.com, path /, expire 0
< Set-Cookie: GRI%5FLOGIN=NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2; path=/
* Replaced cookie ASP.NET_SessionId="" for domain domain.com, path /, expire 0
< Set-Cookie: ASP.NET_SessionId=; path=/
< X-dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< dynaTrace: PT=19804;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< X-U2: ATLVP1WEB02
< X-FRAME-OPTIONS: SAMEORIGIN
< Date: Sat, 25 Jun 2016 01:09:24 GMT
< Content-Length: 134
<
* Ignoring the response-body
* Connection #0 to host domain.com left intact
* Issue another request to this URL: 'https://domain.com/Login_Entry.aspx'
* Violate RFC 2616/10.3.3 and switch from POST to GET
* Re-using existing connection! (#0) with host domain.com
* Connected to domain.com (165.193.56.22) port 443 (#0)
> GET /Login_Entry.aspx HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.3 Safari/533.2
Host: domain.com
Accept: */*
Referer: https://domain.com/7000/7000.aspx?filtertype=2
Cookie: ASP.NET_SessionId=; GRI%5FLOGIN=NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2
< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Expires: -1
< X-dynaTrace: PT=19807;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
< dynaTrace: PT=19807;PA=-499723444;RS=VMS1/20160624103046_0.session;SP=VMS1;PS=-1294020462
* Replaced cookie ASP.NET_SessionId="hzfobhtjmshwj2w45yiyappm" for domain domain.com, path /, expire 0
< Set-Cookie: ASP.NET_SessionId=hzfobhtjmshwj2w45yiyappm; path=/; HttpOnly
< X-U2: ATLVP1WEB02
< X-FRAME-OPTIONS: SAMEORIGIN
< Date: Sat, 25 Jun 2016 01:09:24 GMT
< Content-Length: 23876
< Vary: Accept-Encoding
<
* Connection #0 to host domain.com left intact
* Closing connection #0
The cookie: Im not really sure if is important however if it helps.
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
domain.com FALSE / FALSE 0 GRI%5FLOGIN NextURL=%2f7000%2f7000.aspx%3ffiltertype%3d2
#HttpOnly_domain.com FALSE / FALSE 0 ASP.NET_SessionId hzfobhtjmshwj2w45yiyappm
Ok i figured it out,
The login page is:
https://domain.com/login_entry.aspx
Looking at the source code, the line:
<form method="POST" action="login_confirm.ashx" id="form1">
https://domain.com/login_confirm.ashx
I changed:
$url = "https://domain.com/7000/7000.aspx?filtertype=2";
To:
$url = "https://domain.com/login_confirm.ashx";
Now i am seeing that i want.
Im not sure if this should be obvious or not.
I am developing a system that can check if a remote server has or not SSL enabled
My input is a simple URL, Example http://www.stackoverflow.com
How can i do that ?
Using CURL invoke given url
Get all header from curl
read header info returned by Curl response
For curl library and its curl function, Go through http://php.net/manual/en/book.curl.php
There are multiple ways to do this. The first one is the easiest, just try to retrieve the data (e.g. using file_get_contents()) from the specified URL with the HTTPS protocol. You get a timeout? That most likely means SSL/TLS is not supported.
Another one is to open a socket to port 443. Get a timeout? Again, that most likely means secure connections are not supported.
Another approach, which gives you more information, is to shell invoke something like OpenSSL (openssl s_client -connect example.com:443). But that's a lot more work, not always allowed, much more failure prone and you need to parse the result yourself.
An untested (no server available currently) and most likely not completely working (I haven't written a line of PHP in a few years) example for the first solution:
<?php
error_reporting(E_ALL);
$hasSsl = false;
if ($_SERVER["REQUEST_METHOD"] == "post")
{
// I hate error suppressing, but it's just a quick 'n dirty example!
$data = #file_get_contents($_POST["url"]);
$hasSsl = (strlen($data) != 0);
}
// Do something with $hasSsl
?>
<!doctype HTML>
<body>
<form method="post">
<p>
<input type="uri" name="url">
<input type="submit">
</p>
</form>
</body>
$sslEnabled = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') ? TRUE : FALSE;
EDIT 1
use curl: change http by https
send HEAD Request to this url
read the http response : if 200 then ssl is enabled
EDIT 2
input : http://www.stackoverflow.com
naive approach : $url = str_replace ("http", "https", $input);
preapring curl : with HTTP
$ch = curl_init ($url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_VERBOSE, 0);
curl_setopt ($ch, CURLOPT_HEADER, 1); // i want to read header response from server
curl_setopt ($ch, CURLOPT_CUSTOMREQUEST, 'HEAD'); // my request is HEAD
curl_setopt ($ch, CURLOPT_NOBODY, true); // i don't need to get body response : it is better for me and for the remote server
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, true); // to follow the location when http response is 301
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 10); // if ssl is not enabled, my connection can take a lot of time so i will wait only for 10 seconds otherwise SSL is not enabled : you can enhance this value
curl_exec ( $ch ) ;
$header = curl_getinfo($ch, CURLINFO_HEADER_OUT);
var_dump ($header_size);
the result is : (i got 2 http response, you should take the last one)
* About to connect() to proxy XXX.YYY.ZZZ.AAA port N (#0)
* Trying XXX.YYY.ZZZ.AAA... * connected
* Connected to XXX.YYY.ZZZ.AAA (XXX.YYY.ZZZ.AAA) port N (#0)
* ******************************************
> HEAD http://www.stackoverflow.com HTTP/1.1
* ******************************************
Host: www.stackoverflow.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive
< HTTP/1.0 301 Moved Permanently
< Content-Length: 148
< Content-Type: text/html; charset=UTF-8
< Location: http://stackoverflow.com/
< Date: Wed, 13 May 2015 11:01:07 GMT
* ******************************************
* ******************************************
* ******************************************
* ******************************************
< Proxy-Connection: keep-alive
* Connection #0 to host XXX.YYY.ZZZ.AAA left intact
* Issue another request to this URL: 'http://stackoverflow.com/'
* Examining connection #0 for reuse
* Re-using existing connection! (#0) with host XXX.YYY.ZZZ.AAA
* Connected to XXX.YYY.ZZZ.AAA (XXX.YYY.ZZZ.AAA) port N (#0)
* ******************************************
> HEAD http://stackoverflow.com/ HTTP/1.1
* ******************************************
Host: stackoverflow.com
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive
< HTTP/1.0 200 OK
< Cache-Control: public, no-cache="Set-Cookie", max-age=52
< Content-Length: 238748
< Content-Type: text/html; charset=utf-8
< Expires: Wed, 13 May 2015 11:02:01 GMT
< Last-Modified: Wed, 13 May 2015 11:01:01 GMT
< Vary: *
< X-Frame-Options: SAMEORIGIN
* ******************************************
< Set-Cookie: prov=bb4ad145-d7ed-4d40-8e02-43976c589c10; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly
< Date: Wed, 13 May 2015 11:01:08 GMT
* ******************************************
* ******************************************
* ******************************************
* ******************************************
< Proxy-Connection: keep-alive
* Connection #0 to host XXX.YYY.ZZZ.AAA left intact
* Closing connection #0
header response : with HTTPS (stackoverflow has not SLL on port 443)
* About to connect() to www.stackoverflow.com port 443 (#0)
* Trying 198.252.206.16... * Timeout
* connect() timed out!
* Closing connection #0
NOTE : you have to enable php_curl.dll in your php.ini file and restart your server
https://stackoverflow.com/a/21848415/524743
use the extension loaded check!
http://php.net/manual/en/function.extension-loaded.php
if(!extension_loaded('openssl')) {
throw new Exception('This app needs the Open SSL PHP extension.');
}
Or that one https://stackoverflow.com/a/7304205/524743
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
// SSL connection
}