I'm making request to LinkedIn page and receiving "HTTP/1.1 999 Request denied" response.
I use AWS/EC-2 and get this response.
On localhost everything works fine.
This is sample of my code to get html-code of the page.
<?php
error_reporting(E_ALL);
$url= 'https://www.linkedin.com/pulse/5-essential-strategies-digital-michelle';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$response = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
var_dump($response);
var_dump($info);
I don't need whole page content, just meta-tags (title, og-tags).
Note that the error 999 don't exist in W3C Hypertext Transfer Protocol - HTTP/1.1, probably this error is customized (sounds like a joke)
LinkedIn don't allow direct access, the probable reason of them blocking any "url" from others webservers access should be to:
Prevent unauthorized copying of information
Prevent invasions
Prevent abuse of requests.
Force use API
Some IP addresses of servers are blocked, as the "IP" from "domestic ISP" are not blocked and that when you access the LinkedIn with web-browser you use the IP of your internet provider.
The only way to access the data is to use their APIs. See:
Accessing LinkedIn public pages using Python
Heroku requests return 999
Note: The search engines like Google and Bing probably have their IPs in a "whitelist".
<?php
header("Content-Type: text/plain");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.linkedin.com/company/technistone-a-s-");
$header = array();
$header[] = "Host: www.linkedin.com";
$header[] = "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0";
$header[] = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
$header[] = "Accept-Language: en-US,en;q=0.5";
$header[] = "Accept-Encoding: gzip, deflate, br";
$header[] = "Connection: keep-alive";
$header[] = "Upgrade-Insecure-Requests: 1";
curl_setopt($ch,CURLOPT_ENCODING , "gzip");
curl_setopt($ch, CURLOPT_HTTPHEADER , $header);
$my_var = curl_exec($ch);
echo $my_var;
LinkedIn is not supporting the default encoding 'identity' , so if you set the header
'Accept-Encoding': 'gzip, deflate'
you should get the response , but you would have to decompress it.
I ran into this while doing local web development and using the LinkedIn badge feature (profile.js). I was only getting the 999 Request denied in Chrome, so I just cleared my browser cache and localStorage and it started to work again.
UPDATE - Clearing cache was just a coincidence and the issue came back. LinkedIn is having issues with their badge functionality.
I submitted a help thread to their forums.
https://www.linkedin.com/help/linkedin/forum/question/714971
Related
I had been using PHP curl to get the contents of a file, hosted on a different server. The file can easily be opened on a browser like Chrome etc., but with cURL, it always returns a blank page.
The file is hosted on an Nginx server and even miniproxy.php fails to get contents. Instead, it returns 406 not acceptable. I tried using the HTTP spy extension to monitor the request sent and found the following header:
Upgrade-Insecure-Requests:1
I tried sending the same header along With other headers, but in vain. Still, I couldn't rectify my mistake. On the Internet, I found the zalmos proxy which was able to get the contents of the file. The curl code I wrote is attached below.
$url = "http://smumcdnems01.cdnsrv.jio.com/jiotv.live.cdn.jio.com/" . $ch . "/" . $ch . "_" . $q . ".m3u8" . $tok;
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$headers = array(
"User-Agent: agent",
"lbcookie: 300",
"devicetype: 1",
"os: android",
"appkey: 1111111",
"deviceId: device id",
"uniqueId: unique id",
"ssotoken: any token",
"Upgrade-Insecure-Requests: 1",
"Host: example.com",
"Connection: keep-alive",
"X-Chrome-offline: persist=0 reason=reload",
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
"Accept-Encoding: gzip, deflate, sdch",
"Accept-Language: en-GB,en-US;q=0.9,en;q=0.8",
"subscriberId: any id",
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
//for debug only!
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$resp = curl_exec($curl);
curl_close($curl);
echo $url;
echo $resp;
I believe that any part is missing in my code which is posing a problem. How can this be rectified?
Check your URL. Curl must give you the response. If it's hit the target URL, either the target URL is not responding to anything when sending the request.
You may be trying to access a websocket. Try to simulate with Postman to get more information.
I wrote a short PHP plugin for a WordPress site, the goal of which is to hook onto a Javascript-generated A tag, CURL a POST request to a different website which Logs the user into that site, and then redirects the user to a page on that site.
The idea is that the user would click on the A tag on the wordpress site and the script would log them in and redirect so that they don't have to enter the login credentials themselves; the login would already have been performed by the curl.
When I test this out, only the redirect portion of the script occurs. The login doesn't appear to occur; or, if it does, it doesn't appear to 'stick'; maybe something is happening with the cookie so that the login isn't remembered. I'm not sure how to debug this because the Network tab under Chrome DevTools is empty, and the Debug Log in WordPress' file manager is not showing any errors either.
Here is my script:
<?php
/*
Plugin Name: Denrile's Plogger
Plugin URI: http://my-awesomeness-emporium.com
description: >- a plugin to that takes the user to the Pruvan website,
after using CURL to log them in so that the redirect doesn't hit a user authentication wall.
Version: 1.0
Author: John Mauran
Author URI: http://github.com/jmauran91
License: GPL2
*/
function loginToJulian($url, $username, $password){
$curl = curl_init();
$header[0]= "Accept: application/json, text/javascript, */*; q=0.01";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Content-Type: application/x-www-form-urlencoded";
$header[] = "Keep-Alive: 300";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$verbose = fopen(dirname(__FILE__).'/errorlog.txt', 'w');
curl_setopt($curl, CURLOPT_VERBOSE, true);
curl_setopt($curl, CURLOPT_STDERR, $verbose);
// Make the errors visible in a new file
$payload_username = '"'.$username.'"';
$payload_password = '"'.$password.'"';
$payloadtext=urlencode('{"username":'.$payload_username.',"password":'.$payload_password.'}');
$payload = "payload=".$payloadtext;
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_POSTFIELDS, $payload);
curl_setopt($curl, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_exec($curl);
curl_close($curl);
header("Location: https://titlereporter.direct.pruvan.com/v2/pmgr");
}
function default_wordpress_hook(){
$j_username = "Denrile";
$j_password = "***********";
$login_url ="https://titlereporter.direct.pruvan.com/v2/login?redir=%2Fv2%2Fpmgr&m=Authentication%20Required";
$last_url = "https://titlereporter.direct.pruvan.com/v2/pmgr";
if(isset($_GET['prvn_login'])){
loginToJulian($login_url, $j_username, $j_password);
exit();
} else {
}
}
add_action("init","default_wordpress_hook");
?>
Helpful suggestions would be much appreciated, thanks.
EDITED: ***
To login to the site, the browser must make an HTTP request to it and receive the cookie data that marks them as logged in in the response.
When you make the request with cURL, you get the cookie in the server side code, and it never reaches the browser, so the browser isn't logged in.
Note that your website cannot set cookies in the browser on behalf of the other website.
I am not sure whether this is possible or not, but if it is, I need to know where to start at least. I want to fill the form on the site I do not own, using a field on the site I do own.
Specifically this computer game site http://www.g2a.com/, and the search form there which is
<input type="text" class="mp-h-main ui-autocomplete-input" id="product-autocomplete" placeholder="Search a game" data-rel="active" autocomplete="off" state="closed">
It seems to be Ajax or jQuery loaded, and there seems to be no regular search function on the site. Is there a good known way, or do I stand little chance in this case?
Kind regards, John
Sniff the form post content using something like live http headers for firefox and emulate it with php curl, i.e.:
<?php
$productName = rawurlencode("DOOM STEAM CD-KEY PREORDER GLOBAL");
$url = "https://www.g2a.com/lucene/search/quick?jsoncallback=jQuery111005943281338131983_1462669099509&phrase=$productName&isWholesale=false&cn=&skip=28837%2C28838%2C28847%2C28849%2C28852%2C28856%2C28857%2C28858%2C28859%2C28860%2C28861%2C28862%2C28863%2C28867%2C28868%2C29472%2C29473%2C29474%2C33104&start=0&rows=5&_=1462669099513";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
"Host: www.g2a.com",
"Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01",
"Accept-Language: en-US,en;q=0.5",
"Accept-Encoding: gzip, deflate, br",
"X-Requested-With: XMLHttpRequest",
"Referer: https://www.g2a.com/",
"Cookie: store=englishus; user_time_offset=-120; _ga=GA1.2.1616293500.1462668986; PHPSESSID=eemnk12t6fml8l0l0mf3l63tr5; currency=USD; _gat=1; __ar_v4=WZC2HGDHXZBR7NN565K5H7%3A20160507%3A3%7CY5G5B7MZYJA65OM2BVC43V%3A20160507%3A3%7CJOM3QZF4VBESRIYVTRCJ3R%3A20160507%3A3; Hm_lvt_11391e2f2164ca5838ee836fac473f57=1462668991,1462669101; Hm_lpvt_11391e2f2164ca5838ee836fac473f57=1462669101; external_no_cache=1",
"Connection: keep-alive"
));
$response = curl_exec($ch);
echo $response;
curl_close ($ch);
Output:
jQuery111005943281338131983_1462669099509({"numFound":1,"start":0,"docs":[{"id":27581,"name":"DOOM STEAM CD-KEY PREORDER GLOBAL","type":"egoods","preOrder":1,"slug":"/doom-steam-cd-key-preorder-global.html","addUrl":"uenc/aHR0cDovLw,,/product/27581/","minPrice":32.99,"g2aQty":1,"g2aPrice":32.99,"retailQty":0,"wholesaleQty":0,"thumbnail":"https://images.g2a.com/m/58x58/1x1x1/thumbnail/d/o/ef1f8c916783_doom_2d_3.png","brandsDirectOnSearch":0,"bdPrice":0}]})
Is there a way to redirect the user to another site and fake the referrer at the same time.?
Tried this with my code, i know its wrong but thats only how far i can get.
<?php
$page1 = "http://google.com"; $page2 = "http://yahoo.com/";
$mypages = array($page1,$page2);
$myrandompage = $mypages[mt_rand(0, count($mypages) -1)];
$sites = array_map("trim", file("links.txt"));
$referer = $sites[array_rand($sites)];
function fake_it($url, $ref, $agent)
{
$curl = curl_init();
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$header[] = "Pragma: "; // browsers keep this blank.
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_USERAGENT, $agent);
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_REFERER, $ref);
curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($curl, CURLOPT_AUTOREFERER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 5000);
$html = curl_exec($curl);
curl_close($curl);
// returns the content provided by the site
return $html;
}
//Below would send a request to the url, with the second parameter as the referrer
echo fake_it($myrandompage, $referer,$_SERVER['HTTP_USER_AGENT']);
?>
what i want is to go from refer.php -> google.com(referer = some other url)..
What you can do is to redirect a user to a https site, like damianb described + do a meta refresh on your redirect.php script:
redirect.php: (e.g https://www.myurl.com/redirect.php?url=http://www.someotherurl.com)
<?php $destination = $_GET['url']; ?>
<html><head><meta http-equiv="refresh" content="0;url=<?php echo $destination; ?>/"></head><body></body></html>
Now you fight with 2 weapons (https, and for browsers that still send the referer: a refresh tag).
In RFC 2616 it says:
1. "If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not send"
But since this is not fully true.. unfortunately, you can consider this too:
2. "Most web browsers do not send the referer field when they are instructed to redirect using the "Refresh" field. This does not include some versions of Opera and many mobile web browsers. However, this method of redirection is discouraged by the World Wide Web Consortium (W3C).[7]"
http://en.wikipedia.org/wiki/HTTP_referrer#Referer_hiding
Tested with Chrome and Firefox. Good luck!
I don't think you can change referrers at all.
The only way I know of to trash referrers is to either proxy the page loads with something like cURL (which is bad idea, bad bad), or I believe you can go from an HTTPS page outbound.
I am not absolutely sure, but I seem to recall that browsers don't send referrers when they're coming from an HTTPS site for security reasons.
Lemme double-check.
EDIT: According to RFC 2616, browsers should not send referrers when coming from an HTTPS secured site.
reference: https://www.rfc-editor.org/rfc/rfc2616#section-15.1.3
Clients SHOULD NOT include a Referer header field in a (non-secure)
HTTP request if the referring page was transferred with a secure
protocol.
<?php
if(isset($_GET['token']))
{
$url="http://www.google.com/calendar/feeds/default/allcalendars/full";
$useragent="PHP 5.2";
$header=array( "GET /accounts/AuthSubSessionToken HTTP/1.1",
"Content-Type: application/x-www-form-urlencoded",
"Authorization: AuthSub token=".$_GET['token'],
"User-Agent: PHP/5.2",
"Host: https://www.google.com",
"Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2",
"Connection: keep-alive"
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_URL, $url);
$data = curl_exec($ch);
print_r($data);
}
?>
The result is page not found. However, I call http://www.google.com/calendar/feeds/default/allcalendars/full from firefox , it's return XML file. So, I think, my code may wrong. But I can't find the error. :(
That is because you are accessing Google Calendar via your personal port. Whenever you access that specific URL, Google checks to see if you are logged in. If not, it sends a 404. If you are, it outputs the calendar based on the settings you provided. That URL does not specify a specific calendar that it's supposed to pull from the site, and it cannot use the cookies stored on the user's computer because it is being fetched from your server, which will not have any cookies for a calendar. When I try to access that page without logging on, I get a 401 Authorization Required error, which I bet is what PHP is getting and you just don't realize it.
You need to go into your Google Calendar settings and find the embedding options to find a URL that is specific to your account so that it will always fetch an XML feed for your calendar.
Read more about the Google 'Calendar Address' here: http://www.google.com/support/calendar/bin/answer.py?answer=34578
View from other applications: http://www.google.com/support/calendar/bin/answer.py?hl=en&answer=37648
I think that you may be overriding the URL with this line in the header:
GET /accounts/AuthSubSessionToken HTTP/1.1
I think that will point CURL to http://www.google.com/accounts/AuthSubSessionToken
What happens when you remove it?
I got it.... I changed like this
<?php
function make_api_call($url, $token)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$curlheader[0] = sprintf("Authorization: AuthSub token=\"%s\"/n", $token);
curl_setopt($ch, CURLOPT_HTTPHEADER, $curlheader);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
function get_session_token($onetimetoken) {
$output = make_api_call("https://www.google.com/accounts/AuthSubSessionToken", $onetimetoken);
if (preg_match("/Token=(.*)/", $output, $matches))
{
$sessiontoken = $matches[1];
} else {
echo "Error authenticating with Google.";
exit;
}
return $sessiontoken;
}
if(isset($_GET['token']))
{
$sessiontoken=get_session_token($_GET['token']);
$accountxml = make_api_call("http://www.google.com/m8/feeds/contacts/yourmail#gmail.com/full", $sessiontoken);
print_r($accountxml);
}
else
{
$next=urlencode("http://www.mysteryzillion.org/gdata/index.php");
$scope=urlencode("http://www.google.com/m8/feeds/contacts/yourmail#gmail.com/full");
?>
Click here to authenticate through Google.
<?
}
?>