I have used the cURL solution to solve XSS but there is an issue with it.
My proxy.php file contents are:-
<?php
$url = "http://www.yahoo.com";
$ch = curl_init();
$timeout = 5;
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$file_contents = curl_exec($ch);
curl_close($ch);
echo $file_contents;
?>
And this is how i am trying to execute php script
$("#tempButton").click(function(){
$("#pageContent").load('http://localhost:8080/proof/proxy.php',function() {
var t = $("#pageContent").html();
alert(t);
});
});
But variable t is showing the contents of proxy.php file while it is expected to show contents of yahoo.com which was set in proxy.php file. Am i doing something silly. #FirstTimePHP
As variable t is showing the content of the file the server software must not be recognising thee script as PHP.
There are several reasons that this may happen. Not having opening tags would be 1 but you of course have these.
Another potential reason is that php has not been loaded as a module in the server software.
Another potential reason is that the server does not parse files with the extension of php (this is configurable).
You should start from basics. Ignore the javascript, instead call the url manually and see what you get. The chances are you will see the code.
If this does happen ensure that server software (usually apache) is set to recognise the extension php is associated with the php module. Lastly ensure that PHP is actually properly installed.
Make your proxy.php like this.
<?php
if(in_array('curl', get_loaded_extensions())) {
$url = "http://www.yahoo.com";
$ch = curl_init();
$timeout = 5;
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$file_contents = curl_exec($ch);
curl_close($ch);
echo $file_contents;
}
else {
echo 'No cUrl here';
}
?>
Related
I'm making a web and one of its functions need to get content from itself. Using curl with the following function:
function get_page_code($url)
{
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($ch);
if (curl_errno($ch)) {
echo curl_error($ch);
echo "\n<br />";
$contents = '';
} else {
curl_close($ch);
}
if (!is_string($data) || !strlen($data)) {
$data = '';
}
return $data;
}
The issue appears when I noticed I need to have a cookie so the content I want to get actually appears, so my question is how can I send cookies with this curl function? Of course I've those cookies on my computer but once sent the request to get the html code of the introduced url those cookies are not there.
Cookies I want to send with curl:
session: ab1b298aslc
gender: m
I'd grateful with any help :-)
EDIT:
Tried adding this lines to the function and nothing happened:
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: gender=m"));
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Cookie: session=ab1b298aslc"));
I'm trying to get some data from a website that is not mine, using this code.
<?
$text = file_get_contents("https://ninjacourses.com/explore/4/");
echo $text;
?>
However, nothing is being echo'd, and the string length is 0.
I've done this method before, and it has worked no problem, but with this website, it is not working at all.
Thanks!
I managed to get the contents using curl like this:
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "https://ninjacourses.com/explore/4/");
$result = curl_exec($ch);
curl_close($ch);
cURL is a way you can hit a URL from your code to get a html response from it. cURL means client URL which allows you to connect with other URLs and use their responses in your code
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "https://ninjacourses.com/explore/4/");
$result = curl_exec($ch);
curl_close($ch);
i think this is useful for you curl-with-php and another
I've been banging my head on this for a while now and I'm sorta fed up. I'm not a PHP programmer so I might be missing something that is not immediately obvious to my Python infused brain.
So here's the context. I need to write a script to login automatically into a web interface and run a search, and well, absolutely everything I've tried to do seems to fail miserably.
Here's my code:
<?php
echo 'start';
// INIT CURL
$ch = curl_init();
// SET URL FOR THE POST FORM LOGIN
curl_setopt($ch, CURLOPT_URL, 'https://W0110DcIpsOcsRpt02/si_ocs_gui/login.php');
// ENABLE HTTP POST
curl_setopt ($ch, CURLOPT_POST, 1);
// SET POST PARAMETERS : FORM VALUES FOR EACH FIELD
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'username=*****&password=*****&btnSubmit=Login');
// IMITATE CLASSIC BROWSER'S BEHAVIOUR : HANDLE COOKIES
curl_setopt ($ch, CURLOPT_COOKIEJAR, '/var/tmp/cookie.txt');
# Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL
# not to print out the results of its query.
# Instead, it will return the results as a string return value
# from curl_exec() instead of the usual true/false.
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_FRESH_CONNECT, 1);
// EXECUTE 1st REQUEST (FORM LOGIN)
$store = curl_exec ($ch);
if($store == False){
echo " store false ";
echo curl_error($ch);
} else {
echo " store true ";
echo $store;
}
// SET FILE TO DOWNLOAD
echo ' second_request ';
curl_setopt($ch, CURLOPT_URL, 'https://W0110DcIpsOcsRpt02/si_ocs_gui/FWOCS1_BL_SUBSCRIBERS_list.php');
curl_setopt ($ch, CURLOPT_POST, 1);
#curl_setopt ($ch, CURLOPT_POSTFIELDS, 'value_ACCESS_NO_4=15142351150');
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'q=\(SUBSCRIBER_ID~equals~1545303\)');
// EXECUTE 2nd REQUEST (FILE DOWNLOAD)
if(!$store == False){
$content = curl_exec ($ch);
echo $content;
}
// CLOSE CURL
curl_close($ch);
echo ' done';
?>
The behaviour of this is as follows. I run the script, and it fails at the first cURL request (the login) and returns no errors. I have modified this line here:
curl_setopt ($ch, CURLOPT_POSTFIELDS, 'username=*****&password=*****&btnSubmit=Login');
by removing the btnSubmit=Login part and I get the login page displayed with the filled in username and password fields. I can press the login button and it will work. However, it seems that my lack of web development is biting me here and I have no idea how that button works. So, here's the code inspected with firebug:
<a class="rnr-button main" href="#" onclick="document.forms[0].submit();return false;">Submit</a>
I also went directly in the PHP code on the web server and found the button corresponding to it:
if ((#$_POST["btnSubmit"] == "Login" || $adSubmit) && $logacc)
Hence why I was trying the btnSubmit=Login.
So my question is pretty simple: what am I doing wrong and how can I get the results I need?
I have got the same problem and find the solution for it.
Code
CURLOPT_RETURNTRANSFER => false
Use this to solve your problem.
I'm trying to execute curl using the following code.
mainFunction{
.
.
$url = strtolower($request->get('url', NULL));
$html_output= $this->startURLCheck($url);
.
.
}
function startURLCheck($url)
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$html_output = curl_exec($ch);
}
When i give the string URL directly this is working fine. But then I pass the string data through a function curl is not executing. curl_error gives shows no errors too. I tried many encoding and decoding method for the string with same result.Am i doing something wrong? I working using XAMPP server on windows.
I'm passing URL to this function after getting the URL from a HTML post request in another function.
The problem is that your function startURLCheck does not actually return a value for the main program to use. Change the last line:
function startURLCheck($url)
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
return curl_exec($ch);
}
In your calling code, take out the "$this->"
$html_output = startURLCheck($url);
$html_output now contains results of the curl call.
I have assumed that you copied and pasted this code from somewhere since your "mainFunction" declaration is syntactically incorrect, and you used "$this->" without specifying that startURLCheck was a method of an object.
If in fact you intend startURLCheck to be an object method and you want it to set $html_output on the object, do this:
<?php
class Example {
private $html_output;
function mainFunction()
{
$url='http://www.ebay.com/itm/Apple-iPhone-5-16GB-Black-Slate-Cricket-intl-UNLOCKED-pleeze-read-ad-/251252227033';
$this->startURLCheck($url);
echo "HTML output: " . $this->html_output;
}
function startURLCheck($url)
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$this->html_output = curl_exec($ch);
}
}
$example = new Example();
$example->mainFunction();
I have tested this code on the command line (not in a web page). If you copy and paste this into a file and run it using php -r you will see the results. (And note that I didn't include a closing ?> tag. The closing tag is optional when the file contains only PHP code and no HTML. In fact it is recommended that the closing tag be omitted in such cases. See http://php.net/manual/en/language.basic-syntax.instruction-separation.php)
Please also note in your question code for mainFunction you have illegal spaces before "pleeze" in your URL and you are missing the semicolon at the end of the $url assignment.
Hope this helps. Good luck.
This works good.
<?php
function excURL()
{
$ch = curl_init();
$url = "http://www.google.com";
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$html_output = curl_exec($ch);
echo $html_output;
}
excURL();
?>
Hey Guys I have found the problem..Finally..
When I set CURLOPT_FOLLOWLOCATION for the curl this is working fine...
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
But stil it is not clear why it worked when I hardcoded the URL inside the function and did not work when I passed url as a variable into the function, without setting CURLOPT_FOLLOWLOCATION ... When I set this option it is working in both ways..
I'm using PHP's cURL function to read profiles from steampowered.com. The data retrieved is XML, and only the first roughly 1000 bytes are needed.
The method I'm using is to add a Range header, which I read on a Stack Overflow answer (curl: How to limit size of GET?). Another method I tried was using the curlopt_range but that didn't work either.
<?
$curl_url = 'http://steamcommunity.com/id/edgen?xml=1';
$curl_handle = curl_init($curl_url);
curl_setopt ($curl_handle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($curl_handle, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt ($curl_handle, CURLOPT_HTTPHEADER, array("Range: bytes=0-1000"));
$data_string = curl_exec($curl_handle);
echo $data_string;
curl_close($curl_handle);
?>
When this code is executed, it returns the whole thing.
I'm using PHP Version 5.2.14.
The server does not honor the Range header. The best you can do is to cancel the connection as soon as you receive more data than you want. Example:
<?php
$curl_url = 'http://steamcommunity.com/id/edgen?xml=1';
$curl_handle = curl_init($curl_url);
$data_string = "";
function write_function($handle, $data) {
global $data_string;
$data_string .= $data;
if (strlen($data_string) > 1000) {
return 0;
}
else
return strlen($data);
}
curl_setopt ($curl_handle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($curl_handle, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt ($curl_handle, CURLOPT_WRITEFUNCTION, 'write_function');
curl_exec($curl_handle);
echo $data_string;
Perhaps more cleanly, you could use the http wrapper (this would also use curl if it was compiled with --with-curlwrappers). Basically you would call fread in a loop and then fclose on the stream when you got more data than you wanted. You could also use a transport stream (open the stream with fsockopen, instead of fopen and send the headers manually) if allow_url_fopen is disabled.