I created a test host on 0fees.net. I also create a small php script that will receive the file i wish to send.
I tried a lot of things but server responds with HTTP 403 Forbidden; The actual message in verbose output is
* About to connect() to ********* port 80 (#0)
* Trying 209.190.85.12... * connected
* Connected to ******* (209.190.85.12) port 80 (#0)
> POST /index.php HTTP/1.1
Host: *************
Accept: */*
Content-Length: 791
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------4cad4df8
02c5
* The requested URL returned error: 403
* Closing connection #0
* HTTP response code said error
The code i use is
curl_easy_setopt(curl, CURLOPT_URL, link);
curl_easy_setopt(curl, CURLOPT_HEADER, "User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.30 Safari/534.30");
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt (curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "");
curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
curl_easy_perform(curl);
Most of the curlopts stuff i added simply because i get the aforementioned http 403 error. How can i resolve this?
P.S
This code works flawlessly on my localhost setup!
403 forbidden usually means that you're sending a request either using the wrong method or to the wrong URL.
#dikidera I think CURL support is not available in 0fees.net
Check with this code
if (function_exists('curl_init'))
{echo "yes";}
else { echo "No"; }
Related
I'm trying to retrieve the contents of a URL: https://www.cyber.gov.au/.
If I use wget or curl from the command line, all is fine. The response is almost instant.
$ wget https://www.cyber.gov.au/
--2020-11-17 08:47:12-- https://www.cyber.gov.au/
Resolving www.cyber.gov.au (www.cyber.gov.au)... 92.122.153.122, 92.122.153.201
Connecting to www.cyber.gov.au (www.cyber.gov.au)|92.122.153.122|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 41951 (41K) [text/html]
Saving to: ‘index.html’
index.html 100%[=========================================>] 40.97K --. KB/s in 0.002s
2020-11-17 08:47:13 (18.8 MB/s) - ‘index.html’ saved [41951/41951]
However, when I try to connect to the same URL through PHP curl, it times out with the message:
Operation timed out after 5001 milliseconds with 0 bytes received
I've reduced this to a test case:
$handle = curl_init('https://www.cyber.gov.au/');
curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($handle, CURLOPT_TIMEOUT, 5);
curl_setopt($handle, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36');
$output = curl_exec($handle);
echo $output;
curl_close($handle);
I also tried with various combinations of these additional curl settings, with no change:
curl_setopt($handle, CURLOPT_FRESH_CONNECT, true);
curl_setopt($handle, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); // Also tried specifying v6
curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, 0);
It doesn't seem to be the DNS resolution time:
echo curl_getinfo($handle, CURLINFO_NAMELOOKUP_TIME); // 0.012 seconds
I've tried this on different machines, with different versions of PHP (7.2.12 and 7.4.10), and I get the same behaviour. Other URLs, both HTTP and HTTPS, work as expected. I get the same on CLI PHP as through Apache. Trying file_get_contents() gives a similar result, it just times out. Adding verbose curl logging didn't provide any more information.
curl --version gives curl 7.47.0 and curl 7.58.0 on the machines I tested on.
Can anyone spot what's going on or point me in the right direction to find out more about the problem?
I have a PHP script which uses CURL to log into a site with a simple login page. It sends an initial request to the site and sees if it's already logged in (due to cookies) or if the login page comes up - and if it does, logs in.
However, recently I noticed that every time the script runs it is never logged in. Deep diving into the headers using VERBOSE shows that the cookie in the COOKIEFILE/COOKIEJAR is never used, only the cookies that are received by the site for that particular session. If I manually add cookies to the cookiejar in the middle of the run (something that used to work) - it doesn't work anymore as the cookies in the COOKIEFILE aren't actually used.
This happens both locally and on the production server, meaning it doesn't seem to be a system issue. I created test versions for other login pages with the same results.
I use a fullpath to the cookie file (which is updated with cookies, just not used) and use curl_close().
Following is the CURL function:
private function curlPage($url, $postParameters) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postParameters);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_COOKIEJAR, __DIR__.'/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, __DIR__.'/cookie.txt');
curl_setopt($ch, CURLOPT_ENCODING, '');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POSTREDIR, 3);
if ($this->verbose == 1) curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->defaultTimeout);
curl_setopt($ch, CURLOPT_USERAGENT, $this->useragent);
$pageResponse = curl_exec($ch);
curl_close($ch);
return $pageResponse;
}
Following is the verbose response of the CURL request to the main page, where it is supposed to check whether or not it is logged in. As the site is of a client, I redacted it.
* Rebuilt URL to: *********
* Hostname was NOT found in DNS cache
* Trying : *********...
* Connected to : ********* (*********) port 80 (#0)
> GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
Host: *********
Accept: */*
< HTTP/1.1 200 OK
< Date: Wed, 20 Jul 2016 20:42:22 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Keep-Alive: timeout=15
< Vary: Accept-Encoding
< Expires: Mon, 26 Jul 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, no-store, must-revalidate
* Server ********* is not blacklisted
< Server: *********
<
As can be seen - no cookie in sight, despite having a COOKIEFILE available.
Any assistance would be highly appreciated.
The first you must make sure __DIR__ have write permission.
The second when you run code. You can check cookie.txt file had been create or not.
The third you must use ONE cookie for all session. So the victim know you logged in.
And try my source
$cookies = tempnam('/tmp','cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
So here's my problem.
I'm using curl to access my CouchDB by HTTP. I recently updated my WAMP to the WAMP 3 64bit wich comes with PHP 5.6.16 and Apache 2.4.17. Therefore, since this upgrade, I discovered that I couldn't do PUT request anymore.
Env
PHP 5.6.16
Apache 2.4.17
Windows 10 64 bit
Wamp 3 64 bit
Curl --version
curl 7.49.1 (x86_64-pc-win32) libcurl/7.49.1 OpenSSL/1.0.2h nghttp2/1.11.1
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM SSL HTTP2
Code executed
So when I execute this :
<?php
$table="testname";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost:5984/' . $table);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, 'validUser:validPass');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-type: application/json',
'Accept: */*'
));
$response = curl_exec($ch);
curl_close($ch);
echo $response;
I get a quick response from the server.
Then, I try to create a database :
<?php
$table = "testname";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost:5984/' . $table);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, 'validUser:validPass');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-type: application/json',
'Accept: */*'
));
$response = curl_exec($ch);
curl_close($ch);
echo $response;
Problem
So, when I execute this code, the request will hang on curl_exec.
What's weird is that, after the timeout, the request will be received by CouchDB but no response will be given. It seems that my "Put" request are stacked in a buffer and they are waiting to be executed.
Verbose curl output
* Hostname in DNS cache was stale, zapped
* Trying ::1...
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 5984 (#0)
* Server auth using Basic with user 'validUser'
> PUT /customers HTTP/1.1
Host: localhost:5984
Authorization: Basic dGVzdEFkbWluOnRlc3RQYXNzd29yZA==
Content-type: application/json
Accept: */*
* Operation timed out after 10000 milliseconds with 0 bytes received
* Closing connection 0
Hints
-I try to install a SSL certificate but It didn't seem to work. Having this certificate still installed can cause problems?
-I can do PUT request with a REST client on my Atom editor without problems.
-I seems like there is a problem in my network route internally. I'm saying this because It affected the PHP-Curl aswell as the Curl CLI. Also, I'm able to do GET request but the PUT request are like "hanging" for no reason and are "Accepted" by my CouchDB when the timeout occurs. It's like if I was sending long poll request.
What have been tested
Execute the same command on the command line -> Same result
Try a REST Client on my Atom editor with success
A friend of mine try to access to my database remotly with success (So CouchDB doesn't seem the problem)
Even if I tested with my Firewall disabled, uninstalling my antivirus ( Bitdefender Total Security 2016) fixed my issue.
I'm attempting to access the Australia Post API to validate addresses, however I am not able to authorise the call via cURL with PHP or CLI.
The following Wget CLI call works as expected and returns the XML:
wget --user=username#domain.com.au --password=pass https://api.auspost.com.au/ValidateAddress.xml?addressLine1=31+test+street\&suburb=Adelaide\&postcode=5000\&state=SA\&country=Australia
And the CLI log from Wget:
--2014-12-16 00:33:24-- https://api.auspost.com.au/ValidateAddress.xml?addressLine1=31+test+street&suburb=Adelaide&postcode=5000&state=SA&country=Australia
Resolving api.auspost.com.au (api.auspost.com.au)... 54.66.176.138, 54.66.176.138
Connecting to api.auspost.com.au (api.auspost.com.au)|54.66.176.138|:443... connected.
HTTP request sent, awaiting response... 401 Authorization Required
Reusing existing connection to api.auspost.com.au:443.
HTTP request sent, awaiting response... 200 OK
Length: 255 [application/xml]
Saving to: ‘ValidateAddress.xml?addressLine1=31+test+street&suburb=Adelaide&postcode=5000&state=SA&country=Australia.5’
However the below cURL CLI call does not:
curl -u username#domain.com.au:pass https://api.auspost.com.au/ValidateAddress.xml?addressLine1=31+test+street\&suburb=Adelaide\&postcode=5000\&state=SA\&country=Australia -v
cURL log:
* Hostname was NOT found in DNS cache
* Trying 54.66.176.138...
* Connected to api.auspost.com.au (54.66.176.138) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: api.auspost.com.au
* Server certificate: VeriSign Class 3 Extended Validation SSL SGC CA
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
* Server auth using Basic with user 'user#domain.com.au'
> GET /ValidateAddress.xml?addressLine1=3 HTTP/1.1
> Authorization: Basic auth_hash_here
> User-Agent: curl/7.37.1
> Host: api.auspost.com.au
> Accept: */*
>
< HTTP/1.1 401 Authorization Required
Passing an 'Authorization' header with the auth hash as below also results in a 401 error.
curl -H 'Authorization: Basic auth_hash_here' https://api.auspost.com.au/ValidateAddress.xml?addressLine1=31+test+street\&suburb=Adelaide\&postcode=5000\&state=SA\&country=Australia -v
Ultimately, I need to call this in PHP (ideally via Guzzle but will take cURL if I can get it working!). Below is the PHP code I have tried with no success.
$service_url = 'https://api.auspost.com.au/ValidateAddress.xml?addressLine1=31+test+street&suburb=Adelaide&postcode=5000&state=SA&country=Australia';
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, "username#domain.com.au:pass");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, TRUE);
$curl_response = curl_exec($curl);
var_dump($curl_response);
I have successfully ran the call via a Chrome REST client, and can see the correct headers being sent with the call via Chrome's network inspector.
The username and password details are correct, and have verified this numerous times.
Anyone have any suggestions as to how I could get this working in PHP?
I have problems with "file_get_contents" and "cURL". When I make this:
$myFile = 'http://example.com/asset_compress/assets/get/bbb.js?file%5B0%5D=myfile.js';
$a=file_get_contents( $myFile );
I get this error:
Warning (2): file_get_contents
(http://example.com/asset_compress/assets/get/bbb.js?file%5B0%5D=myfile.js)
[function.file-get-contents]: failed to open stream:
HTTP request failed! HTTP/1.0 404 Not Found
[APP/Controller/MyController.php, line 1373]
Then I tried CURL like this:
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $myFile);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_USERAGENT, $this->userAgent);
curl_setopt($curl_handle, CURLOPT_VERBOSE, true);
curl_setopt($curl_handle, CURLOPT_AUTOREFERER, true);
$a = curl_exec($curl);
curl_close($curl);
And I get this error:
404 Not Found: The resource requested could not be found on this server!
But when I write http://example.com/asset_compress/assets/get/bbb.js?file%5B0%5D=myfile.js to my browser's address bar, I get the file perfectly. The headers of the browser is like this:
Request URL:http://example.com/asset_compress/assets/get/bbb.js?file%5B0%5D=myfile.js
Request Method:GET
Status Code:200 OK
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:tr,en-US;q=0.8,en;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Host:example.com
User-Agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.28 Safari/537.31
Query String Parameters
file[0]:myfile.js
Response Headers
Connection:close
Content-Length:15911
Content-Type:application/javascript; charset=UTF-8
Date:Fri, 29 Mar 2013 20:33:43 GMT
Server:Apache
X-Powered-By:PleskLin
I suspected file_get_contents and when I make this, I get output perfectly:
$d1 = file_get_contents("http://www.yahoo.com");
print_r($d1);
When I try cURL I get 404 error. How can I more diagnose why I get 404, despite that I get 200 from browser request.
This being hosted on a local computer? Or else where?
I was having an similar issue that my host determined to be an ISP down the line blocking my requests.