我正在尝试使用以下php代码绕过" Ubiquiti Networks-CPE" 的登录页面。虽然,我的代码正确保存了cookie信息,但它无法登录,我被重定向到登录页面并显示错误消息:
'无效的凭据'
Cookie Info from the actual page
实际登录页面的其他信息
Request URL:https://192.168.179.75/login.cgi Request Method:POST Status Code:302 Found Remote Address:192.168.179.75:443 Response Headers view source Content-Type:text/html Date:Tue, 28 May 2013 18:58:05 GMT Location:/index.cgi Server:lighttpd/1.4.31 Set-cookie:show_security_warning=true Set-cookie:ui_language=en_US; expires=Tuesday, 19-Jan-38 03:14:07 GMT Transfer-Encoding:chunked Request Headers view source Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding:gzip, deflate, br Accept-Language:en-US,en;q=0.8,en-GB;q=0.6 Cache-Control:max-age=0 Connection:keep-alive Content-Length:332 Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryszePSjmcB2JJIDDa Cookie:last_check=1467001323935; AIROS_SESSIONID=8057f38405a60c6a17f05ef8d759bb42; ui_language=en_US Host:192.168.179.75 Origin:https://192.168.179.75 Referer:https://192.168.179.75/login.cgi Upgrade-Insecure-Requests:1 User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 Request Payload ------WebKitFormBoundaryszePSjmcB2JJIDDa Content-Disposition: form-data; name="uri" ------WebKitFormBoundaryszePSjmcB2JJIDDa Content-Disposition: form-data; name="username" ubnt ------WebKitFormBoundaryszePSjmcB2JJIDDa Content-Disposition: form-data; name="password" ubnt ------WebKitFormBoundaryszePSjmcB2JJIDDa-
PHP代码:
<?php
define('USERNAME', 'ubnt');
define('PASSWORD', 'ubnt');
define('USER_AGENT', 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36');
$cookie_file_path = str_replace('\\','/', getcwd().'/cookies');
define('COOKIE_FILE', $cookie_file_path);
define('LOGIN_FORM_URL', 'https://192.168.179.75/login.cgi');
define('REQUESTED_URL', 'https://192.168.179.75/status.cgi');
define('LOGIN_ACTION_URL', 'https://192.168.179.75/login.cgi');
$postValues = array(
'username' => USERNAME,
'password' => PASSWORD,
);
$curl = curl_init(LOGIN_FORM_URL);
curl_setopt($curl, CURLOPT_URL, LOGIN_ACTION_URL);
//curl_setopt($curl, CURLOPT_HEADER, 1);
//curl_setopt($curl, CURLOPT_COOKIE, $cookies);
//curl_setopt($curl,CURLOPT_COOKIESESSION,'AIROS_SESSIONID=ae60748359be4bd0468f51a346f4f3b9; last_check=1467001323935; show_security_warning=true; ui_language=en_US');
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
curl_setopt($curl, CURLOPT_COOKIEFILE, COOKIE_FILE);
curl_setopt($curl, CURLOPT_POST, true);
//curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");
//Set our post fields / date (from the array above).
//curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postValues));
curl_setopt($curl, CURLOPT_POSTFIELDS,$postValues);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
//curl_setopt($curl, CURLOPT_HTTPHEADER, array('REMOTE_ADDR: 192.168.179.75','Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6'));
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Host: 192.168.179.75','Expect: ','Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6'));
curl_setopt($curl, CURLOPT_REFERER, LOGIN_FORM_URL);
$result = curl_exec($curl);
if(curl_errno($curl)){
throw new Exception(curl_error($curl));
}
//curl_setopt($curl, CURLOPT_URL, 'https://192.168.179.75/status.cgi');
//
//curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
//curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
//curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
//$result = curl_exec($curl);
//echo $result;
print_r($result);
curl_close($curl);
?>
答案 0 :(得分:0)
设置像boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6
这样的强制边界是行不通的。 curl生成它自己的边界,它将被使用。如果您设置该自定义,POST将最终格式错误。删除整个自定义Content-Type:
标头,因为curl会自行执行此操作。您也不需要像这样设置Host:
标题,curl会从您使用的网址中提取必要的主机。
登录页面可能甚至可能设置您在登录POST时需要拥有的cookie。这是一种常见的做法。要做到这一点,首先需要获取登录页面并存储cookie,然后在随后的登录POST中使用它们。
您希望让curl遵循登录帖子最有可能发送给您的重定向。将CURLOPT_FOLLOWLOCATION
设为true。