我试图通过curl获取divar.com的内容,但错误" CSRF验证失败。请求已中止。"
浏览器请求
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:107
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:did=MEcBYcwueB4uxA; submitButtonColor=green-colored; _ga=GA1.2.835389468.1497328087; _gat=1; csrftoken=9By33xqnFS5JH5qRHuDVyZg7ZU7M1b4Z; sessionid=q7sm28egcbdpuxrchfxgs01bqg6j1pfw
Host:divar.ir
Origin:https://divar.ir
Referer:https://divar.ir//guard/captcha_simple/?token=helper.py:wrapper_func
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
X-Requested-With:XMLHttpRequest
表格数据
captcha_input:649
guard_token:helper.py:wrapper_func
csrfmiddlewaretoken:9By33xqnFS5JH5qRHuDVyZg7ZU7M1b4Z
php Code
function getWebPageSsl( $url,$param=NULL )
{
$headers[] = 'Accept:application/json, text/javascript, */*; q=0.01';
$headers[] = 'Accept-Encoding:gzip, deflate, br';
$headers[] = 'Accept-Language:en-US,en;q=0.8';
$headers[] = 'Connection:Keep-Alive';
$headers[] = 'Content-Type:application/x-www-form-urlencoded; charset=UTF-8';
$headers[] = 'Origin:https://divar.ir';
$headers[] = 'X-Requested-With:XMLHttpRequest';
$useragent = 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5';
$options = array(
CURLOPT_HTTPHEADER => $headers,
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_POST => ($param)?true:false,
CURLOPT_ENCODING => "", // handle all encodings
CURLOPT_USERAGENT => $useragent, // who am i
CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
CURLOPT_TIMEOUT => 120, // timeout on response
CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
CURLOPT_SSL_VERIFYPEER => true, // Disabled SSL Cert checks
CURLOPT_SSL_VERIFYHOST => 1,
CURLOPT_COOKIEJAR => __DIR__.DIRECTORY_SEPARATOR.'cookies.txt',
CURLOPT_COOKIEFILE => __DIR__.DIRECTORY_SEPARATOR.'cookies.txt',
CURLOPT_CAINFO =>__DIR__.DIRECTORY_SEPARATOR.'CertumTrustedNetworkCA.crt',
CURLOPT_REFERER => 'http://www.google.com'
);
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt_array( $ch, $options );
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
if($param){
curl_setopt($ch,CURLOPT_POST, strlen(json_encode($param)));
curl_setopt($ch,CURLOPT_POSTFIELDS, json_encode($param));
}
$content = curl_exec( $ch );
$last = curl_getinfo($ch);
curl_close( $ch );
return $content;
}
响应curl_getinfo
array(27) {
["url"]=>
string(38) "https://divar.ir/guard/captcha_simple/"
["content_type"]=>
string(9) "text/html"
["http_code"]=>
int(403)
["header_size"]=>
int(288)
["request_size"]=>
int(833)
["filetime"]=>
int(-1)
["ssl_verify_result"]=>
int(0)
["redirect_count"]=>
int(0)
["total_time"]=>
float(0.265)
["namelookup_time"]=>
float(0)
["connect_time"]=>
float(0.046)
["pretransfer_time"]=>
float(0.171)
["size_upload"]=>
float(107)
["size_download"]=>
float(545)
["speed_download"]=>
float(2056)
["speed_upload"]=>
float(403)
["download_content_length"]=>
float(-1)
["upload_content_length"]=>
float(107)
["starttransfer_time"]=>
float(0.265)
["redirect_time"]=>
float(0)
["redirect_url"]=>
string(0) ""
["primary_ip"]=>
string(14) "79.175.191.253"
["certinfo"]=>
array(0) {
}
["primary_port"]=>
int(443)
["local_ip"]=>
string(11) "192.168.1.5"
["local_port"]=>
int(56034)
["request_header"]=>
string(726) "POST /guard/captcha_simple/ HTTP/1.1
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5
Host: divar.ir
Referer: http://www.google.com
Cookie: _ga=GA1.2.835389468.1497328087; _gat=1; csrftoken=N9CiDEDm1hPrbfrHBdAHDGGvloc1hyMC; did=ee2WWcXnUvswNA; sessionid=qe5zgp8mwh44pgc6tt0vnf06kvj08f71; submitButtonColor=green-colored
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Connection:Keep-Alive
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:https://divar.ir
X-Requested-With:XMLHttpRequest
Content-Length: 107
"
}
但是我收到了这个错误:
禁止(403)
CSRF验证失败。请求中止。
答案 0 :(得分:0)
将其添加到构造函数
$this->middleware('auth')->except('getWebPageSsl');
通过此,中间件不会尝试通过csrf令牌对您进行身份验证。 getWebPageSsl是php函数名。
答案 1 :(得分:0)
看起来,令牌是对的,没问题