CURL to submit form with rotating key

Question

I'm attempting to create an automated script on my own site which logs into the site, passes some POST Headers and essentially starts an export.

However, I am having difficulty getting passed the login page since there is a rotating key that is different on every page load.

I have tried running the script with no avail, the script below outputs the $xid at the top. But if I check the $xid echoed it is not the same as the current xid value on the page.

Edit: Good question Norman - It's just your simple hidden field with a random value that changes every time the page is reloaded. So basically it seems I have to find the xid of a page before 'curl_exec'-ing it which I don't know how to do or if it's even possible. Maybe this requires some JS along with CURL.

Edit2: Here is an example URL for the demo

Any ideas as to how to get around this?

<?php
set_time_limit(0);

# Begin Header info
$url = "https://secure.mywebsite.com/admin/import.php?mode=export";
$post = "mode=export&data%5yaddayaddayadda";
$agent = 'User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008100922 Ubuntu/8.04 (hardy) Firefox/3.0.3';
# End Header Info

# Begin Processing Info
$ch = curl_init($url);
//curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
//curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookie.txt'); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$content = curl_exec ($ch);
curl_close ($ch);
# End Processing Info


# Begin finding xID
$regex = '/name=\"xid\" value=\".*?\"/';
preg_match_all($regex,$content,$match);
$xid = substr($match[0][0], 18, -1);
echo $xid;
# End finding xID

    # Begin Header info
    $url = "http://secure.mywebsite.com/admin/";
    $post = "username=myusernamehere&password=mypasswordhere&mode=login&usertype=P&xid=".$xid."&redirect=admin";
    $agent = 'User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008100922 Ubuntu/8.04 (hardy) Firefox/3.0.3';
    # End Header Info

    # Begin Processing Info
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
    curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookie.txt'); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    $content = curl_exec ($ch);
    curl_close ($ch);
    # End Processing Info


# Begin connection to export file
$url = "https://secure.mywebsite.com/admin/import.php?mode=export";
$post = "mode=export&data%5yaddayaddayadda";
# End connection to export file

# Begin Export
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookie.txt'); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$content = curl_exec ($ch);
echo curl_exec($ch);
curl_close ($ch);
# End export

?>

What do you mean rotating key? If there is a token, as I think it is, then you probably want to store the session/cookie that you got along with the first request and then use that with the key along with all other details to submit. — Norm, Apr 02 '12 at 23:11
Well, your curl request is exactly a post request. I'm not sure what exactly the form is doing in this respect. I mean a token for mitigating CSRF makes sense, and that's what the rotating key may be for. It looks like you know what you are doing, but I think you may need to store the cookie from the first request and reuse it/ (exactly what I said in the first comment.) Otherwise if this website is online, please link. — Norm, Apr 02 '12 at 23:32
A couple suggestions: You also need to specify `CURLOPT_COOKIEFILE` on each request. The COOKIEJAR is where cookies are written when you call `curl_close`, the COOKIEFILE is where cookies are read from when a request is made. You can also re-use the same curl handle over and over to reduce code. All you need to do is change the URL, method, and post data on each request. I have answered several similar questions. See [this answer](http://stackoverflow.com/questions/9549892/multiple-actions-with-curl/9549990#9549990) which links to several other answers demonstrating what you want to do. — drew010, Apr 02 '12 at 23:56
In particular, the answer in the above link showing how to log into the Android market shows regex which extracts various CSRF and tokens from hidden fields in a form. — drew010, Apr 02 '12 at 23:56

Norm · Accepted Answer · 2012-04-02T23:47:57.710

First Request

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookie.txt'); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$content = curl_exec ($ch);
curl_close ($ch);

Second Request:

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookie.txt');  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$content = curl_exec ($ch);
curl_close ($ch);

CURL to submit form with rotating key

1 Answers1

Linked