Skip to content
Advertisement

PHP: send request post login web site

I have this POST request to login to a website: 

http://xxxx.net-kont.it/

POST / HTTP/1.1
Host: xxxx.net-kont.it
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Referer: http://xxxx.net-kont.it/
Content-Length: 1904
Cookie: ASP.NET_SessionId=s44bymd3lm4dsykvymjljv5s
Connection: keep-alive

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: SSOAuth=EDCCFF8CD40064D70B3377CD0389FF7F807F0B774F2CE1CA6C015314911D3D69AB819EAB9938C14608842D25991D11D8F1A5A94090DB926BD7001C526B1920A51AC986182EB016C323983716720E8F345B54E02E44C65753E9183843D23F569EF3FE52C03FC8567E809A77387B8C; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sun, 22 Oct 2017 12:26:40 GMT
Content-Length: 714
----------------------------------------------------------
http://xxxx.net-kont.it/aspx/Empty.aspx?ControllaRichieste=true&CheckCode=29a29a891a7d4d7773f480064e5c869929bcca40e7c84812111f9affbc3be4628a3b7defe8fb9b14f9911be9c6545e7cd31c2fc04b79a8d1e7280e0277264bdcec7428037a43961c3dda5bbd54a2e7ae&wsid=1a57f5e6-bf68-4f2f-9a71-c43e8e8bfbaf&wsnew=false

GET /aspx/Empty.aspx?ControllaRichieste=true&CheckCode=29a29a891a7d4d7773f480064e5c869929bcca40e7c84812111f9affbc3be4628a3b7defe8fb9b14f9911be9c6545e7cd31c2fc04b79a8d1e7280e0277264bdcec7428037a43961c3dda5bbd54a2e7ae&wsid=1a57f5e6-bf68-4f2f-9a71-c43e8e8bfbaf&wsnew=false HTTP/1.1
Host: xxxx.net-kont.it
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://xxxx.net-kont.it/
Cookie: ASP.NET_SessionId=s44bymd3lm4dsykvymjljv5s; SSOAuth=EDCCFF8CD40064D70B3377CD0389FF7F807F0B774F2CE1CA6C015314911D3D69AB819EAB9938C14608842D25991D11D8F1A5A94090DB926BD7001C526B1920A51AC986182EB016C323983716720E8F345B54E02E44C65753E9183843D23F569EF3FE52C03FC8567E809A77387B8C
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 22 Oct 2017 12:26:40 GMT
Content-Length: 95935
----------------------------------------------------------

The post request header requires the following fields:

    '__LASTFOCUS' => '',
    '__EVENTTARGET' => '',
    '__EVENTARGUMENT' => '',
    '__VIEWSTATE' => $viewstate,
    '__VIEWSTATEGENERATOR' => $viewstategenerator,
    'ctl00$hwsid' => $hwsid,
    'ctl00$PageSessionId' => $pagesessionid,
    'ctl00$DefaultUrl' => $defaulturl,
    'ctl00$GenericErrorUrl' => $genericerrorurl,
    'ctl00$PopupElement' => '',
    'ctl00$PollingTimeoutSecs' => $pollingtimeoutsecs,
    'ctl00$bodyContent$txtUser' => $user,
    'ctl00$bodyContent$txtPassword' => $password,
    '__CALLBACKID' => '__Page',
    '__CALLBACKPARAM' => '"hwsid="'.$hwsid.'"&PageSessionId="'.$pagesessionid.'"&DefaultUrl="'.$defaulturl.'"&GenericErrorUrl="'.$genericerrorurl.'"&PopupElement="'.'"&PollingTimeoutSecs="'.$pollingtimeoutsecs.'"&txtUser="'.$user.'"&txtPassword="'.$password,
    '__EVENTVALIDATION' => $eventvalidation

From an analysis of the post request, you notice that by sending the first cookie obtained from the website “ASP.NET_SessionId=”, you immediately get an additional authentication cookie “SSOAuth=” How can I get the second cookie “SSOAuth=” so that I can get access to the site? I tried this code:

 $user = "xx";  
 $password = "xx";

 $url = 'http://xxx.it/Default.aspx';
 $contents = file_get_contents($url);

 $dom = new DOMDocument;
 $dom->loadHTML($contents);

 $xpath = new DOMXpath($dom);

 $eventvalidation = $xpath->query('//*[@name="__EVENTVALIDATION"]')->item(0)->getAttribute('value');
 $viewstate = $xpath->query('//*[@name="__VIEWSTATE"]')->item(0)->getAttribute('value');
 $viewstategenerator = $xpath->query('//*[@name="__VIEWSTATEGENERATOR"]')->item(0)->getAttribute('value');
 $hwsid = $xpath->query('//*[@name="ctl00$hwsid"]')->item(0)->getAttribute('value'); 
 $pagesessionid = $xpath->query('//*[@name="ctl00$PageSessionId"]')->item(0)->getAttribute('value');
 $defaulturl = $xpath->query('//*[@name="ctl00$DefaultUrl"]')->item(0)->getAttribute('value');
 $genericerrorurl = $xpath->query('//*[@name="ctl00$GenericErrorUrl"]')->item(0)->getAttribute('value');
 $pollingtimeoutsecs = $xpath->query('//*[@name="ctl00$PollingTimeoutSecs"]')->item(0)->getAttribute('value');

 $cookies = array_filter(
   $http_response_header,
   function($v) {return strpos($v, "Set-Cookie:") === 0;}
 );
 $headers = [
 "Accept-language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3",
 "Content-Type: application/x-www-form-urlencoded; charset=utf-8",
 "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0",
 ];
 foreach ($cookies as $cookie) {
  $headers[] = preg_replace("/^Set-/", "", $cookie);
}

$request = array(
 'http' => array(
 'method' => 'POST',
 'timeout' => 0,
 'header'=> $headers,
    'content' => http_build_query(array(
    '__LASTFOCUS' => '',
    '__EVENTTARGET' => '',
    '__EVENTARGUMENT' => '',
    '__VIEWSTATE' => $viewstate,
    '__VIEWSTATEGENERATOR' => $viewstategenerator,
    'ctl00$hwsid' => $hwsid,
    'ctl00$PageSessionId' => $pagesessionid,
    'ctl00$DefaultUrl' => $defaulturl,
    'ctl00$GenericErrorUrl' => $genericerrorurl,
    'ctl00$PopupElement' => '',
    'ctl00$PollingTimeoutSecs' => $pollingtimeoutsecs,
    'ctl00$bodyContent$txtUser' => $user,
    'ctl00$bodyContent$txtPassword' => $password,
    '__CALLBACKID' => '__Page',
    '__CALLBACKPARAM' => '"hwsid="'.$hwsid.'"&PageSessionId="'.$pagesessionid.'"&DefaultUrl="'.$defaulturl.'"&GenericErrorUrl="'.$genericerrorurl.'"&PopupElement="'.'"&PollingTimeoutSecs="'.$pollingtimeoutsecs.'"&txtUser="'.$user.'"&txtPassword="'.$password,
    '__EVENTVALIDATION' => $eventvalidation,
    'ctl00$bodyContent$btnLogin' => 'Conferma'

   )),
  )
 );

 echo "<hr/>";
 $context = stream_context_create($request);

 $data = file_get_contents($url, false, $context);

 echo htmlentities($data);

But I get the following output of “Authentication failed”:

<Notification><Error Code="" Alert="True" ClosePopup="True" Fatal="False" Message="Autenticazione fallita." /></Notification>

Advertisement

Answer

I have solved! was easier than expected….in this I simply had to delete the quotes ” :

    '__CALLBACKPARAM' => '"hwsid="'.$hwsid.'"&PageSessionId="'.$pagesessionid.'"&DefaultUrl="'.$defaulturl.'"&GenericErrorUrl="'.$genericerrorurl.'"&PopupElement="'.'"&PollingTimeoutSecs="'.$pollingtimeoutsecs.'"&txtUser="'.$user.'"&txtPassword="'.$password,

converted to:

 '__CALLBACKPARAM' => 'hwsid='.$hwsid.'&PageSessionId='.$pagesessionid.'&DefaultUrl='.$defaulturl.'&GenericErrorUrl='.$genericerrorurl.'&PopupElement='.'&PollingTimeoutSecs='.$pollingtimeoutsecs.'&txtUser='.$user.'&txtPassword='.$password,
User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement