Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82856
Newest Member: djtonyg
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

IP Blocker


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-05-10 16:40
Hey everyone. A client of mine has a script which uses cURL to login to a site and then echo back some info back to his site. He said it's been working fine for the last couple of months, but now he's having some problems.

The site he's trying to query has added a token, but obviously that's pretty easy to bypass. For some reason, whenever I try to login with cURL, I either get blocked from the site or just get a blank page back. I've spoofed a referrer, user agent, and headers, but no luck.

Do you guys have any ideas what's up? Here's part of my code.

Code
<?php
$proxy = "221.130.13.41:80";
$headers = array (
      'HTTP_ACCEPT' => 'application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
      'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5',
      'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
      'HTTP_KEEP_ALIVE' => '300',
      'HTTP_CONNECTION' => 'keep-alive',
      );     

//get token
$ch = curl_init();
curl_setopt($ch,CURLOPT_HTTPPROXYTUNNEL,0);
curl_setopt($ch,CURLOPT_PROXY,$proxy);
curl_setopt($ch, CURLOPT_HTTPHEADER,$headers);
curl_setopt($ch,CURLOPT_URL,'http://www.asdf/login.html');
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_REFERER,'http://sadf/index.html');
curl_setopt($ch,CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11');
$result = curl_exec($ch);
curl_close($ch);

preg_match('/document\.write.{67}/',$result,$match);
$token = trim(str_replace("'); document.write('",'',str_replace("document.write('<input name=\"",'',$match[0])));
echo $result;

//login
$post = "$token=lgn&username=asdf&password=asdf&submit=Submit";
$ch = curl_init();
curl_setopt($ch,CURLOPT_HTTPPROXYTUNNEL,0);
curl_setopt($ch,CURLOPT_PROXY,$proxy);
curl_setopt($ch, CURLOPT_HTTPHEADER,$headers);
curl_setopt($ch,CURLOPT_URL,'http://www.asfd/login.html');
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_REFERER,'http://asdfa/index.html');
curl_setopt($ch,CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11');
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
$result2 = curl_exec($ch);
curl_close($ch);

echo $result2;
?>


Author

RE: IP Blocker


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-05-10 20:32
Are you really that dense, Moshbat?

Obviously the other site noticed that my client was cURLing (yes, I can make up words) and then made some form of an authentication on his end to tell if it's a computer or a person. He added a token, which I can easily bypass with just simple regex, but there must be another validation he is using. I can make a request once, which will go through fine, but then when I try again, my IP is blocked.

At first I though he was checking if there were valid headers/user agent/refferer and if that check failed, he would block your IP, but that doesn't seem to be the problem.

Well, that's obviously a code issue.


So yes, Moshbat, there obviously is an issue with the code if it's not doing what is intended. My question is: What could that issue be?
Author

RE: IP Blocker


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-05-10 21:17
Yes, the code itself is working fine, but it's just not doing what I want.

I'd rather not post the URL on the forum, may I PM you?