PHP cURL redirects to login page

1
votes

I am trying to bypass the login page of a "Ubiquiti Networks- CPE" using the following php code. Although, my code saves the cookie info correctly, it's unable to login and I am redirected to the login page with an error message:

'Invalid Credentials'

Cookie Info from the actual page

Additional info from the actual login page

Request URL:https://192.168.179.75/login.cgi
Request Method:POST
Status Code:302 Found
Remote Address:192.168.179.75:443
Response Headers
view source
Content-Type:text/html
Date:Tue, 28 May 2013 18:58:05 GMT
Location:/index.cgi
Server:lighttpd/1.4.31
Set-cookie:show_security_warning=true
Set-cookie:ui_language=en_US; expires=Tuesday, 19-Jan-38 03:14:07 GMT
Transfer-Encoding:chunked
Request Headers
view source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,en-GB;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:332
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryszePSjmcB2JJIDDa
Cookie:last_check=1467001323935; AIROS_SESSIONID=8057f38405a60c6a17f05ef8d759bb42; ui_language=en_US
Host:192.168.179.75
Origin:https://192.168.179.75
Referer:https://192.168.179.75/login.cgi
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Request Payload
------WebKitFormBoundaryszePSjmcB2JJIDDa
Content-Disposition: form-data; name="uri"


------WebKitFormBoundaryszePSjmcB2JJIDDa
Content-Disposition: form-data; name="username"

ubnt
------WebKitFormBoundaryszePSjmcB2JJIDDa
Content-Disposition: form-data; name="password"

ubnt
------WebKitFormBoundaryszePSjmcB2JJIDDa-

PHP CODE:

<?php
define('USERNAME', 'ubnt');
define('PASSWORD', 'ubnt');
define('USER_AGENT', 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36');

$cookie_file_path = str_replace('\\','/', getcwd().'/cookies');

define('COOKIE_FILE', $cookie_file_path);
define('LOGIN_FORM_URL', 'https://192.168.179.75/login.cgi');
define('REQUESTED_URL', 'https://192.168.179.75/status.cgi');
define('LOGIN_ACTION_URL', 'https://192.168.179.75/login.cgi');

$postValues = array(
    'username' => USERNAME,
    'password' => PASSWORD,
);

$curl = curl_init(LOGIN_FORM_URL);
curl_setopt($curl, CURLOPT_URL, LOGIN_ACTION_URL);

//curl_setopt($curl, CURLOPT_HEADER, 1);
//curl_setopt($curl, CURLOPT_COOKIE,  $cookies);     
//curl_setopt($curl,CURLOPT_COOKIESESSION,'AIROS_SESSIONID=ae60748359be4bd0468f51a346f4f3b9; last_check=1467001323935; show_security_warning=true; ui_language=en_US');
curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
curl_setopt($curl, CURLOPT_COOKIEFILE, COOKIE_FILE);

curl_setopt($curl, CURLOPT_POST, true);
//curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");
//Set our post fields / date (from the array above).
//curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postValues));


curl_setopt($curl, CURLOPT_POSTFIELDS,$postValues);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);

//curl_setopt($curl, CURLOPT_HTTPHEADER, array('REMOTE_ADDR: 192.168.179.75','Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6'));
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Host: 192.168.179.75','Expect: ','Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6'));
curl_setopt($curl, CURLOPT_REFERER, LOGIN_FORM_URL);
$result = curl_exec($curl);

if(curl_errno($curl)){
    throw new Exception(curl_error($curl));
}
//curl_setopt($curl, CURLOPT_URL, 'https://192.168.179.75/status.cgi');
//
//curl_setopt($curl, CURLOPT_COOKIEJAR, COOKIE_FILE);
//curl_setopt($curl, CURLOPT_USERAGENT, USER_AGENT);
//curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
//$result = curl_exec($curl);
//echo $result;
print_r($result);
curl_close($curl);
?>
1
phpcurllibcurl
No ideia what may be failling... just 2 points you can check: 1 - Try removing "CURLOPT_HTTPHEADER"... let curl handle them and 2 - Try to force HTTP 1.1: CURLOPT_HTTP_VERSION --> CURL_HTTP_VERSION_1_1Sergio Bernardo

1 Answers

0
votes

  1. Setting a forced boundary like boundary=----WebKitFormBoundaryAbpUbGA4FIs529Z6 is not going to work. curl generates its own boundary that it'll use. If you set that custom one, the POST will end up badly formatted. Remove the entire custom Content-Type: header as curl will do that itself. You also don't need to set the Host: header like that, curl extracts the necessary host from the URL you use.

  2. It is possible or even likely that the login page sets cookies that you need to have at the time the login POST is made. That's a common practice. To make that work, you first need to GET the login page and store the cookies and then use them in the subsequent login POST.

  3. You want to let curl follow the redirect that the login post most likely sends you to. Set CURLOPT_FOLLOWLOCATION to true.