"CURL - Post Form Isssue ( sequel )"

Post #303029990 by Fred13 on Monday 4th of February 2019 07:19:47 AM

Old 2 Weeks Ago
CURL - Post Form Isssue ( sequel )

Hi,

I write a new thread to discuss about my closed topic with new information ( /280990-curl-post-form-issue.html )
The previous post was closed because of missing informations, I didn't have access yet to server logs.

----------------------------------------------------------------------

I'm having an issue with curl post form, I dont' understand what I'm mising. I would like to send a post command with login and password to a form.

Url of the form : (http)<MYWEBSITE>/login

Source Code of the form :

Code:
<form action="/login_check" method="post">    
<input type="text" id="username" name="_username" value=""/>      
<input type="password" id="password" name="_password" />      
<button type="submit">Connexion</button></form>

Http Header from Firefox for the submit of the form with a correct authentification

Code:
<MYWEBSITE>/login_check
Host: fedex.gidn.recouv
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: <MYWEBSITE>/login
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=461c5aa04837e9adb6235b51dbdc60c1
Upgrade-Insecure-Requests: 1
_username=GOODLOGIN&_password=GOODPWD
POST: HTTP/1.1 302 Found
Date: Mon, 04 Feb 2019 13:22:15 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Set-Cookie: PHPSESSID=87cb0cfadd8a6e95cc129f94c2951f60; path=/
location: <MYWEBSITE>
Content-Length: 389
Content-Type: text/html; charset=UTF-8
Age: 0
Connection: close
Cache-Control: no-cache
Via: 1.1 akamai (ACE 5.8.2/5.8.2)


<MYWEBSITE>
Host: <MYWEBSITE>
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: <MYWEBSITE>/login
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=87cb0cfadd8a6e95cc129f94c2951f60
Upgrade-Insecure-Requests: 1
POST: HTTP/1.1 200 OK
Date: Mon, 04 Feb 2019 13:22:15 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Age: 0
Transfer-Encoding: chunked
Connection: close
Cache-Control: no-cache
Via: 1.1 akamai (ACE 5.8.2/5.8.2)


Php Log from a post with Firefox with a correct login :
Code:
[2019-02-04 13:50:25] security.DEBUG: Read SecurityContext from the session [] [] [2019-02-04 13:50:25] security.DEBUG: Reloading user from user provider. [] [] 
[2019-02-04 13:50:25] security.DEBUG: Username "GOODLOGIN" was reloaded from user provider. [] [] 
[2019-02-04 13:50:25] request.INFO: Matched route "FedexCoeurBundle_accueil" (parameters: "_controller": "Fedex\CoeurBundle\Controller\DefautController::indexAction", "_route": "FedexCoeurBundle_accueil") [] [] 
[2019-02-04 13:50:25] security.DEBUG: Write SecurityContext in the session [] []

So, I got back the parameters to create the curl command

Code:
curl -v -d "_username=GOODLOGIN&_password=GOODPWD" -H "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0" -H "Content-type: application/x-www-form-urlencoded" MYWEBSITE/login > curl.html

The command result :
Code:
* About to connect() to MYWEBSITE port 80 (#0)
*   Trying IP... connected
* Connected to MYWEBSITE (IP) port 80 (#0)
> POST /login HTTP/1.1
> Host: MYWEBSITE
> Accept: */*
> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:64.0) Gecko/20100101 F                                                                                                                               irefox/64.0
> Content-type: application/x-www-form-urlencoded
> Content-Length: 42
>
} [data not shown]
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0    42      0  17500 --:--:-- --:--:-- --:--:-- 17500*                                                                                                                                HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Mon, 04 Feb 2019 12:54:01 GMT
< Server: Apache
< X-Powered-By: PHP/5.4.37
< Set-Cookie: PHPSESSID=4bb983672555b0264af268f5ef7c1f16; path=/
< cache-control: no-cache
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
{ [data not shown]
101 11495    0 11495    0    42  99223    362 --:--:-- --:--:-- --:--:--   98k*                                                                                                                                Closing connection #0

php symfony log from a post with Curl with a correct login :
Code:
[2019-02-04 13:55:34] security.INFO: Populated SecurityContext with an anonymous Token [] [] 
[2019-02-04 13:55:34] request.INFO: Matched route "login" (parameters: "_controller": "Fedex\CoeurBundle\Controller\SecuriteController::loginAction", "_route": "login") [] []

In the curl response on client side, I have the current login form, without notification of the error or the succeed, depending the login I use.
It's like the curl command doesn't send the input of the form.


I tried to connect with a wrong login, to see the difference, here the result :

Php symfony log from a post with Firefox with an incorrect login, or simply by loading the page :
Code:
[2019-02-04 13:52:33] security.INFO: Populated SecurityContext with an anonymous Token [] [] 
[2019-02-04 13:52:33] request.INFO: Matched route "login" (parameters: "_controller": "Fedex\CoeurBundle\Controller\SecuriteController::loginAction", "_route": "login") [] []

Php symfony log from a post with Curl with an incorrect login
Code:
[2019-02-04 13:59:20] security.INFO: Populated SecurityContext with an anonymous Token [] [] 
[2019-02-04 13:59:20] request.INFO: Matched route "login" (parameters: "_controller": "Fedex\CoeurBundle\Controller\SecuriteController::loginAction", "_route": "login") [] []

Thank you for your support

Last edited by Fred13; 2 Weeks Ago at 09:25 AM..