在 VeryCD 上注册两个帐号,发送和接收站内信,观察 POST 请求时发送的参数(h****2 发送给 d***2)。(最好用 FireFox 的 FireBug 工具,发送站内信之前选中 “保持” 以保证站内信发送完毕页面跳转后还能查看到之前发送的 POST 请求时的参数。找到 http://home.verycd.com/cp.php?ac=pm&op=send&touid=0&pmid=0,选中 “POST”,查看参数如下:
| formhash | 1cf47360 |
| message | test |
| pmsubmit | true |
| pmsubmit_btn | 发送 |
| refer | http://home.verycd.com/space.php?do=pm&filter=privatepm |
| username | d***2 |
),如下图所示:
新建文件 msg.php,用来模拟 POST 请求。首先测试 POST 主体信息的拼接:
<?php
require './http.class.php';
$http = new Http('http://home.verycd.com/cp.php?ac=pm&op=send&touid=0&pmid=0');
$body = array(
'formhash'=>'1cf47360',
'message'=> 'test',
'pmsubmit'=>'true',
'pmsubmit_btn'=>'发送',
'refer'=>'http://home.verycd.com/space.php?do=pm&filter=privatepm',
'username'=>'d***2'
);
file_put_contents('./res.html', $http->post($body));
同时修改 http.class.php,修改 setLine() 方法,在请求行的请求地址处加上参数 $this->url['query']:
<?php
/*
PHP + socket 编程
@发送 HTTP 请求
@模拟下载
@实现注册、登录、批量发帖
*/
//http 请求类的接口
interface Proto{
//连接 url
function conn($url);
//发送 GET 请求
function get();
//发送 POST 请求
function post();
//关闭连接
function close();
}
class Http implements Proto{
//换行符
const CRLF = "
";
//fsocket 的错误号与错误描述
protected $errno = -1;
protected $errstr = '';
//响应内容
protected $response = '';
protected $url = null;
protected $version = 'HTTP/1.1';
protected $fh = null;
protected $line = array();
protected $header = array();
protected $body = array();
public function __construct($url){
$this->conn($url);
$this->setHeader('Host:' . $this->url['host']);
}
//写请求行
protected function setLine($method){
$this->line[0] = $method . ' ' . $this->url['path'] . '?' . $this->url['query'] . ' ' . $this->version;
}
//写头信息
protected function setHeader($headerline){
$this->header[] = $headerline;
}
//写主体信息
protected function setBody($body){
//构造 body 的字符串
$this->body[] = http_build_query($body);
}
//连接 url
public function conn($url){
$this->url = parse_url($url);
//判断端口
if(!isset($this->url['port'])){
$this->url['port'] = 80;
}
$this->fh = fsockopen($this->url['host'], $this->url['port'], $this->errno, $this->errstr, 3);
}
//构造 GET 请求的数据
public function get(){
$this->setLine('GET');
//发送请求
$this->request();
return $this->response;
}
//构造 POST 请求的数据
public function post($body = array()){
//构造请求行
$this->setLine('POST');
//设置 Content-type 和 Content-length
$this->setHeader('Content-type: application/x-www-form-urlencoded');
//构造主体信息, 和 GET 请求不一样的地方
$this->setBody($body);
$this->setHeader('Content-length: ' . strlen($this->body[0]));
//发送请求
$this->request();
return $this->response;
}
//发送请求
public function request(){
//把请求行、头信息、主体信息拼接起来
$req = array_merge($this->line, $this->header, array(''), $this->body, array(''));
$req = implode(self::CRLF, $req);
echo $req;exit;
fwrite($this->fh, $req);
while(!feof($this->fh)){
$this->response .= fread($this->fh, 1024);
}
//关闭连接
$this->close();
}
//关闭连接
public function close(){
fclose($this->fh);
}
}
执行 msg.php,页面的源代码显示:
POST /cp.php?ac=pm&op=send&touid=0&pmid=0 HTTP/1.1 Host:home.verycd.com Content-type: application/x-www-form-urlencoded Content-length: 171 formhash=1cf47360&message=test&pmsubmit=true&pmsubmit_btn=%E5%8F%91%E9%80%81&refer=http%3A%2F%2Fhome.verycd.com%2Fspace.php%3Fdo%3Dpm%26filter%3Dprivatepm&username=d***2
主体信息没有问题。注释 http.class.php line:106,运行 msg.php,由于直接发送 POST 请求会因为没有登录而发生页面跳转而无法很好的观察和调试,所以把返回的数据写入日志文件(res.html),在 msg.php 文件中:
file_put_contents('./res.html', $http->post($body));
res.html 中能清楚的显示:
也就是说需要登录才能发送 POST 请求。
通过 HTTP 请求分析 Cookie
在 setcookie.php 中设置 cookie:
<?php
header('Content-type:text/html; charset=utf-8');
setcookie('user', 'dee');
echo '<a href="readcookie.php">跳转</a>';
运行,通过 FireFox 的 Firebug 工具查看请求头信息:
点击 “跳转”;
在 readcookie.php 中读取 cookie:
<?php
header('Content-type:text/html; charset=utf-8');
echo 'I Know U are '.$_COOKIE['user'];
页面输出:
响应头信息中有 Cookie user=dee
同样可以使用 telnet 发送带 cookie 的 HTTP 请求:
要模拟 VeryCD 的 POST 请求,就要知道 POST 请求时所带的 Cookie 信息,否则只会出现没有登录的提示。
另外需要注意的是,Cookie 和其他头信息是有可能关联的(Cookie 防伪),比如 Referer,User-Agent,因此要把所有的头信息都放入请求头信息:修改 msg.php
<?php
require './http.class.php';
$http = new Http('http://home.verycd.com/cp.php?ac=pm&op=send&touid=0&pmid=0');
$http->setHeader('Accept: http://home.verycd.com/cp.php?ac=pmtext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8');
$http->setHeader('Accept-Encoding: gzip, deflate');
$http->setHeader('Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3');
$http->setHeader('Connection: keep-alive');
$http->setHeader('Cookie: Hm_lvt_c7849bb40e146a37d411700cb7696e46=1436679571,1436789767,1436791505,1436795485; member_id=3***** ; member_name=h******2; mgroupId=93; pass_hash=649ca21c97da98c3d183192240099369; rememberme=true; uchome_auth=b992hkSzDMnvjuKlyf%2BmE8U%2Fbt2GlJbLGC5FID5izJw5eDOK0egZ5hnPjsPbeVJOPWuQd2qYN0zTysI2zMMCpPhkrMOb ; uchome_loginuser=h******2; CNZZDATA1479=cnzz_eid%3D34351862-1436678182-http%253A%252F%252Fwww.verycd .com%252F%26ntime%3D1436798382; __utma=248211998.1001521947.1436679596.1436798878.1436801507.4; __utmz =248211998.1436798878.3.2.utmcsr=verycd.com|utmccn=(referral)|utmcmd=referral|utmcct=/; sid=dd9375417f28d09be9b80dc3b462adf093a00e71 ; BAIDU_DUP_lcr=http://www.baidu.com/link?url=BlvZ-TX3pY_kRvw_pHazRyRsX-fNXNqXsSfSwEt1fjq&wd=&eqid=ecf1add60000205d0000000255a3bfc7 ; Hm_lpvt_c7849bb40e146a37d411700cb7696e46=1436795485; __utmc=248211998; uchome_sendmail=1; uchome_checkpm =1; __utmb=248211998.1.10.1436801507; __utmt=1; dcm=1');
$http->setHeader('Referer: http://home.verycd.com/cp.php?ac=pm');
$http->setHeader('User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:39.0) Gecko/20100101 Firefox/39.0');
$body = array(
'formhash'=>'1cf47360',
'message'=> 'test send msg',
'pmsubmit'=>'true',
'pmsubmit_btn'=>'发送',
'refer'=>'http://home.verycd.com/space.php?do=pm&filter=newpm',
'username'=>'d****2'
);
file_put_contents('./res.html', $http->post($body));
echo 'complete';
修改 http.class.php line:55,protected ---> puclic,因为 setHeader 方法在 msg.php 中被外部调用:
<?php
/*
PHP + socket 编程
@发送 HTTP 请求
@模拟下载
@实现注册、登录、批量发帖
*/
//http 请求类的接口
interface Proto{
//连接 url
function conn($url);
//发送 GET 请求
function get();
//发送 POST 请求
function post();
//关闭连接
function close();
}
class Http implements Proto{
//换行符
const CRLF = "
";
//fsocket 的错误号与错误描述
protected $errno = -1;
protected $errstr = '';
//响应内容
protected $response = '';
protected $url = null;
protected $version = 'HTTP/1.1';
protected $fh = null;
protected $line = array();
protected $header = array();
protected $body = array();
public function __construct($url){
$this->conn($url);
$this->setHeader('Host:' . $this->url['host']);
}
//写请求行
protected function setLine($method){
$this->line[0] = $method . ' ' . $this->url['path'] . '?' . $this->url['query'] . ' ' . $this->version;
}
//写头信息
public function setHeader($headerline){
$this->header[] = $headerline;
}
//写主体信息
protected function setBody($body){
//构造 body 的字符串
$this->body[] = http_build_query($body);
}
//连接 url
public function conn($url){
$this->url = parse_url($url);
//判断端口
if(!isset($this->url['port'])){
$this->url['port'] = 80;
}
$this->fh = fsockopen($this->url['host'], $this->url['port'], $this->errno, $this->errstr, 3);
}
//构造 GET 请求的数据
public function get(){
$this->setLine('GET');
//发送请求
$this->request();
return $this->response;
}
//构造 POST 请求的数据
public function post($body = array()){
//构造请求行
$this->setLine('POST');
//设置 Content-type 和 Content-length
$this->setHeader('Content-type: application/x-www-form-urlencoded');
//构造主体信息, 和 GET 请求不一样的地方
$this->setBody($body);
$this->setHeader('Content-length: ' . strlen($this->body[0]));
//发送请求
$this->request();
return $this->response;
}
//发送请求
public function request(){
//把请求行、头信息、主体信息拼接起来
$req = array_merge($this->line, $this->header, array(''), $this->body, array(''));
$req = implode(self::CRLF, $req);
//echo $req;exit;
fwrite($this->fh, $req);
while(!feof($this->fh)){
$this->response .= fread($this->fh, 1024);
}
//关闭连接
$this->close();
}
//关闭连接
public function close(){
fclose($this->fh);
}
}
发送成功:
注意:在拼接 header 头信息时,cookie 要写成一行,否则会报 400 错误。