vsloathe

Hey all. So I'm trying to post to a form located here: http://www.fulldls.com/upload-torrent.

php

  which in turn actually means I'm posting to here: http://www.fulldls.com/takeupload.

php

 

The original headers from firefox that I examined looked like this:

POST /takeupload.

php

  HTTP/1.1
Host: www.fulldls.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.fulldls.com/upload-torrent.

php

 
Cookie:

PHP

 SESSID=a72df76fe92670e6c159ad12cc959a16; __utma=183931185.713502647.1192405062.1192405062.1192405062.1; __utmb=183931185; __utmc=183931185; __utmz=183931185.1192405062.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Type: multipart/form-data; boundary=---------------------------121041456418086
Content-Length: 2029
-----------------------------121041456418086
Content-Disposition: form-data; name="MAX_FILE_SIZE"

10000000
-----------------------------121041456418086
Content-Disposition: form-data; name="file"; filename="[removed]"
Content-Type: application/octet-stream

d8:announce44:[removed]13:creation datei1192402091e4:infod6:lengthi1291193e4:name30:[removed]12:piece lengthi32768e6:pieces800:8>QÆÐIÆ÷® Ùh€Y>áÖ"ÖF,i­Fk3t»AÈìL¶X ›oK«F—pΆV�® £¦sî'¸WŠ¯h¸/áÝ
"ü_Ô’r¿ä¢s¸™^y0=Pñ'¤ÕÖëfÇóUǬ§´À:qñY óòjxlë7F
"Iß}«½3c´•¹Âµæä¼£ÐT dû¦BIa*¹T¤ì�ò
† x1u8µ�¯Ew“m÷Ñ"@Ÿ®šå"æˆâÞjN�ñ®k^êúHšþ?
à­[ªÛµr~åWªR r´m‰æ¢12vQtš�ÚÏ�WÝ_SœåD¸B#óÅ£°¯ýÙË@[ÙYGÅ1Ag`1¦Â2‘„œ[]SÓ4K¯Y»Ì’”ß|™t ¹$È¿ºyF#‡@Mü4nÍõf ²NNþøð|º¬jç8ˆKXn—¦7ïD�5É)FÇü¶�+¤Eî˜ð¨–ëaz¸# ËÒî!bÊŒnsø’ÌG¾3àùª]`vØp¾²ðÒÿàg2ˆEÕ†rÃÞs«�ᑘ²­¦kð´…;
ɧ'�eñ®Ô


The code I wrote to post to the page looks like this:

<?

php

 
$tspy = array();
$tspy['upload_url'] = 'http://www.fulldls.com/takeupload.

php

 ';
$tspy['cookies'] = '';
$tspy['referer'] = 'http://www.fulldls.com/upload-torrent.

php

 ';
$tspy['post_fields'] = array();
$tspy['geturl'] = 'http://www.fulldls.com/upload-torrent.

php

 ';

if (isset($_GET['tname']))
{
$ch = curlget(&$tspy);
$file = $_GET['tname'];
$directory = getcwd();
$tspy['post_fields'] = array('MAX_FILE_SIZE' => '10000000', 'file' => "@$directory/$file", 'type' => '31', 'descr' => "$file", 'upload' => 'yes');
    $tspyResult = startCurl(&$tspy, &$ch);
    //print_r($tspy);
echo $tspyResult;
}

function curlget($site)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $site['geturl'] );
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) G");
    curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
    curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
    //curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    $page = curl_exec($ch);
echo($page);
return($ch);
}

function startCurl($site, $ch)
{
    curl_setopt($ch, CURLOPT_URL, $site['upload_url'] );
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) G");
    curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
    curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_POST, true );
    curl_setopt($ch, CURLOPT_POSTFIELDS, $site['post_fields'] );
    curl_setopt($ch, CURLOPT_REFERER, $site['referer']);
    return curl_exec($ch);
}
?>


In response I get:
quote

Missing form data


Now, that last part of the post_fields array I added in an attempt to emulate something that FF's liveheaders extension may have missed or something. Is there anyone who's willing to screw around with this for me? I can't get it to work.

perkiset

Try taking their HTML, save it locally, then rewrite the ACTION part of the form to point at one of your own servers and then print_f the POST, GET and FILES vars. See how THEIR page presents itself in

PHP

 . Then do the same with yours and make sure that the way

PHP

  sees your form is identical to theirs... that's how I'd tackle it.

If you're identical and you still get the message, then go after the cookies and make sure that you're sending those up as well. And there's no session var you nn2b concerned about is there?

georgiecasey

it'd be easier to use snoopy or your own implentation of fsockopen in complicated setups like this as you can see exactly what you're sending for debugging purposes. or to debug curl, use perks technique of sending to your own script instead and use

php

  getallheaders to see what you're sending. this is the script i send to
<?

php

 
$hd = getallheaders();
while (list($key, $val) = each($hd)) {
  $headers = $headers .  "$key => $val ";
}
$headers .= "IP: " . $_SERVER["REMOTE_ADDR"];
mail("your@email","headers",$headers);
?>

as a sidenote, i've used loads of tools to monitor headers i'm sending and by far the best i've used is burp. http://portswigger

.net

 /proxy/

only downside is it's written in crappy java. anyways, it listens on port 8081 and you set your browser to use it as a proxy. you can intercept requests/responses and edit them before they're sent to the server/back to your browser for quick debugging and testing. and you can use

regular expression

 s to ignore css and images. it rocks.

perkiset

That's a nice tool for the box GC, thanks

DangerMouse

Great tip! Have needed a solution to

PHP

  Curls lack of a log of what headers are being sent. I believe libcurl can do it, just not the

PHP

  implementation.

Cheers

DM

mrsdf


        $ch=curl_init();

        curl_setopt($ch,.......-insert-options-here-........);
        .
        .
        .
        .

        if (($handle=fopen("err.txt",'a'))!=FALSE)
        {
            curl_setopt($ch,CURLOPT_STDERR,$handle);
}

curl_exec($ch);   

if($handle!=FALSE)
        {
fwrite($handle," ------------------------------------------------------------------ ");
        fclose ($handle);
        }

      curl_close($ch);



Should work for outputting headers.

vsloathe

Thanks for the help m8s. I think I'm going to do as mrsdf suggested and output the headers cURL is sending and see what I come up with. If something looks askew as compared to the original set, I will know where to start looking.

vsloathe

Nevermind, I had CURLOPT_VERBOSE and CURLOPT_HEADER set to FALSE.

NOW I can see which headers I'm sending, lol.

perkiset

Again, I'd try another method -

* in a browser, View Source.
* Copy all source to a notepad file.
* Save it on your desktop as an HTML file.
* Edit it, and in the form tag that encompasses the upload bit, change it so that it's <form action="http://YOURURL.html/dumppage.

php

 ">
* Drag the file icon onto a browser window. Of course the graphics probably won't work, but that's OK
* On your server, create dumppage.

php

  - do something as simple as this:


<?

php

 

echo
"<pre>",
print_r($_POST, true),
print_r($_COOKIE, true),
print_r($_FILES, true),
print_r($_SESSION), true),
print_r(

apache

 _request_headers(), true),
"</pre>";

?>


Post the form and this will tell you how

PHP

  expects to see the file... take the complexity out and see how *their* server will be looking at the upload. It's much more "in mode" to me - and it's easier for me to get my head wrapped around their way of thinking if I see it the way that their coders will.

Applause

vsloathe

Think I will also give that the ole college try Perk. Thanks.


Perkiset's Place Home   Politics @ Perkiset's