Page 1 of 1

Help on cURL POST to remote page with javascript

Posted: Sat Aug 07, 2010 4:22 am
by andreevpopov
Hi all,

I am new here and I really thank God that I found this forum! I have read the materials here on working with cURL on javascript-form-submission pages. However, I can't to get my script to work. Can anybody here please help me out or drop me a hint on where to correct my script?

==Situation==

My company utilizes http://www.myfax.com/free/ to send our company faxes. My task is to write a code that would submit files for faxes electronically.

Note: The site also requires e-mail confirmation but I haven't get to that stage yet. I have run tests on submitting fax requests both by code and manually through the site, and have confirmed that the code doesn't work on the submission level because I managed to receive confirmation e-mails for manual submissions. Also, tried my script with different staff email addresses because I figured out that it blocks only the same e-mail address from sending more than 2 faxes a day.

Code: Select all

<?php

//target page url
$strPage_url = 'www.myfax.com/free/';

//create array of data to be posted
$arrPost_data = array (
    'ctl00$MainSection$tbRecipientName' => 'I am recipient', //max length = 50
    'ctl00$MainSection$tbRecipientCompany' => 'I am recipient company', //max length = 50
    'ctl00$MainSection$tbRecipientFaxNumber' => '+1 (206) 202-8273', //recipient fax
    'ctl00$MainSection$ddlRecipientCountry' => html_entity_decode ('{"c":{"i":"2","n":"United States","t":"1","s":"US"},"m":{"i":"1","v":"+1 (###) ###-####","d":"","f":"","c":"","r":""}}'),
    'ctl00$MainSection$tbSenderName' => 'I am sender', //max length = 50
    'ctl00$MainSection$tbSenderCompany' => 'I am sender company', //max length = 50
    'ctl00$MainSection$tbSenderEmailAddress' => 'abc@example.com', //email
    'ctl00$MainSection$nbAntiSpam$nbAntiSpam_NoBotExtender_ClientState' => '-150', //number drawn from inspecting the packages sent by manual form submission
    'ctl00$MainSection$fileUpload' => '@/files/file.pdf', //file
    'ctl00$MainSection$tbMessage' => 'hello world', //message
    '__EVENTTARGET' => '',
    '__EVENTARGUMENT' => '',
    '__VIEWSTATEENCRYPTED' => ''
    );

//visit the page and get cookies
$curl_connection = curl_init ($strPage_url);
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_REFERER, "http://www.myfax.com/free/");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($curl_connection, CURLOPT_COOKIEJAR, 'CURLCOOKIE');
$strGet_page_contents = curl_exec ($curl_connection);
curl_close ($curl_connection);

    //get page to retrieve view state and event validation
    if ( preg_match ( '/"__VIEWSTATE"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrView_state ) ) {
        $strView_state = $arrView_state[1];
        $arrPost_data['__VIEWSTATE'] = $strView_state;
    }
    if ( preg_match ( '/"__EVENTVALIDATION"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrEvent_validation ) ) {
        $strEvent_validation = $arrEvent_validation[1];
        $arrPost_data['__EVENTVALIDATION'] = $strEvent_validation;
    }
    if ( preg_match ( '/id="ctl00_MainSection_nbAntiSpam_nbAntiSpam_NoBotExtender_ClientState" value="([\s\S]+?)"/' , $strGet_page_contents , $arrAnti_spam ) ) {
        $strAnti_spam = $arrAnti_spam[1];
        $arrPost_data['ctl00$MainSection$nbAntiSpam$nbAntiSpam_NoBotExtender_ClientState'] = $strAnti_spam;
    }

//traverse array and prepare data for posting (key1=value1)
foreach ( $arrPost_data as $key => $value) {
    $arrPost_items[] = $key . '=' . $value;
}

//create the final string to be posted using implode()
$strPost_string = implode ('&', $arrPost_items);

//create cURL connection
$curl_connection = curl_init($strPage_url);

//set options
curl_setopt ($curl_connection, CURLOPT_POST, 1);
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_REFERER, "http://www.myfax.com/free/");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
//set cookie
curl_setopt ($curl_connection, CURLOPT_COOKIEFILE, 'CURLCOOKIE');
unlink ( 'CURLCOOKIE' );
curl_setopt($curl_connection, CURLOPT_COOKIE, session_name() . '=' . session_id());
//set header
$arrHeaders = array ( 'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8' );
curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $arrHeaders );

//set data to be posted
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $strPost_string);

//perform our request
$strResult = curl_exec($curl_connection);

//show information regarding the request - for debugging
echo "<pre>";
print_r(curl_getinfo($curl_connection));
echo curl_errno($curl_connection) . '-' . curl_error($curl_connection);
echo "<hr>";
var_dump ($arrPost_items);
echo "</pre>";

//close the connection
curl_close($curl_connection);
?> 

Re: Help on cURL POST to remote page with javascript

Posted: Sat Aug 07, 2010 5:19 am
by requinix
Their terms and conditions say that an "actual person may use the Site", with the implication that scripted or automated behavior is not allowed. Have you contacted them to ask if writing a script to use their services would be permissible?

Also, have you noticed the
[people can] send up to two (2) free faxes per day, each fax not to exceed nine (9) pages in length (plus the cover page.) and not to exceed 10MBs in size
clause?

Re: Help on cURL POST to remote page with javascript

Posted: Sat Aug 07, 2010 5:31 am
by andreevpopov
tasairis wrote:Their terms and conditions say that an "actual person may use the Site", with the implication that scripted or automated behavior is not allowed. Have you contacted them to ask if writing a script to use their services would be permissible?

Also, have you noticed the
[people can] send up to two (2) free faxes per day, each fax not to exceed nine (9) pages in length (plus the cover page.) and not to exceed 10MBs in size
clause?
Thanks for your reply, but I'm not trying to build a script to mass-fax automatically. My script is intended to be incorporated into the company employee's interfaces which would allow them to manage their messaging, such that they can do faxing, e-mailing, etc, all within the company system. It would still be an "actual person" using the page (i.e. the employee), and they are aware of the sending limit.

Re: Help on cURL POST to remote page with javascript

Posted: Sat Aug 07, 2010 7:58 am
by requinix
andreevpopov wrote:Thanks for your reply, but I'm not trying to build a script to mass-fax automatically. My script is intended to be incorporated into the company employee's interfaces which would allow them to manage their messaging, such that they can do faxing, e-mailing, etc, all within the company system. It would still be an "actual person" using the page (i.e. the employee), and they are aware of the sending limit.
I'm glad to hear that. Have you contacted them to ask if writing a script to use their services would be permissible?

Re: Help on cURL POST to remote page with javascript

Posted: Sat Aug 07, 2010 8:53 am
by andreevpopov
tasairis wrote:
andreevpopov wrote:Thanks for your reply, but I'm not trying to build a script to mass-fax automatically. My script is intended to be incorporated into the company employee's interfaces which would allow them to manage their messaging, such that they can do faxing, e-mailing, etc, all within the company system. It would still be an "actual person" using the page (i.e. the employee), and they are aware of the sending limit.
I'm glad to hear that. Have you contacted them to ask if writing a script to use their services would be permissible?
I have sent an e-mail to them but haven't got any reply yet. I guess I had better wait for that answer then :D

Re: Help on cURL POST to remote page with javascript

Posted: Mon Aug 09, 2010 1:13 pm
by andreevpopov
I updated my script polished out some useless lines of code, but I still couldn't get it to work. I did a watch on the packets sent by the webpage on normal use and I found that it had the following cookies.

[output from Wireshark]

Code: Select all

Cookie: __utmz=88471047.1280829735.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SSLB=1; SSID=AgB6lCkAAAAAJ-lXTKasAQEn6VdMCgApI2BMAAAAAAAAAAApI2BMAQAJAAAAygAAAAA; SSSC=1.G5501121823586233510.10.9.202; SSRT=KSNgTAE; ASP.NET_SessionId=hjscdafaki3d3m45fngdpmft; ProtusIPSolutions=4211124416.23808.0000; __utma=88471047.1550346862.1280829735.1281355449.1281368864.10; __utmc=88471047; __utmb=88471047.2.10.1281368864
However, only the cookies " ASP.NET_SessionId" and "ProtusIPSolutions" are present when I access the page through cURL:

[headers captured from cURL script, line 41-46 below in PHP script]

Code: Select all

Set-Cookie: ASP.NET_SessionId=lubhg1i52no5gz45pgwh4ly3; path=/; HttpOnly
Set-Cookie: ProtusIPSolutions=4211124416.23808.0000; expires=Mon, 09-Aug-2010 17:56:00 GMT; path=/
I'm not sure if those cookies are the key to the my problem, though.
Would someone please help me on the code and drop me a hint to point me in the right direction? Many thanks!

Code: Select all

<?php
//target page url
$strPage_url = 'www.myfax.com/free/';

//create array of data to be posted
$arrPost_data = array (
	'ctl00$MainSection$tbRecipientName' => 'Recipient', //max length = 50
	'ctl00$MainSection$tbRecipientCompany' => 'RecipientCompany', //max length = 50
	'ctl00$MainSection$tbRecipientFaxNumber' => '+1 (206) 202-8273', //recipient fax
	'ctl00$MainSection$ddlRecipientCountry' => html_entity_decode ('{"c":{"i":"2","n":"United States","t":"1","s":"US"},"m":{"i":"1","v":"+1 (###) ###-####","d":"","f":"","c":"","r":""}}'), //
	'ctl00$MainSection$tbSenderName' => 'Sender', //max length = 50
	'ctl00$MainSection$tbSenderCompany' => 'SenderCompany', //max length = 50
	'ctl00$MainSection$tbSenderEmailAddress' => 'abc@example.com', //email
	'ctl00$MainSection$fileUpload' => '@/files/file.pdf', //file
	'ctl00$MainSection$tbMessage' => 'hello world!',//message
	'__EVENTTARGET' => '',
	'__EVENTARGUMENT' => '',
	'__VIEWSTATEENCRYPTED' => '',
	'ctl00$MainSection$meeRecipientFaxNumber_ClientState' => '',
	'ctl00$MainSection$tbFriend1' => '',
	'ctl00$MainSection$tbFriend2' => '',
	'ctl00$MainSection$tbFriend3' => '',
	'ctl00$MainSection$ibSendFax.x' => 39, //? unknown number
	'ctl00$MainSection$ibSendFax.y' => 17, //? unknown number
	'ctl00$MainSection$hfRecipientFaxNumber' => 12062028273,
	'ctl00$MainSection$hfRecipientFaxNumberMask' => '+1 (999) 999-9999',
	'ctl00$MainSection$hfRecipientFaxNumberCountryId' => 2,
	'ctl00$MainSection$hfRecipientFaxNumberMaskId' => 1,
	'ctl00$MainSection$hfTimeZone' => '-480',
	'ctl00$MainSection$hfModalMessage' => '',
	'hiddenInputToUpdateATBuffer_CommonToolkitScripts' => 1 //?
	);

//visit the page and get cookies
$curl_connection = curl_init ($strPage_url);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_REFERER, "http://www.myfax.com/free/");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($curl_connection, CURLOPT_COOKIEJAR, 'CURLCOOKIE');
curl_setopt($curl_connection, CURLOPT_HEADER, true);
$strGet_page_contents = curl_exec ($curl_connection);

//log the page
$fhGet_page = fopen ( 'Get_page.html' , 'w' );
fwrite ( $fhGet_page , $strGet_page_contents );
fclose ( $fhGet_page );

//several variables unique to each visit
	if ( preg_match ( '/"__VIEWSTATE"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrView_state ) ) {
		$strView_state = $arrView_state[1];
		$arrPost_data['__VIEWSTATE'] = $strView_state;
	}
	if ( preg_match ( '/"__EVENTVALIDATION"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrEvent_validation ) ) {
		$strEvent_validation = $arrEvent_validation[1];
		$arrPost_data['__EVENTVALIDATION'] = $strEvent_validation;
	}
	if ( preg_match ( '/AjaxControlToolkit\.NoBotBehavior, \{"ChallengeScript":"~([\d]+?)"/' , $strGet_page_contents , $arrAnti_spam ) ) {
		$strAnti_spam = $arrAnti_spam[1];
		$intAnti_spam_value = ~intval($strAnti_spam);
		$arrPost_data['ctl00$MainSection$nbAntiSpam$nbAntiSpam_NoBotExtender_ClientState'] = $intAnti_spam_value;
	}

//escape the $'s
foreach ( $arrPost_data as $key => $value ) {
	$strNew_key = str_replace ( '$' , '\$' , $key );
	$strNew_value = str_replace ( '$' , '\$' , $value );
	$arrPost_data[$strNew_key] = $strNew_value;
	if ( $strNew_key != $key ) {
		unset ( $arrPost_data[$key] );
	}
}

//traverse array and prepare data for posting (key1=value1)
foreach ( $arrPost_data as $key => $value) {
	$arrPost_items[] = urlencode ( $key ) . '=' . urlencode ( $value );
}

//create the final string to be posted using implode()
$strPost_string = implode ('&', $arrPost_items);

//create cURL connection
$curl_connection = curl_init($strPage_url);

//set options
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_REFERER, "http://www.myfax.com/free/");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_HEADER, true);

//set cookie
curl_setopt ($curl_connection, CURLOPT_COOKIEFILE, 'CURLCOOKIE');
unlink ( 'CURLCOOKIE' );

//set header
$arrHeaders = array ( 'Host' => 'www.myfax.com', 'Origin' => 'http://www.myfax.com' );
curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $arrHeaders );

//set data to be posted
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $strPost_string);

//perform our request
$strPost_page_contents = curl_exec($curl_connection);

//log the POST-resulting page
$fhPost_page = fopen ( 'Post_page.html' , 'w' );
fwrite ( $fhPost_page , $strPost_page_contents );
fclose ( $fhPost_page );

//show information regarding the request
echo "<pre>";
print_r(curl_getinfo($curl_connection));
echo curl_errno($curl_connection) . '-' . curl_error($curl_connection);
echo "<hr>";
var_dump ($strPost_string);
echo "</pre>";

//close the connection
curl_close($curl_connection);
?>

Re: Help on cURL POST to remote page with javascript

Posted: Wed Aug 11, 2010 2:01 am
by andreevpopov
I revised my script based on some more researches, but the script still couldn't work.

I suspect that either or both of these are causing the error - correct me if I am wrong:

(1) Content-type not correctly set.
The output of the script shows

Code: Select all

Array
(
    [url] => http://www.myfax.com/free/
    [content_type] => text/html; charset=utf-8
    [http_code] => 200
    [header_size] => 403
    [request_size] => 375
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 1.191971
    [namelookup_time] => 2.3E-5
    [connect_time] => 3.0E-5
    [pretransfer_time] => 3.2E-5
    [size_upload] => 1513
    [size_download] => 50184
    [speed_download] => 42101
    [speed_upload] => 1269
    [download_content_length] => 50184
    [upload_content_length] => 1513
    [starttransfer_time] => 0.22402
    [redirect_time] => 0
)
0-
Does this mean that cURL has sent my data as text/html? I suspect that the server requires application/x-www-form-urlencoded because that is what I see when I inspect the network packets sent through a normal submission.

(2) cookies missing.

I inspected the code and found out that the cookies "__utmz", "__utma", "__utmc" and "__utmb" are used by Google Analytics, so, I think that it is safe to ignore these.

With CURLOPT_HEADER set to TRUE, I found out that the script was able to read and pass back the cookies "ASP.NET_SessionId" and "ProtusIPSolutions".

That leaves the remaining cookies as "SSLB", "SSSC" and "SSRT". A google on these cookies seemed to indicate that they are from a service called SiteSpect, but I failed to find any additional information on this. And I failed to find where, or how these cookies are generated by inspecting the script.

Would someone please drop a hint and point me in the right direction please? Many thanks!

Here is the PHP code of my script:

Code: Select all

<?php
//target page url
$strPage_url = 'http://www.myfax.com/free/';

//create array of data to be posted
$arrPost_data = array (
	'ctl00$MainSection$tbRecipientName' => 'Recipient', //max length = 50
	'ctl00$MainSection$tbRecipientCompany' => 'RecipientCompany', //max length = 50
	'ctl00$MainSection$tbRecipientFaxNumber' => '+1 (206) 202-8273', //recipient fax
	'ctl00$MainSection$ddlRecipientCountry' => html_entity_decode ('{"c":{"i":"2","n":"United States","t":"1","s":"US"},"m":{"i":"1","v":"+1 (###) ###-####","d":"","f":"","c":"","r":""}}'),
	'ctl00$MainSection$tbSenderName' => 'Sender', //max length = 50
	'ctl00$MainSection$tbSenderCompany' => 'SenderCompany', //max length = 50
	'ctl00$MainSection$tbSenderEmailAddress' => 'abc@example.com', //email
	'ctl00$MainSection$fileUpload' => '@/files/file.pdf', //file
	'ctl00$MainSection$tbMessage' => 'hello world', //message
	'ctl00$MainSection$ibSendFax.x' => mt_rand ( 1 , 182 ), //coordinate of <input type="image">
	'ctl00$MainSection$ibSendFax.y' => mt_rand ( 1 , 40 ), //coordinate of <input type="image">
	'__EVENTTARGET' => '',
	'__EVENTARGUMENT' => '',
	'__VIEWSTATEENCRYPTED' => '',
	'ctl00$MainSection$meeRecipientFaxNumber_ClientState' => '',
	'ctl00$MainSection$tbFriend1' => '',
	'ctl00$MainSection$tbFriend2' => '',
	'ctl00$MainSection$tbFriend3' => '',
	'ctl00$MainSection$hfRecipientFaxNumber' => 12062028273,
	'ctl00$MainSection$hfRecipientFaxNumberMask' => '+1 (999) 999-9999',
	'ctl00$MainSection$hfRecipientFaxNumberCountryId' => 2,
	'ctl00$MainSection$hfRecipientFaxNumberMaskId' => 1,
	'ctl00$MainSection$hfTimeZone' => '-480',
	'ctl00$MainSection$hfModalMessage' => '',
	'hiddenInputToUpdateATBuffer_CommonToolkitScripts' => 0
	);

//several variables unique to each visit
	if ( preg_match ( '/"__VIEWSTATE"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrView_state ) ) {
		$strView_state = $arrView_state[1];
		$arrPost_data['__VIEWSTATE'] = $strView_state; //
	}
	if ( preg_match ( '/"__EVENTVALIDATION"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrEvent_validation ) ) {
		$strEvent_validation = $arrEvent_validation[1];
		$arrPost_data['__EVENTVALIDATION'] = $strEvent_validation; //
	}
	if ( preg_match ( '/AjaxControlToolkit\.NoBotBehavior, \{"ChallengeScript":"~([\d]+?)"/' , $strGet_page_contents , $arrAnti_spam ) ) {
		$strAnti_spam = $arrAnti_spam[1];
		$intAnti_spam_value = ~intval($strAnti_spam);
		$arrPost_data['ctl00$MainSection$nbAntiSpam$nbAntiSpam_NoBotExtender_ClientState'] = $intAnti_spam_value; //
	}

//preparing data for posting
	//1. escape the $'s
	foreach ( $arrPost_data as $key => $value ) {
		$strNew_key = str_replace ( '$' , '\$' , $key );
		$strNew_value = str_replace ( '$' , '\$' , $value );
		$arrPost_data[$strNew_key] = $strNew_value;
		if ( $strNew_key != $key ) {
			unset ( $arrPost_data[$key] );
		}
	}
	//2. traverse array and prepare data for posting (key1=value1)
	foreach ( $arrPost_data as $key => $value) {
		$arrPost_items[] = urlencode ( $key ) . '=' . urlencode ( $value );
	}
	//3. create the final string to be posted using implode()
	$strPost_string = implode ('&', $arrPost_items);

//set page url
$curl_connection = curl_init ($strPage_url);

//set curl options
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_REFERER, "http://www.myfax.com/free/");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($curl_connection, CURLOPT_COOKIEJAR, 'CURLCOOKIE');
curl_setopt($curl_connection, CURLOPT_HEADER, true);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);

//visit page to get cookies
$strGet_page_contents = curl_exec ($curl_connection);

//log page
$fhGet_page = fopen ( 'Get_page.html' , 'w' );
fwrite ( $fhGet_page , $strGet_page_contents );
fclose ( $fhGet_page );

//2nd curl connection

//set header
$arrHeaders = array (
	'Host: http://www.myfax.com',
	'Origin: http://www.myfax.com',
	'Content-type: application/x-www-form-urlencoded'
	);
curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $arrHeaders );

//set data to be posted
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $strPost_string);

//set cookie
curl_setopt ($curl_connection, CURLOPT_COOKIEFILE, 'CURLCOOKIE');

//post to page
$strPost_page_contents = curl_exec($curl_connection);

//log the page
$fhPost_page = fopen ( 'Post_page.html' , 'w' );
fwrite ( $fhPost_page , $strPost_page_contents );
fclose ( $fhPost_page );

//show information regarding the request
echo "<pre>";
print_r(curl_getinfo($curl_connection));
echo curl_errno($curl_connection) . '-' . curl_error($curl_connection);
echo "<hr>";
var_dump ($strPost_string);
echo "</pre>";

//close the connection
curl_close($curl_connection);
?>

Re: Help on cURL POST to remote page with javascript

Posted: Fri Aug 13, 2010 3:06 am
by andreevpopov
I updated my script but I still couldn't get the script to work. What I mean by this is that -

when I use a browser to open the page and submit a fax, I would receive a confirmation email with a "confirmation link" in it. This is what I expect would happen if the script runs successfully. However, so far I have received no confirmation emails after using the script to submit my fax. Hence, I am still debugging the script to try to get it to work.

Would someone please point me in the right direction please? Many thanks!

Further details:

(1) my updated script

Code: Select all

<?php
//target page url
$strPage_url = 'http://www.myfax.com/free/';

//create array of data to be posted
$arrPost_data = array (
	'ctl00$MainSection$tbRecipientName' => 'Recipient', // max length = 50
	'ctl00$MainSection$tbRecipientCompany' => 'RecipientCompany', //max length = 50
	'ctl00$MainSection$tbRecipientFaxNumber' => '+1 (206) 202-8273', //recipient fax
	'ctl00$MainSection$ddlRecipientCountry' => html_entity_decode ('{"c":{"i":"2","n":"United States","t":"1","s":"US"},"m":{"i":"1","v":"+1 (###) ###-####","d":"","f":"","c":"","r":""}}'),
	'ctl00$MainSection$tbSenderName' => 'Sender', //max length = 50
	'ctl00$MainSection$tbSenderCompany' => 'SenderCompany', //max length = 50
	'ctl00$MainSection$tbSenderEmailAddress' => 'abc@example.com', //email
	'ctl00$MainSection$fileUpload' => '@/files/file.pdf', //file
	'ctl00$MainSection$tbMessage' => 'hello world!', //message
	'ctl00$MainSection$ibSendFax.x' => mt_rand ( 1 , 182 ),
	'ctl00$MainSection$ibSendFax.y' => mt_rand ( 1 , 40 ),
	'__EVENTTARGET' => '',
	'__EVENTARGUMENT' => '',
	'__VIEWSTATEENCRYPTED' => '',
	'ctl00$MainSection$meeRecipientFaxNumber_ClientState' => '',
	'ctl00$MainSection$tbFriend1' => '',
	'ctl00$MainSection$tbFriend2' => '',
	'ctl00$MainSection$tbFriend3' => '',
	'ctl00$MainSection$hfRecipientFaxNumber' => 12062028273,
	'ctl00$MainSection$hfRecipientFaxNumberMask' => '+1 (999) 999-9999',
	'ctl00$MainSection$hfRecipientFaxNumberCountryId' => 2,
	'ctl00$MainSection$hfRecipientFaxNumberMaskId' => 1,
	'ctl00$MainSection$hfTimeZone' => '-480',
	'ctl00$MainSection$hfModalMessage' => '',
	'hiddenInputToUpdateATBuffer_CommonToolkitScripts' => 0
	);

//several variables unique to each visit
	if ( preg_match ( '/"__VIEWSTATE"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrView_state ) ) {
		$strView_state = $arrView_state[1];
		$arrPost_data['__VIEWSTATE'] = $strView_state; //
	}
	if ( preg_match ( '/"__EVENTVALIDATION"[\s]+?value="([\s\S]+?)"/' , $strGet_page_contents , $arrEvent_validation ) ) {
		$strEvent_validation = $arrEvent_validation[1];
		$arrPost_data['__EVENTVALIDATION'] = $strEvent_validation; //
	}
	if ( preg_match ( '/AjaxControlToolkit\.NoBotBehavior, \{"ChallengeScript":"~([\d]+?)"/' , $strGet_page_contents , $arrAnti_spam ) ) {
		$strAnti_spam = $arrAnti_spam[1];
		$intAnti_spam_value = ~intval($strAnti_spam);
		$arrPost_data['ctl00$MainSection$nbAntiSpam$nbAntiSpam_NoBotExtender_ClientState'] = $intAnti_spam_value; //
	}

//preparing data for posting
	foreach ( $arrPost_data as $key => $value ) {
		//1. escape the $'s
		$strNew_key = str_replace ( '$' , '\$' , $key );
		$strNew_value = str_replace ( '$' , '\$' , $value );
		//2. urlencode
		$strNew_key = urlencode ( $strNew_key );
		$strNew_value = urlencode ( $strNew_value );
		$arrPost_data[$strNew_key] = $strNew_value;
		if ( $strNew_key != $key ) {
			unset ( $arrPost_data[$key] );
		}
	}

//set page url
$curl_connection = curl_init ($strPage_url);

//set curl options
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)");
curl_setopt($curl_connection, CURLOPT_REFERER, "http://www.myfax.com/free/");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, 'CURLCOOKIE');
curl_setopt($curl_connection, CURLOPT_HEADER, true);
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);

//visit page to get cookies
$strGet_page_contents = curl_exec ($curl_connection);

//log page
$fhGet_page = fopen ( 'Get_page.html' , 'w' );
fwrite ( $fhGet_page , $strGet_page_contents );
fclose ( $fhGet_page );

//2nd curl connection

//set headers: mimic a firefox connection
$arrHeaders = array (
	'Host: http://www.myfax.com',
	'Origin: http://www.myfax.com',
	'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
	'Accept-Language: en-us,en;q=0.5',
	'Accept-Encoding: gzip,deflate',
	'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7',
	'Keep-Alive: 115',
	'Connection: keep-alive'
	);
curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $arrHeaders );

//set data to be posted
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $arrPost_data);

//display headers
curl_setopt($curl_connection, CURLINFO_HEADER_OUT, true);

//post to page
$strPost_page_contents = curl_exec($curl_connection);

//log the page
$fhPost_page = fopen ( 'Post_page.html' , 'w' );
fwrite ( $fhPost_page , $strPost_page_contents );
fclose ( $fhPost_page );

//show information regarding the request
echo "<pre>";
print_r(curl_getinfo($curl_connection, CURLINFO_HEADER_OUT));
echo curl_errno($curl_connection) . '-' . curl_error($curl_connection);

//close the connection
curl_close($curl_connection);
?>
(2) output from my script

Code: Select all

POST /free/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)
Referer: http://www.myfax.com/free/
Cookie: ProtusIPSolutions=4211124416.20992.0000; ASP.NET_SessionId=yez3aw55s03jsv45412qbb45
Host: www.myfax.com
Origin: http://www.myfax.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 3737
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------9add31cf2d64

0-

Re: Help on cURL POST to remote page with javascript

Posted: Fri Aug 13, 2010 3:09 am
by andreevpopov
(3) a normal POST request, captured from Wireshark

Code: Select all

POST /free/ HTTP/1.1
Host: www.myfax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.myfax.com/free/
Cookie: SSID=AgABRCkIAAAAM3ZQTGq1DAEzdlBMGgAAAAAA5jRdTAAAAAB6hWJMAAAAAAAAAAAAAAAJAAAAM3ZQTA; SSRT=241iTAE; __utma=88471047.1847435192.1280341560.1281500199.1281525105.28; __utmz=88471047.1281176797.15.8.utmcsr=forums.devnetwork.net|utmccn=(referral)|utmcmd=referral|utmcct=/viewtopic.php; __utma=1.873224143.1280342275.1281110208.1281114508.6; __utmz=1.1281114508.6.4.utmcsr=cogito-lab.com|utmccn=(referral)|utmcmd=referral|utmcct=/auto_fax.php; velaroret1336=5; myfaxAff=aid=AFCJ; AffiliateID=AFCJ; SSLB=1; SSSC=1.G5499025106452395370.26.0.0; ASP.NET_SessionId=r2tlytvtzmxc2345wltujo2v; ProtusIPSolutions=4211124416.23552.0000; __utmb=88471047.10.10.1281525105; __utmc=88471047
Content-Type: multipart/form-data; boundary=---------------------------162821245525734
Content-Length: 148474

-----------------------------162821245525734
Content-Disposition: form-data; name="__EVENTTARGET"


-----------------------------162821245525734
Content-Disposition: form-data; name="__EVENTARGUMENT"


-----------------------------162821245525734
Content-Disposition: form-data; name="__VIEWSTATE"

6FRCtipZkwPS+BOe460IstebLyjkF7sZ0ZT0vmq9PeIj9ZMsF+/RNkusQb/w7PmvuTBXVj9Xc0DdN2+BlixAfR8PFRtgKe25yIMi5qYgPVSpExVqfq42TltNHzvmFivXerfsSQSlDYl7hXZMGXMv27s07hYJXfSkpESayZH3Im7+AsBHWBAtjMY1oEk/giy3B/AHZ1JCF7Xs5RPkUO63178hnARohziXHB7Qdp+TCZF0ZitJXaS6deN3AwDjkJ5KpiZHqwTB55uOMstjeP7ISIi5naYbkcc3uyYm04k1wIMGm18gGKElH12cMxYDn4igHcBtUD0uDSV7aZSwl5/huqz6cccSjXWTZVxWvYeNtW6h+UjmYPdFSBqiIfei9oyoYTHidP56WWi/3TXdv6Hw3EV9CtwNO3IxYbagZmotiL6NvKsUSCJMs6ub1qVYN0AmQ9Bm/ImoJX+E/tvOHoeTibvvjEwa2BE0bcXH2eb/uAy8vZqCa+oUH1EE49saBIKevpSfo4uhjcaHZtrSYlF9UvYf10iVJx+TzsixItsHv/mupeSSqzCjO/DWKx3mpIbZQVR95oGCCjLKMeIxOWVrE2Wwr58Mw5DHzLYX1YnY/hWpCmwzqrW4HCiHL/sgARxDH7bgnjHFUWfEegWynWR5NBN1DWPEG+qtH1xWVUmknS+OFKgt49FZAFE5hrR8EExy264/oAeVVhwoLuTJ9MypEoKMS+9rFsT9B7/n69mvsgF/mLv+Zl6pqHMv/0JeDHvH6uEf373nByti3u1h48q1/BohissgisOCdizSdfulcdcZghsvaG83JHcyYweE3MW08+M+zIRAD9dagdmNResmrSXTDDmlapzM9/K1Fmlc4KMlK/fsJQVo81NQNrgndjMbw9jGuPsv17O2SzX0vX2v0Nn6VmdLHc3IEBnBHujwp/HxxqSApkKer8mUk3nBp7QgmLLlYUjdmxUdI2p6aChdZZjuHKXVHspItNVPuP+FWQUrqB4c7O/jhUxzOzbio+0fZ3GqsZbMiOvQ88pHNjxQP27oqXCF/L7hwvwLqznkMHSMU3KS9seK3oiZUYcXG6IoMaMien96nBysNKR9xo2F4e516Lf4yMm9vqR1s7sGJyqQVJ6N7m3Vg+Ov8L1CzkiNFhKFwTdqD0qryP3FZ1Mr+Q/OAapksS3fUHxtZwrFzKfGPCE2x/K2rIjTZZTGh3YMZektY6YfZtDyiWaPSRv+DEMvA06mjiM7eS5U5MATPAfKWORxCJ7fEPhlt+pzMfNewj9RfSOZh0cTcQ+u0lT1vxvxWySqI3PpKMVrzZfOBrWsX/dpuZWanrHUgfF7QGmfxtHqJuyK57P+XsxKuH/cojvycPtvOoY1M7L76A9P55PMFf8/x7LR3ZPgqXu6q3HzB9QMNlASjX9h55C5tCnhViQXqwzIizGB5oBuK6fKNEaSzHHXL1Haf6BVeNOatV85IVPiE0JNJLenaqzmcZppfZwonzz5Fnwka/xKywqtdIVfibvLbqGppd7U+m+HiQHj2E++CKFDeOE9zaFUjXycX8LQH6RIIWWMDbi/aZPoWtUXs7srxVTC7H+3XYbEt3MResuhD0j/bQmAvfiQ4kU7ZSKpkr61DVBTVnRIsrG62ZDhynUbOKxxqdUEG4HXguyGN5+bS5bimiwxvyfRsISLG49FYwo+jTm/gMVwiw10qa2G2Z80+kwrl2RjthA9eUxDUa0yKUOXUPikJ+BaBSlVciAmOJyOUeUBBvkePqR0Bh2j6tgPUVRHic42K9a6qDh0YwtDWRtujrdgUdCNsE5QC0OupCdKWnkP0z6TUc56d3Q6ZinVZ1Bl9yoRrqZ0Ms8PHYEs5ciIl0xaLgy1OtJfef3x7SW43Jh8XO8sjB+ZAzx/VIizB5BMqRQ/sgzqSJQM4aujouBmoGmEVYoJuV5BcqLdet28s9ZULrb2Ncu++BmqUZPUVyc3wbPqZAiNCuliq4Cidn5dId0j+FNPaeMoBSwbEkMxyyi3GOyN90cAYBAJdXhDaI9MS1Z69SuC90G7uq9gXYCUzijB9O93sBlgVo2YgEXSREyjLbqxd+mslkLvg9qQRVnHeHikYct9e8mObliK7hL4yHE8uEKpD0DKzexjVwLWxHEr63Yu3vXS179LQVJXvXEytdbag2lbP9CywMtc/p7qXUZv7FmG8Dbt9/qNqPCN0dAdQiYCruCFRgQ=
-----------------------------162821245525734
Content-Disposition: form-data; name="__VIEWSTATEENCRYPTED"


-----------------------------162821245525734
Content-Disposition: form-data; name="__EVENTVALIDATION"

KIERL6+Sc+++cILAxQvrHn0Hk2XYcu/lEql4ige5KP7t1Bo01nOliNfci+COsWSv0edaQ9M2J7D3X1KgIcmo1rUYYI9QGAfsiSL5S56Gl+tsyfQL42TxViyxp7IPGWg3SnWNdgB3aHbc43iS8gMrKujFLoO1J6W1tEa+3+NwouWA2sqdwa3PUL678qS3t/NtzEFraYfy6q9WX53xjlFgKJwLgl6J2uR1ZkDlqWYs+eN4I4jqrBn01db2sgNor3hTl2iS4B/ANmvxdNh/AsEVjBXWDLy6lk08ry7UHOUHqHeUq337BoxFgejcw4Xpwtdi0DTDnL8jD4rz6PnbzvB5dilE5jGvO2ib2mtpPjVs+GhsL/Pa6dJVcQ9MF1oS/OtR+qDH4itQ46+lJZ+RwVjmorTs3hzgO8Dxjy30u0RvU/SxCRMafDGJ6Dq2uNvKxzwFze+H+yHiuXHOcpeXV0Kj95I1+bRwRfKfabHmcYZ/xod+/UJ/U+SE5h5acAPYsTbVnd3u+cdPJq75nKoOKCO0VQ==
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$nbAntiSpam$nbAntiSpam_NoBotExtender_ClientState"

-241
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbRecipientName"

Recipient
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbRecipientCompany"

RecipientCompany
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$ddlRecipientCountry"

{"c":{"i":"2","n":"United States","t":"1","s":"US"},"m":{"i":"1","v":"+1 (###) ###-####","d":"","f":"","c":"","r":""}}
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbRecipientFaxNumber"

+1 (206) 202-8273
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$meeRecipientFaxNumber_ClientState"


-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbSenderName"

Sender
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbSenderCompany"

SenderCompany
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbSenderEmailAddress"

abc@example.com
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$fileUpload"; filename="file.pdf"
Content-Type: application/pdf

[PDF DETAILS REMOVED TO SAVE SPACE]

-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbMessage"

helloworld
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbFriend1"


-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbFriend2"


-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$tbFriend3"


-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$ibSendFax.x"

84
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$ibSendFax.y"

6
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$hfRecipientFaxNumber"

12062028273
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$hfRecipientFaxNumberMask"

+1 (999) 999-9999
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$hfRecipientFaxNumberCountryId"

2
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$hfRecipientFaxNumberMaskId"

1
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$hfTimeZone"

-480
-----------------------------162821245525734
Content-Disposition: form-data; name="ctl00$MainSection$hfModalMessage"


-----------------------------162821245525734
Content-Disposition: form-data; name="hiddenInputToUpdateATBuffer_CommonToolkitScripts"

0
-----------------------------162821245525734--