1

I have a webapp that needs to be able to recreate the post actions of application provided by our vendor. The application allows the user to log in or out of phone workgroups. I have captured the HTTP Post request that the application is sending to initiate a session and to log the user in and out of the workgroups. I would like to recreate these POSTs in PHP using CURL, but I am having some issues getting the POST correct.

The post I am trying to emulate as captured from WireShark looks like this :

POST /Login?timeout=6 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 10.1.##.##:5447
Content-Length: 160
Expect: 100-continue
Connection: Keep-Alive

{"username":"joell","user-auth-token":"TOKENTOKENTOKEN","user-role":"admin_role","client-type":3,"app-id":"cmwin.18.62.7800.0"}

Response 

HTTP/1.1 200 OK
Content-Length: 58
Content-Type: text/plain; charset=UTF-8
Connection: Keep-Alive
Cache-Control: no-store
Date: Fri, 03 Apr 2015 13:08:42 GMT
Expires: Fri, 03 Apr 2015 13:08:42 GMT
Access-Control-Allow-Origin: *
Set-Cookie: SessionId=2006727099

My php code atempting to recreate this is:

$data = array(
            "username" => "joell",
            "user-auth-token" => "TOKENTOKENTOKEN",
            "user-role" => "admin_role",
            "client-type" => 3,
            "app-id" => "cmwin.18.62.7800.0"
            );                                                                    
    $data_string = json_encode($data);                                                                                   

    $curl = curl_init('http://10.1.##.##:5447/Login?timeout=6');                                                                      
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");                                                                     
    curl_setopt($curl, CURLOPT_POSTFIELDS, $data_string);                                                                  
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);                                                                      
    curl_setopt($curl, CURLOPT_HTTPHEADER, array(                                                                          
        'Content-Type: application/x-www-form-urlencoded',                                                                                
        'Content-Length: ' . strlen($data_string),
        'Expect: 100-continue',
        'Connection: Keep-Alive')                                                                       
    );   

    if(!curl_exec($curl)){
        die('Error: "' . curl_error($curl) . '" - Code: ' . curl_errno($curl));
    }
    $result = curl_exec($curl);
    print_r($result);
    curl_close($curl);

The request that my script is generating is:

POST /Login?timeout=6 HTTP/1.1
Host: 10.1.##.##:5447
Accept: */*
Content-Type: application/x-www-form-urlencoded
Content-Length: 160
Expect: 100-continue
Connection: Keep-Alive

{"username":"joell","user-auth-token":"TOKETOKETOKEN","user-role":"admin_role","client-type":3,"app-id":"cmwin.18.62.7800.0"}

Response 

HTTP/1.1 200 OK
Content-Length: 20
Content-Type: text/plain; charset=UTF-8
Connection: Keep-Alive
Cache-Control: no-store
Date: Fri, 03 Apr 2015 15:15:44 GMT
Expires: Fri, 03 Apr 2015 15:15:44 GMT
Access-Control-Allow-Origin: *

Currently the output of my PHP script is :

{"error":2147483650}
June Lewis
  • 355
  • 1
  • 6
  • 28
  • the first post request has the request body JSON encoded, you do it differently. Why don't you send the POST requet body as JSON? – hakre Apr 03 '15 at 14:38
  • @hakre I tried and received the exact same results. The code I used for the JSON request has been added to my question. – June Lewis Apr 03 '15 at 14:53
  • So now two versions. Regarding the request body which one is more correct? Which spec do you follow here. Any name of a software or any other kind of reference? – hakre Apr 03 '15 at 14:56
  • @hakr The software is the ShoreTel Unified Communications platform, and does not provide any reference. When I reached out to them they told me they could not provide any assistance, but that I should attempt to reverse engineer what the existing programs are doing. – June Lewis Apr 03 '15 at 14:58
  • I see, From the second variant with json_encde, how does the wireshark look like? – hakre Apr 03 '15 at 15:01
  • @hakre I just updated my question with the wireshark from my generated POST. – June Lewis Apr 03 '15 at 15:22
  • and did you spot any difference? I think this looks pretty much the same, doesn't it? probably the cookie is missing? Jup, this one: Set-Cookie: SessionId=2006727099 – hakre Apr 03 '15 at 15:37
  • @hakre How can I get my request to include this? – June Lewis Apr 03 '15 at 15:41
  • You need to have the session id first.But I can not say for certain because you didn't show any code so It's not that clear what you're doing precisely. I understand that you send two requests. But I can see only one done with curl. – hakre Apr 03 '15 at 15:44
  • @hakre This is the first data sent when the program initializes. It looked to me like it was generating the Session ID. I have eddited a bit for clarity because the POSTs both include the response. – June Lewis Apr 03 '15 at 15:50
  • You can fine-tweak to remove the accept header: http://stackoverflow.com/q/7638661/367456 – hakre Apr 03 '15 at 15:56
  • Thanks @hakre My post now looks identical, but is still getting the error. I am still trying to figure out why. – June Lewis Apr 03 '15 at 16:07
  • thats a good question. if the requests are now identical, the only difference seems to be the host, right? perhaps you need to get your IP configured? Also for the error number you get back, can you contact the service vendor and ask about that error number specifically? – hakre Apr 03 '15 at 16:10
  • @hakre The sending IP should not matter. The post I am trying to emulate is from a program that can be installed on any PC. The post is the very first item sent when the program initializes. Unfortunately my conversations with the vendor amount to: "Good for you if you can figure it out, but your on your own." – June Lewis Apr 03 '15 at 16:19
  • but the request is identical now, isn't it? – hakre Apr 03 '15 at 16:22
  • The only difference I can see is in the order of "Content-Type: application/x-www-form-urlencoded Host: 10.1.10.20:5447 " and "Host: 10.1.10.20:5447 Content-Type: application/x-www-form-urlencoded" could that make a difference? – June Lewis Apr 03 '15 at 16:24
  • it should not (see http://stackoverflow.com/q/750330/367456). you could try to change the order and see if it makes a difference. – hakre Apr 03 '15 at 16:26
  • @hakre No luck there. Guess I will need to keep experimenting. – June Lewis Apr 03 '15 at 16:42
  • keep on fighting, that's really a tough one. – hakre Apr 03 '15 at 17:53

0 Answers0