0

This issue comes from a situation that may look strange, but this purpose is fully intentional.

Here is the scenario : I have 3 scripts (let's call them A, B and C). Each one has to be executed every 5 seconds, with a specific cookie.

I wanted to automate the execution of these scripts with another one called "start.php", using cURL, which should set the proper cookie before executing any of those scripts.

Summary :

  1. I call 'start.php' manually
  2. start.php sets the cookie A, then calls A.php
  3. Idem with B.php and C.php and proper cookies
  4. Repeat every 5 seconds.

Here is what my script from start.php looks like : 

   function startCrawling()
    {

    $currentChall = 1;
    $cookieValue = "";

    for ($currentChall = 0; $currentChall <= 3; $currentChall++) {

        $sql = getConnection()->prepare("SOME STUFF HERE");
        if ($sql->execute()) {
            while ($row = $sql->fetch(PDO::FETCH_ASSOC)) {
                if ($row['idChallenge'] == $currentChall) {
                    $cookieValue = $row['token'];
                    break;
                }
            }
        }

        sendRequest($currentChall, $cookieValue);
        sleep(1);
    }
}

    /**
    * Send the request to the given script
    */
    function sendRequest($id, $cookieValue)
    {
        $params = [
        'password' => 'p4ssw0rd'
    ];
    $defaults = array(
        CURLOPT_URL => 'http://localhost/script' . $id . '.php',
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => $params,
        CURLOPT_HTTPHEADER => array("Cookie: AdminToken=".$cookieValue),

        CURLOPT_VERBOSE => true
    );
    $ch = curl_init();
    curl_setopt_array($ch, $defaults);

    $content = curl_exec($ch);
    curl_close($ch);

     if ($content === false) {
        echo 'Erreur Curl : ' . curl_error($ch);
     }
}

BUT, at the end, even if every script has been executed, the only value sent as a cookie is the PHPSSID (seen in my requestb.in). I have been searching workarrounds for 2 days, but I can't find any similar problem on the web.

Any help would be truly appreciated.

(Edited due to comments suggestion)

MedAl
  • 457
  • 3
  • 19
  • 1
    I don't see any cookies in the `curl` options. – Barmar Aug 09 '17 at 09:08
  • Cookies set by `setcookie()` aren't used by `curl`, they're just sent to the client that called the script. See https://stackoverflow.com/questions/16872082/how-can-i-send-cookies-using-php-curl-in-addition-to-curlopt-cookiefile for how to send cookies with `curl` – Barmar Aug 09 '17 at 09:12
  • The fact is I already found this topic, but when I tried to cope with the provided answer, my requestb.in won't display anything else that the PHPSSID, and not my custom cookie – MedAl Aug 09 '17 at 09:23
  • Post that code and we can reopen the question. – Barmar Aug 09 '17 at 09:24
  • The code and results have been updated – MedAl Aug 09 '17 at 09:27
  • You're missing the `$cookieValue` parameter in the `sendRequest` function definition. – Barmar Aug 09 '17 at 09:29
  • My bad, just failed my copy past. It was well written in the original script – MedAl Aug 09 '17 at 09:31
  • You need to call `sendRequest()` inside the `while` loop. Otherwise you're just using the cookie from the last row returned by the query. – Barmar Aug 09 '17 at 09:34
  • Doesn't the "break" instruction already avoid it ? – MedAl Aug 09 '17 at 09:38
  • Oops, missed that. Why don't you put a `WHERE` clause in the query that matches that `idChallenge`, so you don't have to loop? – Barmar Aug 09 '17 at 09:39
  • Haha sure, I didn't even think about it ! I'll do that :) – MedAl Aug 09 '17 at 09:40
  • Now I can't see any reason why the cookie isn't sent. And it shouldn't be sending the `PHPSESSID` cookie at all. Are you sure you're looking at the cookies being sent in `curl`, not the cookies in your browser? – Barmar Aug 09 '17 at 09:42
  • The situation is a bit tricky. This script is intended to faint an "administrator" having an admin cookie, and the 3 scripts called A, B, C are pages vulnerable to XSS (security training session). So, what the requestbin shows me is the result of an xss sending the document.cookie of my "fake admin" represented by the curl script. – MedAl Aug 09 '17 at 09:45
  • What is "requestbin"? BTW, the loop is sending to 4 scripts, not 3. `$currentChall` will be 0, 1, 2, 3. – Barmar Aug 09 '17 at 09:49
  • This is https://requestb.in, an online inspector for HTTP request :) Don't worry about the little details of the script, I had to simplify a few things to post it here, and only mention 3 scripts in my question but there is a few more in the real case – MedAl Aug 09 '17 at 12:14

0 Answers0