Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

IP Blocker

  1. Home
  2. Forum
  3. Programming
  4. IP Blocker

ghost's Avatar

ghost

0 0

Hey everyone. A client of mine has a script which uses cURL to login to a site and then echo back some info back to his site. He said it's been working fine for the last couple of months, but now he's having some problems.

The site he's trying to query has added a token, but obviously that's pretty easy to bypass. For some reason, whenever I try to login with cURL, I either get blocked from the site or just get a blank page back. I've spoofed a referrer, user agent, and headers, but no luck.

Do you guys have any ideas what's up? Here's part of my code.

$proxy = "221.130.13.41:80";
$headers = array (
		'HTTP_ACCEPT' => 'application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5', 
		'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5',
		'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
		'HTTP_KEEP_ALIVE' => '300',
		'HTTP_CONNECTION' => 'keep-alive',
		);      

//get token
$ch = curl_init();
curl_setopt($ch,CURLOPT_HTTPPROXYTUNNEL,0);
curl_setopt($ch,CURLOPT_PROXY,$proxy);
curl_setopt($ch, CURLOPT_HTTPHEADER,$headers); 
curl_setopt($ch,CURLOPT_URL,'http://www.asdf/login.html');
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_REFERER,'http://sadf/index.html');
curl_setopt($ch,CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11');
$result = curl_exec($ch);
curl_close($ch);

preg_match('/document\.write.{67}/',$result,$match);
$token = trim(str_replace("'); document.write('",'',str_replace("document.write('<input name=\"",'',$match[0])));
echo $result;

//login
$post = "$token=lgn&username=asdf&password=asdf&submit=Submit";
$ch = curl_init();
curl_setopt($ch,CURLOPT_HTTPPROXYTUNNEL,0);
curl_setopt($ch,CURLOPT_PROXY,$proxy);
curl_setopt($ch, CURLOPT_HTTPHEADER,$headers); 
curl_setopt($ch,CURLOPT_URL,'http://www.asfd/login.html');
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_REFERER,'http://asdfa/index.html');
curl_setopt($ch,CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11');
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
$result2 = curl_exec($ch);
curl_close($ch);

echo $result2;
?>```

ghost's Avatar

ghost

0 0

Are you really that dense, Moshbat?

Obviously the other site noticed that my client was cURLing (yes, I can make up words) and then made some form of an authentication on his end to tell if it's a computer or a person. He added a token, which I can easily bypass with just simple regex, but there must be another validation he is using. I can make a request once, which will go through fine, but then when I try again, my IP is blocked.

At first I though he was checking if there were valid headers/user agent/refferer and if that check failed, he would block your IP, but that doesn't seem to be the problem.

Well, that's obviously a code issue.

So yes, Moshbat, there obviously is an issue with the code if it's not doing what is intended. My question is: What could that issue be?


ghost's Avatar

ghost

0 0

Yes, the code itself is working fine, but it's just not doing what I want.

I'd rather not post the URL on the forum, may I PM you?