Using PHP cURL to get CSRF-Token from URL and post it to another URL within the same session

Question

I'm trying to create a queue system based on information gathered from supermariomakerbookmark.nintendo.net website. First, I make a GET request in the URL https://supermariomakerbookmark.nintendo.net/courses/7E00-0000-0220-574B to find the CSRF-Token, present in the field:

<meta name="csrf-token" content="xxxxxx">

After that, I need to make a POST request to https://supermariomakerbookmark.nintendo.net/courses/7E00-0000-0220-574B/play_at_later, passing the CSRF-Token and the Cookie in the Header. The cookie is provided by the user, and it is retrieved from the database.

Here is my code:

$cookie = DB::table('CONFIG')->select('cookies')->first()->cookies;

// get csrf token
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://supermariomakerbookmark.nintendo.net/courses/$id");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$html = curl_exec($ch);

$dom = new \DOMDocument();
libxml_use_internal_errors(true);
$dom->loadHTML($html);

$metas = $dom->getElementsByTagName('meta');

for ($i = 0; $i < $metas->length; $i++){
  $meta = $metas->item($i);
  if($meta->getAttribute('name') == 'csrf-token')
    $csrfToken = $meta->getAttribute('content');
}

$headers = array();
$headers[] = "X-CSRF-Token: $csrfToken";
$headers[] = "Cookie: $cookie";

curl_setopt($ch, CURLOPT_URL, "https://supermariomakerbookmark.nintendo.net/courses/$id/play_at_later");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$ret = curl_exec($ch);

But it's not working, The curl POST request is returning a custom 500 error page instead of the 200 OK. I'm executing this code inside a Controller in Laravel.

If I try to make the POST request using Postman, it works. Ant ideia on how to make it work?

Is a curl request returning 500 or is this PHP file itself returning 500? — WillardSolutions, Aug 23 '16 at 17:33
Forgot to mention that, sorry. I'm getting a custom 500 error page as the response of the curl POST request, instead of the 200 OK status that was expected. — Danilo Teixeira Lopes, Aug 23 '16 at 17:41
Probably unrelated, but is your `$cookie` header really supposed to have the same 'X-CSRF-Token' key? — WillardSolutions, Aug 23 '16 at 17:52
That was a typo, I removed it for some testing, and when I putted it back, just copy/paste from the other header. I've updated the code with the right key. But it still doesn't work :/ — Danilo Teixeira Lopes, Aug 23 '16 at 18:28

score 0 · Answer 1 · answered Aug 23 '16 at 18:30

0

I had a similar problem with another webservice. In my case the problem was the name of the header.

Try to change this code and test it:

$headers = array();
$headers[] = "Cookie: X-CSRF-Token=$csrfToken";
$headers[] = "Cookie: X-CSRF-Token=$cookie";

answered Aug 23 '16 at 18:30

James

1,653
2
31
60

Didn´t worked :/ And just an update, I notice that I can only make it work in postman if the Interceptor is activated... Don´t know what else I can try – Danilo Teixeira Lopes Aug 23 '16 at 20:03

Using PHP cURL to get CSRF-Token from URL and post it to another URL within the same session

1 Answers1

Linked