-5

I want to get a csrf token from another web's form. I've tried to get that token with cUrl. I guess that was success, but I think the real problem is that another web's form couldn't refresh the Token until the form is well filled and submitted while my web form is always refresh that token every time I refresh the page.

So this is my cUrl code:

<?php
function bacaHTML($url)
{
    // inisialisasi CURL
    $data = curl_init();
    // setting CURL
    curl_setopt($data, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($data, CURLOPT_URL, $url);
    // menjalankan CURL untuk membaca isi file 
    $hasil = curl_exec($data);
    curl_close($data);
    return $hasil;
}

$kodeHTML = bacaHTML('http://bla-bla-bla.id/yeah');
$pecah = explode('<form action="http://bla-bla-bla.id/yeah" name="donasi" id="donasi" method="post">', $kodeHTML);
$pecahLagi = explode('<input type="hidden" name="user_id" id="user_id" value="">', $pecah[1]);

echo $pecahLagi[0];
?>

And i got this

<input type="hidden" name="_token" value="qRIDbrYH4MvFdhIe2sP9Rtp17C6SaDf9quSsbIOH">

But that token is not generated until that web form well filled while in my form was generated as I said before so my form can't pass data to that web form. For your information, that web was builder with Laravel. Can anybody help me? And sorry for my bad English. I'm new to programming

OMR
  • 11,736
  • 5
  • 20
  • 35
Afrodyy
  • 1
  • Well, aren't CSRF tokens meant for not allowing to do what you are trying to do? https://en.m.wikipedia.org/wiki/Cross-site_request_forgery – Maarten Veerman Oct 20 '20 at 05:52
  • If you're using cURL make sure you've set a cookie jar so your cookies persist. Otherwise you generate a new session cookie (and by extension a new CSRF token) on every request. Check out https://curl.haxx.se/docs/http-cookies.html (its for the cURL cli but the idea is the same for PHP as well) – apokryfos Oct 20 '20 at 06:23
  • Also many sites frown upon getting scraped by crawlers (which this could technically qualify as) so be sure to check the other sites terms and conditions before making any code like this live – apokryfos Oct 20 '20 at 06:27
  • Could you explain what's the use case and what are you trying to solve in the bigger picture here? it doesn't sounds like something that people usually do and there might be another solution for your problem other than retrieving the csrf token – morgan9999 Oct 20 '20 at 09:18

1 Answers1

1

hi the right way is disable csrf token on route in

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
       //add route here

    ];
}
Isaac ghorbani
  • 71
  • 3
  • I also think this idea but i want that csrf token too, but my problem was solved and thanks for your idea sir;) – Afrodyy Oct 21 '20 at 07:07