-1

I'm trying to get the CSRF token from raw text, basically, I have a lot of text data on PAGE, I have almost 5-10 CSRF tokens on that page all are the same, I just want to grab one csrf token from text and save into in PHP variable.

<?php

$url = "--";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
preg_match_all('/^x-csrf-token:\s*([^;]*)/mi', $result, $matches);
$cookies = array();
foreach($matches[1] as $item) {
    parse_str($item, $cookie);
    $cookies = array_merge($cookies, $cookie);      
 
}   
$session = $cookies['x-csrf-token'];
echo($session);


?>

Here is the code but it's not working.

TEXT Screen: enter image description here

kashifaws
  • 38
  • 8
  • try `curl_getinfo($ch,CURLINFO_COOKIELIST);` - also [post the damn text, not an image of the text](https://meta.stackoverflow.com/a/285557/1067003). – hanshenrik Mar 25 '22 at 00:42
  • No actually in curl request we got the response header, but actually, I want HTTP request header, and csrf token available in the request so basically I have created a python selenium flask based app and get all request header and passed that app as API in curl and now i;m trying to extract that token from raw html/text form. – kashifaws Mar 25 '22 at 02:21

1 Answers1

2

Your regex doesn't seem related to your sample text.

Specifically:

  • the ^ character matches the start of your text, while your matches are within the text. So this needs to be removed
  • you're missing the encasing quotes ' which are in the original text
  • you're matching [^;]* which means to interrupt when you find a semicolon, but there's no semicolon in your text

Based on the sample text you shared the regex should be

/x-csrf-token',\s*'([^']+)/mi

3v4l example: https://3v4l.org/WjKhb

Andrea Olivato
  • 2,450
  • 1
  • 18
  • 30
  • @hanshenrik I see you edited the regex adding a space component, which works on your example, but I don't see any spaces in the source text provided by OP. – Andrea Olivato Mar 25 '22 at 00:57
  • 1
    [are you sure?](https://i.imgur.com/QpvGKx5.png) - there is 2x pixels between the `'` and `,`, but there's 8x pixels between the `,` and `'`, are you sure the 8x pixels isn't a whitespace? – hanshenrik Mar 25 '22 at 01:04
  • in any case, [shame on OP for posting a picture of text instead of the actual text](https://meta.stackoverflow.com/a/285557/1067003), if he had just posted the text, we wouldn't be having this conversation, and i wouldn't have to compare pixels between characters – hanshenrik Mar 25 '22 at 01:06
  • @hanshenrik wow, I could not see it! Thanks for the edit! – Andrea Olivato Mar 25 '22 at 01:07
  • 2
    you're welcome. also the space might just be a weird font thing instead of an actual whitespace, i'm not 100% sure, but in any case the `\s*` will ignore the whitespace if it exists, but it does nothing if the whitespace does not exist, so it doesn't do any harm ^^ – hanshenrik Mar 25 '22 at 01:23
  • It returning NULL. – kashifaws Mar 25 '22 at 02:17
  • Share the TEXT screen by copying and pasting in your question, so we can test the regex with the actual text – Andrea Olivato Mar 25 '22 at 02:33
  • Here is the entire text, https://justpaste.it/2vvoe – kashifaws Mar 25 '22 at 02:42
  • The proposed regex works: https://regex101.com/r/PTyfOt/1 So you have other issues in you code. What does `var_dump($matches)` return? – Andrea Olivato Mar 25 '22 at 02:45
  • And are you sure `$result` is populated cocrrectly? – Andrea Olivato Mar 25 '22 at 02:46
  • Thanks, Regex is working fine, actually, i have an issue in the flask app, the response is too late so due to the late response, it returns i tested regex on the direct PHP page its works fine. Thanks alot – kashifaws Mar 25 '22 at 02:54
  • 1
    @kashifaws i doubt it's a speed issue. that csrf token `97fd24ce8b604d661421f3e8f90c50d866` is tied to that cookie session `BIAB_AN=c8792143-4b96-44f2-897a-ce6c6c134b88` and won't work with any other cookie session, and you're only extracting the csrf token here, not the associated cookie session. so my best guess is that you're trying to use the csrf token together with the WRONG cookie session. – hanshenrik Mar 25 '22 at 05:28