Solved

How To Set Browser Cookies With Curl

Posted on 2013-01-24
22
2,793 Views
Last Modified: 2013-11-26
I have a curl function as shown below. To load this function i use this <img src="http://site.com/pxl.php?i=1.jpg" height="1" width="1" /> but when i do that cookies dont get added to my browser. Is there a way so that when the curl run on the url i collect the cookies from the url and set it to the browser of using accessing <img src="http://site.com/pxl.php?i=1.jpg" height="1" width="1" />

function get_content($url,$ref)
{
$browser = $_SERVER['HTTP_USER_AGENT'];
$ch = curl_init();

$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$header[] = "Pragma: "; // browsers keep this blank.

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $browser);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $ref);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
$html = curl_exec($ch);
curl_close ($ch);
return $html;
}
0
Comment
Question by:astonishin
  • 7
  • 6
  • 3
  • +2
22 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 125 total points
Comment Utility
No, doesn't work that way.  Cookies are not part of the HTML, they have to be set in the response header.  You could get the values from the curl response header.  But I don't know what good it will do you.  Cookies are only good on the domain that set them.  Even faking the referer like you were talking about doesn't change that.
0
 

Author Comment

by:astonishin
Comment Utility
It can be done you dont understand what i want
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
Ok.
0
 
LVL 12

Expert Comment

by:Mohamed Abowarda
Comment Utility
PHP cURL make request from the server-side not the client-side, so the only way is that you can get information from cURL header and set cookies using your own PHP script.

To grab cookies using cURL:
$ch = curl_init('http://www.website.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
$result = curl_exec($ch);
preg_match('/^Set-Cookie:\s*([^;]*)/mi', $result, $c);
var_dump(parse_url($c[1]));

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Welcome to EE, astonishin.  Here are some general guidelines to make your use of this site more enjoyable and productive for you...

At EE, the experts exchange answers and advice for points.  If you look at the questions awaiting answers in this zone, you will see a lot of 500 point questions.  Your question is competing for the experts' attention among those high-point questions.  So as a matter of simple economics you might be able to envision which questions will get the experts' attention first.   Just a thought.

We are experts, but not mind readers.  Inquiries that are broad, vague and hypothetical may not get answers that are as succinct and effective as inquiries that have actual URLs, complete code examples, and clearly expressed questions.  "It doesn't work" is not an error message.  Whenever possible, please provide the inputs and tell us what you want for the outputs.  An incredibly important concept is the SSCCE; please read the online page and embrace the SSCCE strategy.  If you do not have the SSCCE, stop what you're doing and create one, and post it with your question.  And please accept that sometimes the right answer is, "Don't do that -- it doesn't work that way."

If you want us to be able to share working code, we need you to show us where you have put your test data.  If you have no test data, please create some.  We do not want you to post "live" passwords and such.  Instead, please set up a testbed and show us the links to that, instead of the live data.

We answer questions and provide teaching examples, but we cannot build applications for you.  If you do not understand the basics of computer science and the programming languages involved in your applications, you might be better off to hire a developer.  Often a great deal of trial and error, plus a depth of knowledge and background information is necessary to get a piece of an application working.  The experts will try to help, but sometimes the only reasonable answer is, "Please read the fine manuals" or "Be respectful of your time; don't take a year learning information technology -- hire a professional developer and you'll get good results in a couple of weeks."

All of us who have been at EE for a while have seen questions like, "How do I do 'X' in 'Y' language, and by the way, I do not know anything about 'Y' language."  For some reason we never see anyone ask, "I want to play a piano sonata, and by the way, I have never taken piano lessons."  It is hardly a sin if you do not know a particular programming language -- I do not know most of them -- but it is not reasonable to expect that you will learn a programming language by asking questions in an online forum, any more than you could learn to play the piano by asking questions in an online forum.  Instead your best question might be, "What are good learning resources to get a foundation in 'Y' language?"  We are glad to help with that.

To the particulars of your question: cURL is used to read from a "resource" such as a file or URL.  You might be able to force it to work, but it's not the right tool to set cookies.  PHP setcookie() is used to set a cookie on a browser.  If you set up cURL correctly, you can store browser cookies in a "cookie jar" text file.  Or you can use the $_COOKIE array to see the cookies that the browser returned to your server-side script.

Best regards, ~Ray
0
 

Author Comment

by:astonishin
Comment Utility
I setup it so it stores the cookies in a text file as cookies.txt this works but how do i get those cookies in the user browser? thats what i want to achieve.
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
Comment Utility
Let me try this one again:
PHP setcookie() is used to set a cookie on a browser.
All of the PHP functions are documented in the online man pages.  You can learn more here: http://php.net/manual/en/function.setcookie.php

Best of luck with your project, ~Ray
0
 

Author Comment

by:astonishin
Comment Utility
Im not that good at coding, when i run the curl i get these cookies saved in my cookies.txt how can i put them in browser?
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
The cookies are already on the browser.  The browser can only return cookies that it already has!

If you want to change the values of the cookies, read the cookies.txt file and print it out to see what it looks like.  Then you can modify your script to copy the existing values, change them into anything you want, and put the changed values into the setcookie() function call.  Also, be aware that cookies are HTTP headers and it is a law of HTTP that all headers must come first and be complete before any browser output, so do not leak anything (not even invisible whitespace) to the browser before the setcookie() function completes.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 34

Assisted Solution

by:gr8gonzo
gr8gonzo earned 125 total points
Comment Utility
astonishin, different browsers store their cookies in different locations. Trying to push a cookie into any browser is easier said than done, especially on newer versions of operating systems.

In short, it's going to be nearly impossible to do unless you have complete control over the client-side file system and are running a separate application that can interact with the Win32 API (e.g. Internet Explorer runs in different permission modes).

Trying to push a cookie to the browser via setcookie() will only work on the same domain. For example,  if a user goes to mydomain.com, I cannot create or access cookies for paypal.com. All browsers will disallow this for security purposes.

My guess, based on previous questions, is that you're trying to get cookies from one domain and copy them into the browser (e.g. to enable automatic login), but trust me, this cannot be done reliably.
0
 

Author Comment

by:astonishin
Comment Utility
ok using your example is there a way to fake cookies and make it seem as its from paypal?
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
Comment Utility
No, you cannot set a cookie for a domain other than your own.  And if you find a way to do it, the security forces will find a way to shut it down.  This sort of activity would seem to tread perilously close to criminal fraud; I recommend that you not even attempt to do such a thing.
0
 

Author Comment

by:astonishin
Comment Utility
I need a way to fake referrer to a link load from <img src"lhttp://site.com/file.php">

This is all i want to do.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Any answer we could give you would depend on your background in computer science.  Please tell us a little more about that and about the site you're targeting, and why you want to fake the referrer.  It's possible, but the explanation would be different depending on your depth of knowledge and your application requirement to provide false information to a web site.
0
 

Author Comment

by:astonishin
Comment Utility
Im just a 18 year old self taught programmer, I will be faking the referrer to my own site everything works when i use a iframe to load my php script but when i load with <img> it doesn't work. The reason it doesn't work is because theres html inside the php im loading with <img>. To make it work i tried curl, curl worked great but cookies dont get set in my browser.

The html inside the php is a self submit form that simulates a user click, Is there a way to just remove the form and use $_POST with set variables to simulate user click?


Are you on skype to talk @ray ?
0
 
LVL 34

Expert Comment

by:gr8gonzo
Comment Utility
You should think of cURL as its own separate browser. It has no ties to IE, Firefox, Chrome, or whatever browser you use. Just like Firefox has its own cookies and IE has its own cookies, cURL can also be enabled with cookies, but it needs a file to store the cookie data in. This is specified with the CURLOPT_COOKIEFILE and CURLOPT_COOKIEJAR options. The COOKIEJAR option is for storing the cookies that cURL receives, and COOKIEFILE is for sending the cookie information on subsequent requests, so you can log in and then do additional, authenticated requests. Just set both options to "cookie.txt" or something like that.

curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

But again, this does not set the cookies in your IE/FF/Chrome browser. It simply allows cURL to send and receive cookies like a normal browser does.

You will not be able to set a cookie in your IE/FF/Chrome browser for a different domain. Like Ray and I have both said, this is simply a technical limitation due to security restrictions. If it could be done, there would be a lot more security problems on the internet, and you probably would not have financial services online at all.

If you have a form that you want to programmatically click, you can use Javascript to do that, but your browser is going to fill in the proper referrer.

Out of curiosity, if it's your own site, why are you faking the referrer? When you have control over the source and destination sites, it seems like there should be a lot of other options open here...
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
No, I do not have a Skype account for an offline conversation, and that kind of conversation is contrary to the rules of engagement in the dialog at EE.  And I am suspicious of "faking the referrer" even if that is to your own site.  I recommend that you follow the principles and guidelines that all web developers follow -- clarity of purpose and vision, transparency, openness, etc.

I have to sign off on this question now because it smells funny and potentially deceitful to me.  Best of luck with your project, ~Ray
0
 

Author Comment

by:astonishin
Comment Utility
I've requested that this question be deleted for the following reason:

useless responses didnt help me no answer here
0
 
LVL 34

Expert Comment

by:gr8gonzo
Comment Utility
Objecting to the deletion of the question. Several informative answers were provided. It seems the asker did not like the "you cannot do that" answer and is deleting the question rather than accepting the result.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
This article discusses how to create an extensible mechanism for linked drop downs.
In this tutorial viewers will learn how to style transparent/translucent elements using alpha transparency in CSS Start with a normal styled element, such as a div.: Define its "background-color" property as "rgba (255, 255, 255, .5): The numbers in…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now