Send POST request with x-amf (Flash) request header

markbse picture markbse · Apr 13, 2011 · Viewed 9.1k times · Source

I'm trying to reproduce a POST request that was captured from WireShark using PHP. This POST request was sent by a Flash (.swf) object, so it's a little bit complicated in configuring the header.

It does not print out anything in the end, so there must be something wrong with PHP code that I could not see.

Here is what WireShark captured:

POST /engine/ HTTP/1.1\r\n
Host: abcdef.com\r\n
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0) Gecko/20100101 Firefox/4.0\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Charset: UTF-8,*\r\n
Keep-Alive: 115\r\n
Connection: keep-alive\r\n
Cookie: __utma=77520967.190998754.1302600802.1302605710.1302693085.3; __utmz=77520967.1302600802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=vqtt7v2l5h10nd06fdsuii49e0; __utmc=77520967
Referer: http://abcdef.com/v2.swf\r\n\r\n
Referer: http://abcdef.com/v2.swf\r\n
Content-Type: application/x-amf\r\n
Content-Length: 50\r\n
\r\n  

Here is the PHP code with info.txt was made by a HEX editor and all info are correct (i.e. 50 bytes, exact HEX content captured by WireShark)

// Get cookie
$ch = curl_init('http://abcdef.com/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
preg_match('/^Set-Cookie: (.*?);/m', curl_exec($ch), $m);

// Read x-amf data
$fileHandle = fopen("info.txt", "rb");
$postdata = stream_get_contents($fileHandle);
fclose($fileHandle);

// Send POST request to server
$opts = array('http' =>
            array(
                'method' => 'POST',
                'header' => "
                    User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0) Gecko/20100101 Firefox/4.0\r\n
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
                    Accept-Language: en-us,en;q=0.5\r\n
                    Accept-Encoding: gzip, deflate\r\n
                    Accept-Charset: UTF-8,*\r\n
                    Keep-Alive: 115\r\n
                    Cookie: ".$m[1]."\r\n
                    Connection: keep-alive\r\n
                    Referer: http://abcdef.com/v2.swf\r\n
                    Content-Type: application/x-amf\r\n
                    Content-Length: 50\r\n",
                'content' => $postdata
            )
        );
$context = stream_context_create($opts);
$result = file_get_contents('http://abcdef.com/engine/', false, $context);
print_r($result);

The result is a blank page instead of response from server.

Answer

markbse picture markbse · Sep 14, 2011

Example Solution:

// Get content of x-amf file (must read in binary mode)
$fileHandle = fopen("info.txt", "rb");
$postdata = stream_get_contents($fileHandle);
fclose($fileHandle);

// Get cookie for CURL
$ch = curl_init('http://abcdef.com/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
preg_match('/^Set-Cookie: (.*?);/m', curl_exec($ch), $m);

// Set headers for CURL (with cookie stored in $m)
$header = array(
            "POST /engine/ HTTP/1.1",
            "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10",
            "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
            "Accept-Language: de, en-gb;q=0.9, en;q=0.8",
            "Accept-Encoding: gzip",
            "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7",
            "Cache-Control: no-cache",
            "Pragma: no-cache",
            "Connection: close",
            "Referer: http://abcdef.com/v2.swf",
            "Content-Type: application/x-amf",
            "Cookie: ".$m[1],
            "Host: abcdef.com",
            "Content-Length: 50",
);

// Set options for CURL
$options = array(
    CURLOPT_HTTPHEADER          => $header,
    CURLOPT_POST                => true,
    CURLOPT_POSTFIELDS          => $postdata,
    CURLOPT_FOLLOWLOCATION      =>true
);

// POST the CURL and enjoy the outcome :)
$ch      = curl_init("http://abcdef.com");
curl_setopt_array( $ch, $options );
$content = curl_exec( $ch );
$err     = curl_errno( $ch );
$errmsg  = curl_error( $ch );
$header  = curl_getinfo( $ch );
curl_close( $ch );