Thursday, December 11, 2008

HTTP Header faking - OR: how to login to a page with PHP

How do I login to a (secured) login page via PHP? It's possible, apparently. What we need is to set up the correct HTTP request, by setting the header and field values.

function do_post_request($url, $data, $optional_headers = null)
$params = array('http' => array(
'method' => 'POST',
'content' => $data
if (
$optional_headers !== null) {
$params['http']['header'] = $optional_headers;
$ctx = stream_context_create($params);
$fp = @fopen($url, 'rb', false, $ctx);
if (!
$fp) {
throw new
Exception("Problem with $url, $php_errormsg");
$response = @stream_get_contents($fp);
if (
$response === false) {
throw new
Exception("Problem reading data from $url, $php_errormsg");

This function (found at
gives me a PHP entry point. But how do we actually setup the header - what do we need to fake the Session to believe a User inputted some stuff in the login page?

No comments: