Завиток странного поведения (скорее из отрыжки) - PullRequest
Новая
       112

Завиток странного поведения (скорее из отрыжки)

0 голосов
/ 30 января 2020

Я пытаюсь использовать CURL (cygwin на windows 7) для отправки команды POST, но я получаю другой ответ от сервера, когда использую CURL, а не BURP SUITE. Правильный ответ от сервера должен быть

"HTTP / 1.1 302 Moved Temporary"

(получено при использовании Burp Suite).

Можете ли вы помочь мне чтобы понять, почему это другой ответ?

POST COMMAND от BURP SUITE 

POST /index.php?a=command1 HTTP/1.1
Host: site.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
Origin: https://site.biz
DNT: 1
Connection: close
Referer: https://site.biz/index.php?a=command1
Cookie: __cfduid=d2ec6dbbac5a4ddc3e824f3f63c584f391580371308; PHPSESSID=f4vtc8brjc55hblv69md3517v4; password=7842-41377d3275f5880983553f0a48eea221; password2=7842-41377d3275f5880983553f0a48eea221
Upgrade-Insecure-Requests: 1

form_id=15803714778110&form_token=98000f05c38a3d42e1241934be3f9ea4&a=command1&action=command2&value=0.78&ec=18&comment=&transaction_code=9090

ПРАВИЛЬНЫЙ ответ от SERVER 

HTTP/1.1 302 Moved Temporarily
Date: Thu, 30 Jan 2020 08:05:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: ?a=command1&say=processed&batch=300321401
Vary: User-Agent
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 55d1f0728d20f91f-MXP
Content-Length: 0

POST COMMAND от CURL 

POST /index.php?a=command1 HTTP/1.1
Host: site.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
Origin: https://site.biz
DNT: 1
Connection: close
Referer: https://site.biz/index.php?a=command1
Cookie: __cfduid=d2ec6dbbac5a4ddc3e824f3f63c584f391580371308; PHPSESSID=f4vtc8brjc55hblv69md3517v4; password=7842-c7d5860c8b9802b6c297e9f4883e7d3f; password2=7842-c7d5860c8b9802b6c297e9f4883e7d3f
Upgrade-Insecure-Requests: 1

form_id=15803714778110&form_token=98000f05c38a3d42e1241934be3f9ea4&a=command1&action=command2&value=0.13&ec=18&comment=&transaction_code=9090

НЕПРАВИЛЬНЫЙ Ответ СЕРВЕРА 

HTTP/1.1 200 OK
Date: Thu, 30 Jan 2020 10:18:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 55d2b464b8f8e907-MXP
Content-Length: 16842
...