Getting HTML source to a cross-domain file based on user cookies

SixSence2k3

I am attempting to get the HTML source of a web page on a different domain, but the source is based on the client's cookies they have stored for that site. I've tried using javascript with iframe's and XMLHttpRequests and HTMLHttpRequests, but it's restricted to inside my domain. With php you can get the HTML source of any web page using the file functions, but since its server-sided i don't think I would be able to open the page and get the HTML source based on the users cookies. Is there someway using PHP I don't know about, or mayb combinding javascript and PHP in some sort of AJAX engine?

Any help is greatly appreciated!

Thanks,

SixSence

visualAd

You best option would be to use PHP's Curl library. It is possible to read Set-Cookie headers and send them through the client who is connecting and vice-versa when the client sends another request.

The Curl library handles all this transparently.

SixSence2k3

Thanks for the input visual.

Unfortunately, I can't install the curl lib on the web host I am using =/

visualAd

I haven't forgotten you, I've just been snowed under the last couple of days. Below is a script which intercepts the cookies sent from the server after opening the site using the fopen() function.

It also reads cookies sent back from the client which start with CLIENT__ and sends these along with the request back to the server. This will ensure that the cookie traffic is emulated between the server and the site.

I have used the fopen function rather han fsockopen, as you will not have to worry about sending an HTTP 1.1 request and possibly deal with a chunked response. It also means that it will be compatible with https requests. I've commented where possible, but if there is anything you need explaining, just reply.

<?php
	// look for cookies which we need to send they are prepended with CLIENT__ - create an array of headers
	$cookieList = array();
	foreach($_COOKIE as $name => $value) {
		if (substr($name, 0, 8) == 'CLIENT__') {
			$name = substr($name, 8); //strip CLIENT__ from th cookie name
			$cookieList[] = urlencode($name) . '=' . urlencode($value);
		}
	}
	$cookieList = 'Cookie: ' . implode(";", $cookieList); // merge into a string Cookie: var=value;var=value ...

/* set the user agent and append the query data to this using \r\n */
//privacy programs sometimes block the UA string
$user_agent = @$_SERVER['HTTP_USER_AGENT']?$_SERVER['HTTP_USER_AGENT']:'PHP-Server';
ini_set('user_agent', $user_agent . "\r\n" . $cookieList);

$fp = fopen("http://www.phpbuilder.com/forum/", 'r'); // sendthe request (change as neccessary)
$response = stream_get_meta_data($fp); // this gets other info about the response
$headers = $response['wrapper_data']; // response headers are contained here

foreach($headers as $header) {
	$pos = strpos($header, ':'); // find the position of the first : which siginfies the header name

	if ($pos === false) continue; // bad header?? ignore -- this should never happen

	$headerName = substr($header, 0, $pos);
	$headerValue = substr($header, $pos + 1);


	if ($headerName == 'Set-Cookie') { // look for cookies
		process_cookie($headerValue); 
	}
}

function process_cookie($cookieData)
{
	$cookie = array();

	$cookieData = explode(';', $cookieData); //split the cookie data

	/* each item in the cookieData array should now be a name=value pair
	   the first item is the cookie name and value, these items are urlencoded()
	   and must he decoded before setting the cookie this end
	 */
	$first = true; // the first item is the value - we need to know if this is the first

	foreach($cookieData as $item) {
		$item = trim($item);
		$pos = strpos($item, '='); // find the position of the first = for the item name

		if ($pos === false) continue;	

		$name = substr($item, 0, $pos);
		$value = substr($item, $pos+1);

		if ($first) {
			$first = false;

			/* decode the value and cookie name */
			$cookie['name'] = urldecode($name);
			$cookie['value'] = urldecode($value);
		} else {
			$cookie[$name] = $value;
		}
	}

	/* set the cookie and prepend it with a special value */
	setcookie('CLIENT__' . $cookie['name'], 
	  	   $cookie['value'], 
		   @$cookie['expires']?strtotime($cookie['expires']):null, 
		   @$cookie['path'],
		   $_SERVER['SERVER_NAME'], // cookie domain is always this domain
		   @$cookie['secure']);
}
?>

MarkR

You cannot do that!

Sites have no way of accessing cookies from another site. Period.
Sites cannot read the contents of another site via client-side mechanisms.

These things are obvious security features, when you think about it. Reading another site's cookies would mean that you could log on as them into their gmail, ebay account etc. This would be a major security hole.

Reading content back from a frame / iframe / xmlhttprequest from another domain, would potentially allow you to read content which was private to that user.

Suppose it was an intranet site, that information might not even be public.

Mark

visualAd

That is correct, it is not possibble on the client side, but you can intercept cookies set a site if you proxy the request through a server side script. This doesn't give you access to previously set cookies which are already saved on the client however.

SixSence2k3

so whats the point of doing that. if you use fopen it wont read the site using the cookies the user already has installed on their comp. so your just opening a site with no cookies set yet, so how would the site set a cookie for a username or something like that?

visualAd

SixSence2k3 wrote:
so whats the point of doing that. if you use fopen it wont read the site using the cookies the user already has installed on their comp. so your just opening a site with no cookies set yet, so how would the site set a cookie for a username or something like that?

It has already been pointed out that you cannot do that.

bokehman

The "Javascript sandbox" is there for a very good reason: to stop people like you stealing data that is none of their business.