6
Yesterday I opened a question I was obliged to delete it, because I could not ask correctly. This question I will try to explain it in parts, come on.
1 - I monitored Twitter, following a person, I obtained these protocols:
curl "https://api.twitter.com/1.1/friendships/create.json"
-H "Origin: https://twitter.com"
-H "x-csrf-token: ab9d9188841188d57c1e3e2ed1b90325"
-H "authorization: Bearer AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h^%^2F40K4moUkGsoc^%^3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw"
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8"
-H "Accept: application/json, text/javascript, */*; q=0.01"
-H "Referer: https://twitter.com/pdosilva1020"
-H "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "x-twitter-auth-type: OAuth2Session"
-H "X-Twitter-Active-User: yes"
--data "challenges_passed=false^&handles_challenges=1^&include_blocked_by=true^&include_blocking=true^&include_can_dm=true^&include_followed_by=true^&include_mute_edge=true^&skip_status=true^&user_id=876965710978830337" --compressed &
curl "https://api.twitter.com/1.1/friendships/create.json"
-X OPTIONS -H "access-control-request-method: POST"
-H "origin: https://twitter.com"
-H "accept-encoding: gzip, deflate, br"
-H "accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4"
-H "user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "accept: */*"
-H "referer: https://twitter.com/pdosilva1020"
-H "authority: api.twitter.com"
-H "access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type" --compressed &
curl "https://api.twitter.com/1.1/friendships/create.json"
-H "origin: https://twitter.com"
-H "accept-encoding: gzip, deflate, br"
-H "x-csrf-token: ab9d9188841188d57c1e3e2ed1b90325"
-H "accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4"
-H "authorization: Bearer AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h^%^2F40K4moUkGsoc^%^3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw"
-H "cookie: personalization_id=^\^"v1_AEx3/TzL4vC/TVoRp7A9GQ==^\^"; guest_id=v1^%^3A150404403827902852; ads_prefs=^\^"HBESAAA=^\^"; kdt=qxgHjAztSnnZFJwieBRWJxoVGMibzs2KWwO1pLDF; remember_checked_on=1; twid=^\^"u=876929501132992512^\^"; auth_token=1f334266ebf70a5fe9ec0d01fe33d4192253ec9d; external_referer=OTZIBTkFw3vkkAaSWI6wkvUDrlzaIZB6BnbGZOK1XnQ^%^3D^|0^|8e8t2xd8A2w^%^3D; lang=pt; ct0=ab9d9188841188d57c1e3e2ed1b90325; _ga=GA1.2.1021364707.1504044044; _gid=GA1.2.2049121336.1504044044; _gat=1; dnt=1; _twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo^%^250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCJlMfDJeAToMY3NyZl9p^%^250AZCIlODcyNzQyMDU1OGZlOTdhZWZkMmE2MTM4YTNkNzhlNzE6B2lkIiViZjNl^%^250AN2Y3Y2NjNDM3YWFhNjRjMjdjNzNhMTExMmE5Yw^%^253D^%^253D--a8f7846f97c012459cf7393fdc6a954aac5ee7c3"
-H "x-twitter-auth-type: OAuth2Session"
-H "user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "content-type: application/x-www-form-urlencoded; charset=UTF-8"
-H "accept: application/json, text/javascript, */*; q=0.01"
-H "referer: https://twitter.com/pdosilva1020"
-H "authority: api.twitter.com"
-H "x-twitter-active-user: yes"
--data "challenges_passed=false^&handles_challenges=1^&include_blocked_by=true^&include_blocking=true^&include_can_dm=true^&include_followed_by=true^&include_mute_edge=true^&skip_status=true^&user_id=876965710978830337" --compressed &
Where referer: https://twitter.com/pdosilva1020 was the account that was followed by my.
I managed with this code to follow the person:
$bearer = 'AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h%2F40K4moUkGsoc%3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw';
$followCurlInit = curl_init();
curl_setopt_array($followCurlInit, [
CURLOPT_URL => $this->_url,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_HEADER => true,
CURLOPT_HTTPHEADER => [
'origin: https://twitter.com',
'cookie:' . http_build_query($_COOKIE, '', ';') . ';',
'authorization: Bearer ' . $bearer,
'x-csrf-token: ' . Cookies::get('ct0'),
'Referer: https://twitter.com/pdosilva1020',
'x-twitter-auth-type: OAuth2Session',
'x-twitter-active-user: yes',
],
CURLOPT_POSTFIELDS => http_build_query([
'challenges_passed' => false,
'handles_challenges' => 1,
'include_blocked_by' => true,
'include_blocking' => true,
'include_can_dm' => true,
'include_followed_by' => true,
'include_mute_edge' => true,
'skip_status' => true,
'user_id' => '876965710978830337',
], '', '&', PHP_QUERY_RFC3986),
CURLOPT_USERAGENT => $this->_userAgent,
CURLOPT_COOKIEFILE => $this->_cookieFileLocation,
]
);
$this->_webPage = curl_exec($followCurlInit);
var_dump($this->_webPage);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);
curl_setopt_array($followCurlInit, [
CURLOPT_URL => $this->_url,
CURLOPT_CUSTOMREQUEST => 'OPTIONS',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_HEADER => true,
CURLOPT_HTTPHEADER => [
'origin: https://twitter.com',
'access-control-request-method: POST',
'accept-encoding: gzip, deflate, br',
'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
'accept: */*',
'referer: https://twitter.com/pdosilva1020',
'authority: api.twitter.com',
'access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type',
],
CURLOPT_USERAGENT => $this->_userAgent,
]
);
$this->_webPage = curl_exec($followCurlInit);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);
The goal is to be followed, I have all the cookies ct0
saved in my database
, (fakes accounts), where I recover the ct0
, but there’s a catch,
I get false in this code below, it does not return me anything:
curl_setopt_array($followCurlInit, [
CURLOPT_URL => $this->_url,
CURLOPT_CUSTOMREQUEST => 'OPTIONS',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_HEADER => true,
CURLOPT_HTTPHEADER => [
'origin: https://twitter.com',
'access-control-request-method: POST',
'accept-encoding: gzip, deflate, br',
'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
'accept: */*',
'referer: https://twitter.com/pdosilva1020',
'authority: api.twitter.com',
'access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type',
],
CURLOPT_USERAGENT => $this->_userAgent,
]
);
$this->_webPage = curl_exec($followCurlInit);
var_dump($this->_webPage);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);
I want to understand how these requests work monitored, I know that the cookie ct0
and the user_id
will be used to make me follow. Can anyone help me at least with the doubt of CURL
?
Method
OPTIONS
is expected to return anything at all, just header. Then, it’s not just thect0
that needs, but also theaccess_token
, defined inauthorization
. If you’re trying to "follow yourself" you’ll make a mistake too.– Inkeliz
@Inkeliz, I’ve edited the question.
– user89335
It is not clear what the problem is. You even say "I managed with this code to follow the person", so this code works and there is no problem at all. The last code doesn’t make any sense
OPTIONS
is a pre-fight, that has nothing to do here. "Can anyone help me at least with the CURL question?" Which one is in doubt? If you want to understand the reason for each request? The code that says it works is expected to work, including is the same here, including the PO made the same mistake.– Inkeliz
It works, but I want to be followed and not follow. You understand?
– user89335
So, just reverse the order. This has nothing to do with Curl. If you are the ID
1234
, then just set it inuser_id
and use the other accounts (usingauth_token
, thect0
and the_twitter_sess
) and ready.– Inkeliz
Would you have an example? I tried and I couldn’t.
– user89335
Are you trying to create a follow robot? .
– LeonanCarvalho
It expires no. So much so that if I send you some cookies that were created a couple of months ago you can log into my account.
– user89335
Here’s more about the API. It doesn’t have to be Curl, you can use javascript with ajax, just understand what are the parameters needed to get a response.
– Ivan Ferrer
The request will return in a JSON format for you consume, in php, can be converted with:
$dados_em_array = json_decode($_POST);
the documentation tells what are the parameters you need to send, to get the output you want.– Ivan Ferrer