How to understand the required requests in Curl?

Asked

Viewed 597 times

6

Yesterday I opened a question I was obliged to delete it, because I could not ask correctly. This question I will try to explain it in parts, come on.

1 - I monitored Twitter, following a person, I obtained these protocols:

curl "https://api.twitter.com/1.1/friendships/create.json"
-H "Origin: https://twitter.com"
-H "x-csrf-token: ab9d9188841188d57c1e3e2ed1b90325"
-H "authorization: Bearer AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h^%^2F40K4moUkGsoc^%^3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw"
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8"
-H "Accept: application/json, text/javascript, */*; q=0.01"
-H "Referer: https://twitter.com/pdosilva1020"
-H "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "x-twitter-auth-type: OAuth2Session"
-H "X-Twitter-Active-User: yes"
--data "challenges_passed=false^&handles_challenges=1^&include_blocked_by=true^&include_blocking=true^&include_can_dm=true^&include_followed_by=true^&include_mute_edge=true^&skip_status=true^&user_id=876965710978830337" --compressed &

curl "https://api.twitter.com/1.1/friendships/create.json"
-X OPTIONS -H "access-control-request-method: POST"
-H "origin: https://twitter.com"
-H "accept-encoding: gzip, deflate, br"
-H "accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4"
-H "user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "accept: */*"
-H "referer: https://twitter.com/pdosilva1020"
-H "authority: api.twitter.com"
-H "access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type" --compressed &

curl "https://api.twitter.com/1.1/friendships/create.json"
-H "origin: https://twitter.com"
-H "accept-encoding: gzip, deflate, br"
-H "x-csrf-token: ab9d9188841188d57c1e3e2ed1b90325"
-H "accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4"
-H "authorization: Bearer AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h^%^2F40K4moUkGsoc^%^3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw"
-H "cookie: personalization_id=^\^"v1_AEx3/TzL4vC/TVoRp7A9GQ==^\^"; guest_id=v1^%^3A150404403827902852; ads_prefs=^\^"HBESAAA=^\^"; kdt=qxgHjAztSnnZFJwieBRWJxoVGMibzs2KWwO1pLDF; remember_checked_on=1; twid=^\^"u=876929501132992512^\^"; auth_token=1f334266ebf70a5fe9ec0d01fe33d4192253ec9d; external_referer=OTZIBTkFw3vkkAaSWI6wkvUDrlzaIZB6BnbGZOK1XnQ^%^3D^|0^|8e8t2xd8A2w^%^3D; lang=pt; ct0=ab9d9188841188d57c1e3e2ed1b90325; _ga=GA1.2.1021364707.1504044044; _gid=GA1.2.2049121336.1504044044; _gat=1; dnt=1; _twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo^%^250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCJlMfDJeAToMY3NyZl9p^%^250AZCIlODcyNzQyMDU1OGZlOTdhZWZkMmE2MTM4YTNkNzhlNzE6B2lkIiViZjNl^%^250AN2Y3Y2NjNDM3YWFhNjRjMjdjNzNhMTExMmE5Yw^%^253D^%^253D--a8f7846f97c012459cf7393fdc6a954aac5ee7c3"
-H "x-twitter-auth-type: OAuth2Session"
-H "user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "content-type: application/x-www-form-urlencoded; charset=UTF-8"
-H "accept: application/json, text/javascript, */*; q=0.01"
-H "referer: https://twitter.com/pdosilva1020"
-H "authority: api.twitter.com"
-H "x-twitter-active-user: yes"
--data "challenges_passed=false^&handles_challenges=1^&include_blocked_by=true^&include_blocking=true^&include_can_dm=true^&include_followed_by=true^&include_mute_edge=true^&skip_status=true^&user_id=876965710978830337" --compressed &

Where referer: https://twitter.com/pdosilva1020 was the account that was followed by my.

I managed with this code to follow the person:

$bearer = 'AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h%2F40K4moUkGsoc%3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw';

$followCurlInit = curl_init();
curl_setopt_array($followCurlInit, [
        CURLOPT_URL                         => $this->_url,
        CURLOPT_CUSTOMREQUEST       => 'POST',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_HEADER                  => true,
        CURLOPT_HTTPHEADER          => [
            'origin: https://twitter.com',
            'cookie:' . http_build_query($_COOKIE, '', ';') . ';',
          'authorization: Bearer ' . $bearer,
          'x-csrf-token: ' . Cookies::get('ct0'),
          'Referer: https://twitter.com/pdosilva1020',
          'x-twitter-auth-type: OAuth2Session',
          'x-twitter-active-user: yes',
        ],
        CURLOPT_POSTFIELDS => http_build_query([
      'challenges_passed'   => false,
      'handles_challenges'  => 1,
      'include_blocked_by'  => true,
      'include_blocking'        => true,
      'include_can_dm'          => true,
      'include_followed_by' => true,
      'include_mute_edge'   => true,
      'skip_status'                 => true,
      'user_id'                         => '876965710978830337',
    ], '', '&', PHP_QUERY_RFC3986),
        CURLOPT_USERAGENT               => $this->_userAgent,
        CURLOPT_COOKIEFILE          => $this->_cookieFileLocation,
    ]
);

$this->_webPage = curl_exec($followCurlInit);
var_dump($this->_webPage);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);

curl_setopt_array($followCurlInit, [
        CURLOPT_URL                         => $this->_url,
        CURLOPT_CUSTOMREQUEST       => 'OPTIONS',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_HEADER                  => true,
        CURLOPT_HTTPHEADER          => [
            'origin: https://twitter.com',
            'access-control-request-method: POST',
            'accept-encoding: gzip, deflate, br',
            'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
            'accept: */*',
            'referer: https://twitter.com/pdosilva1020',
            'authority: api.twitter.com',
            'access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type',
        ],
        CURLOPT_USERAGENT               => $this->_userAgent,
    ]
);

$this->_webPage = curl_exec($followCurlInit);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);

The goal is to be followed, I have all the cookies ct0 saved in my database, (fakes accounts), where I recover the ct0, but there’s a catch,

I get false in this code below, it does not return me anything:

curl_setopt_array($followCurlInit, [
        CURLOPT_URL                         => $this->_url,
        CURLOPT_CUSTOMREQUEST       => 'OPTIONS',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_HEADER                  => true,
        CURLOPT_HTTPHEADER          => [
            'origin: https://twitter.com',
            'access-control-request-method: POST',
            'accept-encoding: gzip, deflate, br',
            'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
            'accept: */*',
            'referer: https://twitter.com/pdosilva1020',
            'authority: api.twitter.com',
            'access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type',
        ],
        CURLOPT_USERAGENT               => $this->_userAgent,
    ]
);

$this->_webPage = curl_exec($followCurlInit);
var_dump($this->_webPage);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);

I want to understand how these requests work monitored, I know that the cookie ct0 and the user_id will be used to make me follow. Can anyone help me at least with the doubt of CURL?

  • 1

    Method OPTIONS is expected to return anything at all, just header. Then, it’s not just the ct0 that needs, but also the access_token, defined in authorization. If you’re trying to "follow yourself" you’ll make a mistake too.

  • @Inkeliz, I’ve edited the question.

  • It is not clear what the problem is. You even say "I managed with this code to follow the person", so this code works and there is no problem at all. The last code doesn’t make any sense OPTIONS is a pre-fight, that has nothing to do here. "Can anyone help me at least with the CURL question?" Which one is in doubt? If you want to understand the reason for each request? The code that says it works is expected to work, including is the same here, including the PO made the same mistake.

  • It works, but I want to be followed and not follow. You understand?

  • So, just reverse the order. This has nothing to do with Curl. If you are the ID 1234, then just set it in user_id and use the other accounts (using auth_token, the ct0 and the _twitter_sess) and ready.

  • Would you have an example? I tried and I couldn’t.

  • Are you trying to create a follow robot? .

  • It expires no. So much so that if I send you some cookies that were created a couple of months ago you can log into my account.

  • Here’s more about the API. It doesn’t have to be Curl, you can use javascript with ajax, just understand what are the parameters needed to get a response.

  • The request will return in a JSON format for you consume, in php, can be converted with: $dados_em_array = json_decode($_POST); the documentation tells what are the parameters you need to send, to get the output you want.

Show 5 more comments

1 answer

1

Curl is a way to consume an API or html page, its return is rendered by the browser.

To documentation is describing items that can be provided and accessed:

Curl: is the URL called
-H: are the headers
--date: are the parameters

To access via Curl, you can use a method like this for example:

function simple_cUrl($url, $post = array(), $get = array())
{
  $url = explode('?', $url, 2);
  if (count($url) === 2) {
      $temp_get = array();
      parse_str($url[1], $temp_get);
      $get = array_merge($get, $temp_get);
  }

  $ch = curl_init($url[0] . "?" . http_build_query($get));
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
        curl_setopt($ch, CURLOPT_HEADER, true);
        /* AQUI VOCÊ COLOCA OS HEADERS QUE ELE PEDE:
        -H "Origin: https://twitter.com"
        -H "x-csrf-token: ab9d9188841188d57c1e3e2ed1b90325"
        -H "authorization: Bearer AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h^%^2F40K4moUkGsoc^%^3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw"
        -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8"
        -H "Accept: application/json, text/javascript, *\/*; q=0.01"
        -H "Referer: https://twitter.com/pdosilva1020"
        -H "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
        -H "x-twitter-auth-type: OAuth2Session"
        -H "X-Twitter-Active-User: yes"
        */
         //igual o exemplo abaixo do primeiro -H:
        curl_setopt($ch, CURLOPT_HTTPHEADER, "Origin: https://twitter.com");
        return curl_exec($ch);
}

And consume it by passing the parameters, as the first example:

 $resultado = simple_cUrl('https://api.twitter.com/1.1/friendships/create.json', 
      array(
        'challenges_passed' => false,
        'handles_challenges' => 1,
        'include_blocked_by' => true,
        'include_blocking' => true,
        'include_can_dm' => true,
        'include_mute_edge' => true
      ...etc
     ));

Then, simply collect the data of what was consumed in an array:

$saida_final = json_decode($resultado, true);

  • 2

    Ivan, are you sure Curl has something to do with rendering? I ask because the program serves solely and exclusively to transfer data using Urls (fountain). Unless mistaken, the part where you claim that Curl "renders" something is not correct.

  • True, who renders is the browser, I tried to make it easier to understand, you don’t miss anything even kkkk...

  • 2

    A lot here will serve as a source of knowledge for someone in the future... I think that’s why we learn to be boring here. hahahha

Browser other questions tagged

You are not signed in. Login or sign up in order to post.