當--data-binary存在於被竄改的資料中時,如何​​使用curl上傳檔案?

tag-icon tag-icon curl
當--data-binary存在於被竄改的資料中時,如何​​使用curl上傳檔案?

我嘗試將文件上傳到一個流行的網站,我使用 Chrome 開發人員工具的「複製為curl」功能篡改了 http POST 請求。當上傳開始時,我得到這個curl指令:

curl 'http://example.com/cgi-bin/upload.pl?upload_id=869ab8e228f7bd92bfaebc6d6bf31470' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Referer: http://example.com/upload.php?action=gallery&gid=0&title=My+precious+car' -H 'Origin: http://example.com' -H 'User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36' -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAh0xuOK8vajmXWbY' --data-binary $'------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="type"\r\n\r\n1\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="gid"\r\n\r\n0\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="title"\r\n\r\nMy precious car\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="resize"\r\n\r\n\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="private"\r\n\r\n\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="cat1"\r\n\r\n24\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="cat2"\r\n\r\n65\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="cat3"\r\n\r\n13\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="upfile_0"; filename="1.zip"\r\nContent-Type: application/zip\r\n\r\n\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY\r\nContent-Disposition: form-data; name="upfile_1"; filename=""\r\nContent-Type: application/octet-stream\r\n\r\n\r\n------WebKitFormBoundaryAh0xuOK8vajmXWbY--\r\n' --compressed

或看這裡:http://pastebin.com/3Jaj0mSs

當我嘗試從命令列使用它時(登入並取得 cookie 和 upload_id 等後),檔案上傳進度不會開始。我嘗試向curl命令“-T 1.zip”或“--data-binary @1.zip”添加選項或將文件名設為“<1.zip”,但沒有成功,我總是收到錯誤訊息:「發送失敗:管道損壞」。檔案名稱 1.zip 位於長命令的「--data-binary」部分的末尾部分。我該怎麼做才能使curl在這種情況下工作並正確完成文件上傳?

答案1

我用Fiddler查看了它,問題是Chrome從它產生的curl請求中刪除了檔案內容。所以你必須把它插回去。

我可以使用它http://www.zippyshare.com/

這是Chrome產生的curl請求

curl "http://www72.zippyshare.com/upload" -H "Origin: http://www.zippyshare.com" -H "Accept-Encoding: gzip,deflate,sdch" -H "Accept-Language: en-US,en;q=0.8" -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36" -H "Content-Type: multipart/form-data; boundary=----------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7" -H "Accept: */*" -H "Referer: http://www.zippyshare.com/" -H "Cookie: __utma=46003887.80665104.1404275690.1404275690.1404275690.1; __utmb=46003887.1.10.1404275690; __utmc=46003887; __utmz=46003887.1404275690.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not"%"20provided); ziplocale=en" -H "Proxy-Connection: keep-alive" --data-binary '------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="Filename"

Giant_Panda_Tai_Shan.jpg
------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="uploadify"

true
------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="embPlayerValues"

null
------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="Filedata"; filename="Giant_Panda_Tai_Shan.jpg"
Content-Type: application/octet-stream


------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="Upload"

Submit Query
------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7--' --compressed

我將資料分成文件所在的兩個部分。

第1部分:

------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="Filename"

Giant_Panda_Tai_Shan.jpg
------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="uploadify"

true
------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="embPlayerValues"

null
------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7
Content-Disposition: form-data; name="Filedata"; filename="Giant_Panda_Tai_Shan.jpg"
Content-Type: application/octet-stream

.

(那個 . 不在末尾,我剛剛添加它是為了讓程式碼區塊識別檔案末尾有兩個空行。)

第2部分:

.
Submit Query
------------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7--

(再次與 。)

您還需要確保檔案採用 CRLF 格式。

現在你可以運行

cat part1.txt Giant_Panda_Tai_Shan.jpg part2.txt > complete

然後運行它

curl "http://www72.zippyshare.com/upload" -H "Referer: http://www.zippyshare.com/" -H "Origin: http://www.zippyshare.com" -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36" -H "Content-Type: multipart/form-data; boundary=----------KM7cH2GI3Ef1gL6GI3ei4Ef1Ij5KM7" --data-binary @complete --compressed

它運行(需要幾秒鐘上傳)並返回 html 確認上傳成功。

相關內容