Login Proxy

From libopenmetaverse - libomv - Developer Wiki

Jump to: navigation, search

 
<?php
 
// Login Proxy
// v1.0.1
// Author: John Hurliman (Eddy Stryker)
//
// Set the client to connect to the URL of this PHP script with 
// -loginuri http://www.mywebsite.com/thisscript.php
// The client will initialize an unencrypted (or encrypted, if your address
// is an https) connection to the script, which will forward the POST contents
// from the client to the main grid login server. The reply is sent back to the
// client so a login can be completed. This is useful for comparing values sent
// during login to a packet capture of how the client responds with things
// such as the session_id and secure_session_id
 
function log_message($message) {
    $filename = 'output.txt';
    $fp = fopen($filename, "a");
    $write = fputs($fp, $message);
    fclose($fp);
}
 
log_message("Transaction initiated from $REMOTE_ADDR (" . strlen($HTTP_RAW_POST_DATA) . " bytes): " . $HTTP_RAW_POST_DATA . "\n");
 
ob_start();
 
$ch = curl_init();
 
$headers[0] = "Content-Type: text/xml";
 
curl_setopt($ch, CURLOPT_URL, "<a href="https://login.agni.lindenlab.com/cgi-bin/login.cgi">https://login.agni.lindenlab.com/cgi-bin/login.cgi</a>");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_TIMEOUT, 9);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $HTTP_RAW_POST_DATA);
curl_setopt($ch, CURLOPT_POSTFIELDSIZE, strlen($HTTP_RAW_POST_DATA));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, 0);
 
curl_exec($ch);
 
$string = ob_get_contents();
 
if (curl_errno($ch)) {
   log_message("Error: " . curl_error($ch) . "\n");
   return;
}
 
log_message("Server reply: $string\n");
 
curl_close($ch);
ob_end_clean();
 
header('Content-type: text/xml');
echo $string;
 
?>
 


 
<?php
 
// Login Scrubber
// v1.0.0
// Submitted by an anonymous contributor
//
// Customize the $newid0 and $newmac variables below to whatever you like. 
// The result will be an MD5 hash so the input values can be as long or as 
// short as desired.
// Set the client to connect to the URL of this PHP script with 
// -loginuri http://www.mywebsite.com/thisscript.php
// The client will initialize an unencrypted (or encrypted, if your address
// is an https) connection to the script, which will forward the POST contents
// from the client to the main grid login server, modifying two of the fields
// along the way. The reply is sent back to the client so a login can be 
// completed. This code is for research purposes only and shall not be used 
// for any purpose that violates U.S. law or the Second Life Terms of Service.
 
// Values to substitute in for ID0 and MAC fields at login
$newid0 = md5("new id0");
$newmac = md5("new mac");
 
// Substitute in our own ID0 field
$start = strpos($HTTP_RAW_POST_DATA, "<name>id0</name><value><string>") + strlen("<name>id0</name><value><string>");
$id0 = substr($HTTP_RAW_POST_DATA, $start, 32);
$HTTP_RAW_POST_DATA = str_replace($id0, $newid0, $HTTP_RAW_POST_DATA);
 
// Substitute in our own MAC field
$start = strpos($HTTP_RAW_POST_DATA, "<name>mac</name><value><string>") + strlen("<name>mac</name><value><string>");
$mac = substr($HTTP_RAW_POST_DATA, $start, 32);
$HTTP_RAW_POST_DATA = str_replace($mac, $newmac, $HTTP_RAW_POST_DATA);
 
// Turn on output buffering to capture the reply that CURL dumps to output
ob_start();
 
$ch = curl_init();
 
$headers[0] = "Content-Type: text/xml";
 
curl_setopt($ch, CURLOPT_URL, "https://login.agni.lindenlab.com/cgi-bin/login.cgi");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_TIMEOUT, 9);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $HTTP_RAW_POST_DATA);
curl_setopt($ch, CURLOPT_POSTFIELDSIZE, strlen($HTTP_RAW_POST_DATA));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, 0);
 
curl_exec($ch);
 
$string = ob_get_contents();
 
curl_close($ch);
ob_end_clean();
 
// Output the reply with the proper content-type
header('Content-type: text/xml');
echo $string;
 
?>