How to understand the requisitions required in cURL?

5

Yesterday I opened a question I was forced to erase it, because I could not ask correctly. This question I'll try to explain it in parts, come on.

1 - I monitored Twitter, following a person, I got these protocols:

curl "https://api.twitter.com/1.1/friendships/create.json"
-H "Origin: https://twitter.com"
-H "x-csrf-token: ab9d9188841188d57c1e3e2ed1b90325"
-H "authorization: Bearer AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h^%^2F40K4moUkGsoc^%^3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw"
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8"
-H "Accept: application/json, text/javascript, */*; q=0.01"
-H "Referer: https://twitter.com/pdosilva1020"
-H "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "x-twitter-auth-type: OAuth2Session"
-H "X-Twitter-Active-User: yes"
--data "challenges_passed=false^&handles_challenges=1^&include_blocked_by=true^&include_blocking=true^&include_can_dm=true^&include_followed_by=true^&include_mute_edge=true^&skip_status=true^&user_id=876965710978830337" --compressed &

curl "https://api.twitter.com/1.1/friendships/create.json"
-X OPTIONS -H "access-control-request-method: POST"
-H "origin: https://twitter.com"
-H "accept-encoding: gzip, deflate, br"
-H "accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4"
-H "user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "accept: */*"
-H "referer: https://twitter.com/pdosilva1020"
-H "authority: api.twitter.com"
-H "access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type" --compressed &

curl "https://api.twitter.com/1.1/friendships/create.json"
-H "origin: https://twitter.com"
-H "accept-encoding: gzip, deflate, br"
-H "x-csrf-token: ab9d9188841188d57c1e3e2ed1b90325"
-H "accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4"
-H "authorization: Bearer AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h^%^2F40K4moUkGsoc^%^3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw"
-H "cookie: personalization_id=^\^"v1_AEx3/TzL4vC/TVoRp7A9GQ==^\^"; guest_id=v1^%^3A150404403827902852; ads_prefs=^\^"HBESAAA=^\^"; kdt=qxgHjAztSnnZFJwieBRWJxoVGMibzs2KWwO1pLDF; remember_checked_on=1; twid=^\^"u=876929501132992512^\^"; auth_token=1f334266ebf70a5fe9ec0d01fe33d4192253ec9d; external_referer=OTZIBTkFw3vkkAaSWI6wkvUDrlzaIZB6BnbGZOK1XnQ^%^3D^|0^|8e8t2xd8A2w^%^3D; lang=pt; ct0=ab9d9188841188d57c1e3e2ed1b90325; _ga=GA1.2.1021364707.1504044044; _gid=GA1.2.2049121336.1504044044; _gat=1; dnt=1; _twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo^%^250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCJlMfDJeAToMY3NyZl9p^%^250AZCIlODcyNzQyMDU1OGZlOTdhZWZkMmE2MTM4YTNkNzhlNzE6B2lkIiViZjNl^%^250AN2Y3Y2NjNDM3YWFhNjRjMjdjNzNhMTExMmE5Yw^%^253D^%^253D--a8f7846f97c012459cf7393fdc6a954aac5ee7c3"
-H "x-twitter-auth-type: OAuth2Session"
-H "user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
-H "content-type: application/x-www-form-urlencoded; charset=UTF-8"
-H "accept: application/json, text/javascript, */*; q=0.01"
-H "referer: https://twitter.com/pdosilva1020"
-H "authority: api.twitter.com"
-H "x-twitter-active-user: yes"
--data "challenges_passed=false^&handles_challenges=1^&include_blocked_by=true^&include_blocking=true^&include_can_dm=true^&include_followed_by=true^&include_mute_edge=true^&skip_status=true^&user_id=876965710978830337" --compressed &

Where referer: link was the account that was followed by mine.

I've been able to track the person with this code:

$bearer = 'AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h%2F40K4moUkGsoc%3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw';

$followCurlInit = curl_init();
curl_setopt_array($followCurlInit, [
        CURLOPT_URL                         => $this->_url,
        CURLOPT_CUSTOMREQUEST       => 'POST',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_HEADER                  => true,
        CURLOPT_HTTPHEADER          => [
            'origin: https://twitter.com',
            'cookie:' . http_build_query($_COOKIE, '', ';') . ';',
          'authorization: Bearer ' . $bearer,
          'x-csrf-token: ' . Cookies::get('ct0'),
          'Referer: https://twitter.com/pdosilva1020',
          'x-twitter-auth-type: OAuth2Session',
          'x-twitter-active-user: yes',
        ],
        CURLOPT_POSTFIELDS => http_build_query([
      'challenges_passed'   => false,
      'handles_challenges'  => 1,
      'include_blocked_by'  => true,
      'include_blocking'        => true,
      'include_can_dm'          => true,
      'include_followed_by' => true,
      'include_mute_edge'   => true,
      'skip_status'                 => true,
      'user_id'                         => '876965710978830337',
    ], '', '&', PHP_QUERY_RFC3986),
        CURLOPT_USERAGENT               => $this->_userAgent,
        CURLOPT_COOKIEFILE          => $this->_cookieFileLocation,
    ]
);

$this->_webPage = curl_exec($followCurlInit);
var_dump($this->_webPage);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);

curl_setopt_array($followCurlInit, [
        CURLOPT_URL                         => $this->_url,
        CURLOPT_CUSTOMREQUEST       => 'OPTIONS',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_HEADER                  => true,
        CURLOPT_HTTPHEADER          => [
            'origin: https://twitter.com',
            'access-control-request-method: POST',
            'accept-encoding: gzip, deflate, br',
            'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
            'accept: */*',
            'referer: https://twitter.com/pdosilva1020',
            'authority: api.twitter.com',
            'access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type',
        ],
        CURLOPT_USERAGENT               => $this->_userAgent,
    ]
);

$this->_webPage = curl_exec($followCurlInit);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);

The goal is to be followed, I have all cookies ct0 saved in my database , (fakes accounts), where I retrieve the ct0 , but has a <

I get false in this code below, it does not return anything to me:

curl_setopt_array($followCurlInit, [
        CURLOPT_URL                         => $this->_url,
        CURLOPT_CUSTOMREQUEST       => 'OPTIONS',
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => 2,
        CURLOPT_HEADER                  => true,
        CURLOPT_HTTPHEADER          => [
            'origin: https://twitter.com',
            'access-control-request-method: POST',
            'accept-encoding: gzip, deflate, br',
            'accept-language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4',
            'accept: */*',
            'referer: https://twitter.com/pdosilva1020',
            'authority: api.twitter.com',
            'access-control-request-headers: authorization,x-csrf-token,x-twitter-active-user,x-twitter-auth-type',
        ],
        CURLOPT_USERAGENT               => $this->_userAgent,
    ]
);

$this->_webPage = curl_exec($followCurlInit);
var_dump($this->_webPage);
$this->_status = curl_getinfo($followCurlInit, CURLINFO_HTTP_CODE);

I want to understand how these monitored requests work, I know that cookie ct0 and user_id will be used to make me follow. Can anyone help me at least with the CURL doubt?

    
asked by anonymous 30.08.2017 / 20:41

0 answers