Login Proxy
From libopenmetaverse - libomv - Developer Wiki
<?php // Login Proxy // v1.0.1 // Author: John Hurliman (Eddy Stryker) // // Set the client to connect to the URL of this PHP script with // -loginuri http://www.mywebsite.com/thisscript.php // The client will initialize an unencrypted (or encrypted, if your address // is an https) connection to the script, which will forward the POST contents // from the client to the main grid login server. The reply is sent back to the // client so a login can be completed. This is useful for comparing values sent // during login to a packet capture of how the client responds with things // such as the session_id and secure_session_id function log_message($message) { $filename = 'output.txt'; $fp = fopen($filename, "a"); $write = fputs($fp, $message); fclose($fp); } log_message("Transaction initiated from $REMOTE_ADDR (" . strlen($HTTP_RAW_POST_DATA) . " bytes): " . $HTTP_RAW_POST_DATA . "\n"); ob_start(); $ch = curl_init(); $headers[0] = "Content-Type: text/xml"; curl_setopt($ch, CURLOPT_URL, "<a href="https://login.agni.lindenlab.com/cgi-bin/login.cgi">https://login.agni.lindenlab.com/cgi-bin/login.cgi</a>"); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_TIMEOUT, 9); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_POSTFIELDS, $HTTP_RAW_POST_DATA); curl_setopt($ch, CURLOPT_POSTFIELDSIZE, strlen($HTTP_RAW_POST_DATA)); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); $string = ob_get_contents(); if (curl_errno($ch)) { log_message("Error: " . curl_error($ch) . "\n"); return; } log_message("Server reply: $string\n"); curl_close($ch); ob_end_clean(); header('Content-type: text/xml'); echo $string; ?>
<?php // Login Scrubber // v1.0.0 // Submitted by an anonymous contributor // // Customize the $newid0 and $newmac variables below to whatever you like. // The result will be an MD5 hash so the input values can be as long or as // short as desired. // Set the client to connect to the URL of this PHP script with // -loginuri http://www.mywebsite.com/thisscript.php // The client will initialize an unencrypted (or encrypted, if your address // is an https) connection to the script, which will forward the POST contents // from the client to the main grid login server, modifying two of the fields // along the way. The reply is sent back to the client so a login can be // completed. This code is for research purposes only and shall not be used // for any purpose that violates U.S. law or the Second Life Terms of Service. // Values to substitute in for ID0 and MAC fields at login $newid0 = md5("new id0"); $newmac = md5("new mac"); // Substitute in our own ID0 field $start = strpos($HTTP_RAW_POST_DATA, "<name>id0</name><value><string>") + strlen("<name>id0</name><value><string>"); $id0 = substr($HTTP_RAW_POST_DATA, $start, 32); $HTTP_RAW_POST_DATA = str_replace($id0, $newid0, $HTTP_RAW_POST_DATA); // Substitute in our own MAC field $start = strpos($HTTP_RAW_POST_DATA, "<name>mac</name><value><string>") + strlen("<name>mac</name><value><string>"); $mac = substr($HTTP_RAW_POST_DATA, $start, 32); $HTTP_RAW_POST_DATA = str_replace($mac, $newmac, $HTTP_RAW_POST_DATA); // Turn on output buffering to capture the reply that CURL dumps to output ob_start(); $ch = curl_init(); $headers[0] = "Content-Type: text/xml"; curl_setopt($ch, CURLOPT_URL, "https://login.agni.lindenlab.com/cgi-bin/login.cgi"); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_TIMEOUT, 9); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_POSTFIELDS, $HTTP_RAW_POST_DATA); curl_setopt($ch, CURLOPT_POSTFIELDSIZE, strlen($HTTP_RAW_POST_DATA)); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); $string = ob_get_contents(); curl_close($ch); ob_end_clean(); // Output the reply with the proper content-type header('Content-type: text/xml'); echo $string; ?>