CODE
<?php
// Login Proxy
// v1.0.0
// Author: John Hurliman (Eddy Stryker)
//
// This is a man in the middle "attack" on the TLS encryption used by the
// client to login to Second Life. Set the client to connect to the URL of
// this PHP script with -loginuri http://www.mywebsite.com/thisscript.php.
// The client will initialize an unencrypted (or encrypted, if your address
// is an https) connection to the script, which will forward the POST contents
// from the client to the main grid login server. The reply is sent back to the
// client so a login can be completed. This is useful for comparing values sent
// during login to a packet capture of how the client responds with things
// such as the session_id and secure_session_id
function log_message($message) {
$filename = 'output.txt';
$fp = fopen($filename, "a");
$write = fputs($fp, $message);
fclose($fp);
}
log_message("Transaction initiated from $REMOTE_ADDR (" . strlen($HTTP_RAW_POST_DATA) . " bytes): " . $HTTP_RAW_POST_DATA . "\n");
ob_start();
$ch = curl_init();
$headers[0] = "Accept-Encoding: gzip";
$headers[1] = "Content-Type: text/xml";
curl_setopt($ch, CURLOPT_URL, "https://login.agni.lindenlab.com/cgi-bin/login.cgi");
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_TIMEOUT, 9);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $HTTP_RAW_POST_DATA);
curl_setopt($ch, CURLOPT_POSTFIELDSIZE, strlen($HTTP_RAW_POST_DATA));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
$string = ob_get_contents();
if (curl_errno($ch)) {
log_message("Error: " . curl_error($ch) . "\n");
return;
}
log_message("Server reply: $string\n");
curl_close($ch);
ob_end_clean();
header('Content-type: text/xml');
echo $string;
?>
