NTICompass · October 31, 2023 16:05 · Mar 24, 2020 · Mar 23, 2020 · Mar 7, 2016
diff --git a/mandrillDomains.php b/mandrillDomains.php
@@ -99,6 +99,82 @@
 	die("cURL error\n".curl_error($website)."\n");
 }
 curl_close($website);
+
+// MailChimp is doing something "fun",
+// it's returning a form you need to submit... after posting the login form
+$loginForm = new DOMDocument;
+$loginForm->loadHTML(gzdecode($x));
+$formData = $loginForm->getElementsByTagName('form');
+if (count($formData)) {
+    $loginUrl = $formData->item(0)->getAttribute('action');
+    $loginFormData = [];
+
+    foreach ($formData->item(0)->getElementsByTagName('input') as $field) {
+        $loginFormData[$field->getAttribute('name')] = $field->getAttribute('value');
+    }
+
+    $website = curl_init($loginUrl);
+    curl_setopt_array($website, [
+        #CURLOPT_VERBOSE => TRUE,
+        CURLOPT_POST => TRUE,
+        CURLOPT_RETURNTRANSFER => TRUE,
+        CURLOPT_POSTFIELDS => http_build_query($loginFormData),
+        CURLOPT_FOLLOWLOCATION => TRUE,
+        CURLOPT_AUTOREFERER => TRUE,
+        CURLOPT_COOKIEFILE => $siteCookies,
+        CURLOPT_COOKIEJAR => $siteCookies,
+        CURLOPT_REFERER => 'https://login.mailchimp.com/login/post/',
+        CURLOPT_HTTPHEADER => [
+            'Origin: https://login.mailchimp.com',
+            'Accept-Encoding: gzip, deflate',
+        ]
+    ]);
+
+    if(($x = curl_exec($website)) === FALSE){
+        echo "Cannot login to Mandrill\n";
+        die("cURL error\n".curl_error($website)."\n");
+    }
+    curl_close($website);
+
+    // After posting this login form, we redirect to Mandrill
+    // And guess what, another form to post...
+    $mandrillForm = new DOMDocument;
+    $mandrillForm->loadHTML(gzdecode($x));
+    $formData = $mandrillForm->getElementsByTagName('form');
+
+    if (count($formData)) {
+        $adminDomain = parse_url($loginUrl, PHP_URL_HOST);
+        $loginFormData = [];
+
+        foreach ($formData->item(0)->getElementsByTagName('input') as $field) {
+            $loginFormData[$field->getAttribute('name')] = $field->getAttribute('value');
+        }
+
+        $website = curl_init($formData->item(0)->getAttribute('action'));
+        curl_setopt_array($website, [
+            #CURLOPT_VERBOSE => TRUE,
+            CURLOPT_POST => TRUE,
+            CURLOPT_RETURNTRANSFER => TRUE,
+            CURLOPT_POSTFIELDS => http_build_query($loginFormData),
+            CURLOPT_FOLLOWLOCATION => TRUE,
+            CURLOPT_AUTOREFERER => TRUE,
+            CURLOPT_COOKIEFILE => $siteCookies,
+            CURLOPT_COOKIEJAR => $siteCookies,
+            CURLOPT_REFERER => "https://{$adminDomain}/transactional/launch",
+            CURLOPT_HTTPHEADER => [
+                "Origin: https://{$adminDomain}",
+                'Accept-Encoding: gzip, deflate',
+            ]
+        ]);
+
+        if(($x = curl_exec($website)) === FALSE){
+            echo "Cannot login to Mandrill\n";
+            die("cURL error\n".curl_error($website)."\n");
+        }
+        curl_close($website);
+    }
+}
+
 echo "Logged into Mandrill website\n";
 
 echo "Removing domains via website...\n";
@@ -108,7 +184,7 @@
 		'domain' => $domain
 	]);
 
-	$website = curl_init("https://mandrillapp.com/settings/delete-domain?domain={$query}");
+	$website = curl_init("https://mandrillapp.com/settings/delete-domain?{$query}");
 	curl_setopt_array($website, [
 		CURLOPT_HTTPGET => TRUE,
 		CURLOPT_RETURNTRANSFER => TRUE,

diff --git a/mandrillDomains.php b/mandrillDomains.php
@@ -41,10 +41,10 @@
 echo "\nRemoving ".count($badDomains)." domains\n";
 
 
-// Step 3: Login to mandrill's website
+// Step 3: Login to MailChimp's website
 $siteCookies = tempnam(sys_get_temp_dir(), 'mandrill');
 // To do this, we need to scrape the '__csrf_token' from the form
-$login = curl_init('https://mandrillapp.com/');
+$login = curl_init('https://login.mailchimp.com/');
 curl_setopt_array($login, [
 	CURLOPT_HTTPGET => TRUE,
 	CURLOPT_RETURNTRANSFER => TRUE,
@@ -64,36 +64,59 @@
 $web = new DOMDocument;
 libxml_use_internal_errors(TRUE);
 $web->loadHTML(gzdecode($html));
-$csrf = $web->getElementById('__csrf_token')->getAttribute('value');
+$xpath = new DOMXpath($web);
+$csrf_el = $xpath->query("//input[@name='__csrf_token']/@value");
+$csrf = count($csrf_el) > 0 ? $csrf_el->item(0)->nodeValue : '';
 echo "Captured __csrf_token={$csrf}\n";
 
+$website = curl_init('https://login.mailchimp.com/login/post');
+curl_setopt_array($website, [
+	#CURLOPT_VERBOSE => TRUE,
+	CURLOPT_POST => TRUE,
+	CURLOPT_RETURNTRANSFER => TRUE,
+	CURLOPT_POSTFIELDS => http_build_query([
+		'referrer' => '/transactional/launch',
+		'username' => USERNAME,
+		'password' => PASSWORD,
+		'__csrf_token' => $csrf,
+		'from' => '',
+		'auth_token' => '',
+		'auth_system' => '',
+	]),
+	CURLOPT_FOLLOWLOCATION => TRUE,
+	CURLOPT_AUTOREFERER => TRUE,
+	CURLOPT_COOKIEFILE => $siteCookies,
+	CURLOPT_COOKIEJAR => $siteCookies,
+	CURLOPT_REFERER => 'https://login.mailchimp.com/',
+	CURLOPT_HTTPHEADER => [
+		'Origin: https://login.mailchimp.com',
+		'Accept-Encoding: gzip, deflate',
+	]
+]);
+
+if(($x = curl_exec($website)) === FALSE){
+	echo "Cannot login to Mandrill\n";
+	die("cURL error\n".curl_error($website)."\n");
+}
+curl_close($website);
+echo "Logged into Mandrill website\n";
+
 echo "Removing domains via website...\n";
 foreach($badDomains as $domain){
 	echo "\t{$domain}...";
 	$query = http_build_query([
 		'domain' => $domain
 	]);
 
-	$website = curl_init('https://mandrillapp.com/login/post');
+	$website = curl_init("https://mandrillapp.com/settings/delete-domain?domain={$query}");
 	curl_setopt_array($website, [
-		#CURLOPT_VERBOSE => TRUE,
-		CURLOPT_POST => TRUE,
+		CURLOPT_HTTPGET => TRUE,
 		CURLOPT_RETURNTRANSFER => TRUE,
-		CURLOPT_POSTFIELDS => http_build_query([
-			'referrer' => "/settings/delete-domain?{$query}",
-			'username' => USERNAME,
-			'password' => PASSWORD,
-			'__csrf_token' => $csrf
-		]),
 		CURLOPT_FOLLOWLOCATION => TRUE,
 		CURLOPT_AUTOREFERER => TRUE,
 		CURLOPT_COOKIEFILE => $siteCookies,
 		CURLOPT_COOKIEJAR => $siteCookies,
-		CURLOPT_REFERER => 'https://mandrillapp.com/login/',
-		CURLOPT_HTTPHEADER => [
-			'Origin: https://mandrillapp.com',
-			'Accept-Encoding: gzip, deflate',
-		]
+		CURLOPT_REFERER => 'https://mandrillapp.com/settings/sending-domains',
 	]);
 
 	if(($x = curl_exec($website)) === FALSE){

diff --git a/mandrillDomains.php b/mandrillDomains.php
@@ -0,0 +1,106 @@
+<?php
+// Quick and dirty script to remove spam domains from our mandrill account
+define('API_KEY', '');
+// Their API doesn't offer a "delete" method, so I'm using their website
+define('USERNAME', '');
+define('PASSWORD', '');
+
+echo 'Downloading domain list...';
+// Step 1, get all "sending domains" via their API
+$jsonKey = json_encode(['key' => API_KEY]);
+$api = curl_init('https://mandrillapp.com/api/1.0/senders/domains.json');
+curl_setopt_array($api, [
+	CURLOPT_POST => TRUE,
+	CURLOPT_RETURNTRANSFER => TRUE,
+	CURLOPT_POSTFIELDS => $jsonKey,
+	CURLOPT_HTTPHEADER => [
+		'Content-type: application/json',
+		'Content-length: '.strlen($jsonKey)
+	]
+]);
+
+if(($jsonDomains = curl_exec($api)) === FALSE){
+	die("cURL error\n".curl_error($api)."\n");
+}
+echo "done.\n";
+$domains = json_decode($jsonDomains, TRUE);
+curl_close($api);
+echo count($domains)." domains found\n";
+
+// Step 2: Filter out *valid* domains!
+echo "\n";
+$badDomains = [];
+foreach($domains as $domain){
+	if($domain['spf']['valid'] || $domain['dkim']['valid'] || $domain['valid_signing']){
+		echo "Keeping {$domain['domain']}\n";
+	}
+	else{
+		$badDomains[] = $domain['domain'];
+	}
+}
+echo "\nRemoving ".count($badDomains)." domains\n";
+
+
+// Step 3: Login to mandrill's website
+$siteCookies = tempnam(sys_get_temp_dir(), 'mandrill');
+// To do this, we need to scrape the '__csrf_token' from the form
+$login = curl_init('https://mandrillapp.com/');
+curl_setopt_array($login, [
+	CURLOPT_HTTPGET => TRUE,
+	CURLOPT_RETURNTRANSFER => TRUE,
+	CURLOPT_FOLLOWLOCATION => TRUE,
+	CURLOPT_AUTOREFERER => TRUE,
+	CURLOPT_COOKIEFILE => $siteCookies,
+	CURLOPT_COOKIEJAR => $siteCookies,
+	CURLOPT_HTTPHEADER => [
+		'Accept-Encoding: gzip, deflate',
+	]
+]);
+if(($html = curl_exec($login)) === FALSE){
+	die("cURL error\n".curl_error($login)."\n");
+}
+curl_close($login);
+
+$web = new DOMDocument;
+libxml_use_internal_errors(TRUE);
+$web->loadHTML(gzdecode($html));
+$csrf = $web->getElementById('__csrf_token')->getAttribute('value');
+echo "Captured __csrf_token={$csrf}\n";
+
+echo "Removing domains via website...\n";
+foreach($badDomains as $domain){
+	echo "\t{$domain}...";
+	$query = http_build_query([
+		'domain' => $domain
+	]);
+
+	$website = curl_init('https://mandrillapp.com/login/post');
+	curl_setopt_array($website, [
+		#CURLOPT_VERBOSE => TRUE,
+		CURLOPT_POST => TRUE,
+		CURLOPT_RETURNTRANSFER => TRUE,
+		CURLOPT_POSTFIELDS => http_build_query([
+			'referrer' => "/settings/delete-domain?{$query}",
+			'username' => USERNAME,
+			'password' => PASSWORD,
+			'__csrf_token' => $csrf
+		]),
+		CURLOPT_FOLLOWLOCATION => TRUE,
+		CURLOPT_AUTOREFERER => TRUE,
+		CURLOPT_COOKIEFILE => $siteCookies,
+		CURLOPT_COOKIEJAR => $siteCookies,
+		CURLOPT_REFERER => 'https://mandrillapp.com/login/',
+		CURLOPT_HTTPHEADER => [
+			'Origin: https://mandrillapp.com',
+			'Accept-Encoding: gzip, deflate',
+		]
+	]);
+
+	if(($x = curl_exec($website)) === FALSE){
+		echo "Cannot remove {$domain}\n";
+		die("cURL error\n".curl_error($website)."\n");
+	}
+	curl_close($website);
+	echo "done\n";
+}
+echo "\ndone\n";