If your script does not work the first time - do not despair - things have
to be exactly right to work. Test your script without any loops, and
hardcode the actual POST string (you'll have to calculate the "content
length" yourself though). Uncomment the part where the HTTP header is
printed - make sure it is exactly right.
Obviously you'll have to check what the results are to be able to parse the
results - you would want to uncomment the part where the results are
returned (it helps when you have a valid username and password in order to
parse a positive result).
Virtual hosted sites. When sending data to virtually hosted sites you'll
have to add a "Host: the_URL" in the HTTP header so that the server know
with which virtually hosted site you are talking to. It is trivially easy to
add this to the above script.
Cookies - they are there no make life a little more difficult. The server
sends a cookie to the client, and the client needs to pass the cookie along
all the time for the request to be valid. The idea is thus to first
"capture" the cookie from the correct URL, and then to pass the cookie along
in the POST request. Hereby is extract from a similar script that uses
cookies:
#---------------discover the cookie
$xtosend=<<EOT
GET /xxx/Logon_access.asp?langind= HTTP/1.0
Connection: Keep-Alive
User-Agent: SensePostData
Host: $posthost
Accept-Charset: iso-8859-1,*,utf-8
EOT
;
$xtosend=~s/\n/\r\n/g;
my @results=sendraw($xtosend);
#---------parse the result for the cookie jar
foreach $line (@results) {
if ($line =~ /Cookie/) {
$line =~ s/ //g;
$line =~ s/;/:/g;
($dummy,$cookie)=split(/:/,$line);
# print "magic cookie=[$cookie]\n";
}
}
#---Get the real request out to the server
$tosend=<<EOT
POST $urlthingy HTTP/1.0
Cookie: $cookie
Content-Length: $plength
Connection: Keep-Alive
User-Agent: SensePostData
Content-Type: application/x-www-form-urlencoded
$poststring
etc.etc.
Trick - set your browser to warn you of incoming cookies, and see if your
script captures all the cookies.
I have found that on some servers the "Connection: Keep-Alive" tag breaks
the script. I fiddled with the HTTP/1.0 / HTTP/1.1 field - sometimes these
two fields needs to be modified. Experiment!
to be exactly right to work. Test your script without any loops, and
hardcode the actual POST string (you'll have to calculate the "content
length" yourself though). Uncomment the part where the HTTP header is
printed - make sure it is exactly right.
Obviously you'll have to check what the results are to be able to parse the
results - you would want to uncomment the part where the results are
returned (it helps when you have a valid username and password in order to
parse a positive result).
Virtual hosted sites. When sending data to virtually hosted sites you'll
have to add a "Host: the_URL" in the HTTP header so that the server know
with which virtually hosted site you are talking to. It is trivially easy to
add this to the above script.
Cookies - they are there no make life a little more difficult. The server
sends a cookie to the client, and the client needs to pass the cookie along
all the time for the request to be valid. The idea is thus to first
"capture" the cookie from the correct URL, and then to pass the cookie along
in the POST request. Hereby is extract from a similar script that uses
cookies:
#---------------discover the cookie
$xtosend=<<EOT
GET /xxx/Logon_access.asp?langind= HTTP/1.0
Connection: Keep-Alive
User-Agent: SensePostData
Host: $posthost
Accept-Charset: iso-8859-1,*,utf-8
EOT
;
$xtosend=~s/\n/\r\n/g;
my @results=sendraw($xtosend);
#---------parse the result for the cookie jar
foreach $line (@results) {
if ($line =~ /Cookie/) {
$line =~ s/ //g;
$line =~ s/;/:/g;
($dummy,$cookie)=split(/:/,$line);
# print "magic cookie=[$cookie]\n";
}
}
#---Get the real request out to the server
$tosend=<<EOT
POST $urlthingy HTTP/1.0
Cookie: $cookie
Content-Length: $plength
Connection: Keep-Alive
User-Agent: SensePostData
Content-Type: application/x-www-form-urlencoded
$poststring
etc.etc.
Trick - set your browser to warn you of incoming cookies, and see if your
script captures all the cookies.
I have found that on some servers the "Connection: Keep-Alive" tag breaks
the script. I fiddled with the HTTP/1.0 / HTTP/1.1 field - sometimes these
two fields needs to be modified. Experiment!
No comments:
Post a Comment