[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POST message

Subject: Re: POST message
From: Heath Raftery <email@hidden>
Date: Tue, 06 Sep 2005 11:43:47 +1000
Delivered-to: email@hidden
Delivered-to: email@hidden

On 06/09/2005, at 3:20 AM, Jan E. Schotsman wrote:

OK, I have downloaded the EtherPeek demo. The "Application Data" for one interesting packet look like this (I have deleted the actual addresses)

Line 1: GET /viewad/404346/houser_wisp_468x60.gif HTTP/1.1.. Line 2: Host: ad. [.........] .net.. Line 3: Connection: keep-alive.. Line 4: Referer: http:// [........] %3Dfast% 26&seltype1=1&pc1=6953%20CA&seltype2=1&pc2=3056%20GG.. Line 5: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.7 (KHTML, like Gecko) Safari/125.12.. Line 6: If-Modified-Since: Thu, 25 Aug 2005 14:20:58 GMT.. Line 7: Accept: */*.. Line 8: Accept-Encoding: gzip, deflate;q=1.0, identity;q=0.5, *;q=0.. Line 9: Accept-Language: en, ja;q=0.92, ja- jp;q=0.96, fr;q=0.88, de-de;q=0.85, de;q=0.81, es;q=0.77, it- it;q=0.73, it;q=0.69, nl-nl;q=0.65, nl;q=0.62, sv-se;q=0.58, sv;q=0.54, no-no;q=0.50, no;q=0.46, da-dk;q=0.42, da;q=0.38, fi- fi;q=0.35, fi;q=0.31.... Premature end of decode

Line 4 looks very much like a URL I could try to download directly! The form data are in there and no inexplicable other data. How do I handle all these % escapes like in %3D etc? Just copy the URL to download like in line 4??

Excellent, halfway there. It may not be important in this case, but the packet you've posted wasn't actually the form submission... it was actually a request for an image (the first line) and the fourth line, a 'Referer', tells the server what page the browser was at that lead it to make the request. Nonetheless, if as you say the form data is all there, then you've got what you need. In that case the form submission was actually a GET request (all form data in URL) not a POST request (form data hidden elsewhere).

So lets break it down:

http:// [........] %3Dfast%26&seltype1=1&pc1=6953% 20CA&seltype2=1&pc2=3056%20GG..

After the address should be a question mark. That separates the address from the form data. Following that are &label=value pairs. The %encodes are used in the label or value parts, and are just ASCII values in hexadecimal. Type man ascii in the Terminal to see a handy chart. The decode of the part you've posted then, is:

=fast& (incomplete)
seltype1 = 1
pc1 = 6953 CA
seltype2 = 1
pc2 = 3056 GG

Easy!

Now all you need to do is figure out what values you want in place of "1", "6953 CA", "1", "3056 GG" and so forth, whack them together in the format you see, construct a HTTP GET request and send it to the server. In case you weren't aware, a nice way to test this is to telnet to port 80 on the webserver in question, and copy-paste the lines of the request (if you try typing manually, the server will probably get sick of waiting and kick you off!).

Depending on what language you are planning on using, it looks like zmorris has posted some handy code to help you out with this, and yeah, watch out for that %20/+ issue. In this case, it looks like you'll get away with using just %20 for a space.

Heath
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macnetworkprog/email@hidden

This email sent to email@hidden

References:
	>POST message (From: "Jan E. Schotsman" <email@hidden>)
	>Re: POST message (From: Heath Raftery <email@hidden>)
	>Re: POST message (From: "Jan E. Schotsman" <email@hidden>)

Prev by Date: Re: POST message
Next by Date: URLEncode and decode [Was: POST message]
Previous by thread: Re: POST message
Next by thread: URLEncode and decode [Was: POST message]
Index(es):
- Date
- Thread

Home