Re: POST message
Re: POST message
- Subject: Re: POST message
- From: Heath Raftery <email@hidden>
- Date: Tue, 06 Sep 2005 11:43:47 +1000
On 06/09/2005, at 3:20 AM, Jan E. Schotsman wrote:
OK, I have downloaded the EtherPeek demo. The "Application Data"
for one interesting packet look like this (I have deleted the
actual addresses)
Line 1: GET /viewad/404346/houser_wisp_468x60.gif
HTTP/1.1..
Line 2: Host: ad. [.........] .net..
Line 3: Connection: keep-alive..
Line 4: Referer: http:// [........] =fast%
26&seltype1=1&pc1=6953 CA&seltype2=1&pc2=3056 GG..
Line 5: User-Agent: Mozilla/5.0 (Macintosh; U; PPC
Mac OS X; en) AppleWebKit/125.5.7 (KHTML, like Gecko) Safari/125.12..
Line 6: If-Modified-Since: Thu, 25 Aug 2005
14:20:58 GMT..
Line 7: Accept: */*..
Line 8: Accept-Encoding: gzip, deflate;q=1.0,
identity;q=0.5, *;q=0..
Line 9: Accept-Language: en, ja;q=0.92, ja-
jp;q=0.96, fr;q=0.88, de-de;q=0.85, de;q=0.81, es;q=0.77, it-
it;q=0.73, it;q=0.69, nl-nl;q=0.65, nl;q=0.62, sv-se;q=0.58,
sv;q=0.54, no-no;q=0.50, no;q=0.46, da-dk;q=0.42, da;q=0.38, fi-
fi;q=0.35, fi;q=0.31....
Premature end of decode
Line 4 looks very much like a URL I could try to download directly!
The form data are in there and no inexplicable other data.
How do I handle all these % escapes like in = etc? Just copy the
URL to download like in line 4??
Excellent, halfway there. It may not be important in this case, but
the packet you've posted wasn't actually the form submission... it
was actually a request for an image (the first line) and the fourth
line, a 'Referer', tells the server what page the browser was at that
lead it to make the request. Nonetheless, if as you say the form data
is all there, then you've got what you need. In that case the form
submission was actually a GET request (all form data in URL) not a
POST request (form data hidden elsewhere).
So lets break it down:
http:// [........] =fast&&seltype1=1&pc1=6953%
20CA&seltype2=1&pc2=3056 GG..
After the address should be a question mark. That separates the
address from the form data. Following that are &label=value pairs.
The %encodes are used in the label or value parts, and are just ASCII
values in hexadecimal. Type man ascii in the Terminal to see a handy
chart. The decode of the part you've posted then, is:
=fast& (incomplete)
seltype1 = 1
pc1 = 6953 CA
seltype2 = 1
pc2 = 3056 GG
Easy!
Now all you need to do is figure out what values you want in place of
"1", "6953 CA", "1", "3056 GG" and so forth, whack them together in
the format you see, construct a HTTP GET request and send it to the
server. In case you weren't aware, a nice way to test this is to
telnet to port 80 on the webserver in question, and copy-paste the
lines of the request (if you try typing manually, the server will
probably get sick of waiting and kick you off!).
Depending on what language you are planning on using, it looks like
zmorris has posted some handy code to help you out with this, and
yeah, watch out for that /+ issue. In this case, it looks like
you'll get away with using just for a space.
Heath
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden