Programmatic POST Requests with JavaScript: Automated Form Submissions - Automated POST requests: the basics of a JavaScript-based form emulator

(Page 2 of 4 )

To set up the general structure for a JavaScript-based form emulator, first I need to define the program’s core logic. Considering this, I’ll describe below the required functions to implement the application.

Keeping in mind that the program needs to use the functionality of the XMLHttpRequest object, I’ll use the same “getXMLHTTPObject()” function which we used in the first part of this series.

Next, as you might guess, post requests need to be sent to a specific server, so I’ll reuse the same “sendRequest()” function previously written, this time by specifying post data along with the proper http header for emulating form submissions. Also, this function will alternate the http requests either in synchronous or asynchronous mode.

Now that the program has available the above-described functions, I’ll cover in a step-by-step process, the way that a form sending process will be emulated, with the purpose of illustrating each task as clearly as possible.

First, the script will be pointed to a given file that contains the form itself to be submitted. For example, say the program targets an URL that looks like http://www.domain-to-be-hacked/contact/contact.php, where “contact.php” is the file that includes a contact form.

Then, a synchronous get request will be made to this file, for getting its (X)HTML code and obtaining the form action attribute, along with the names of the form fields. If you think about this process, it’s fairly equivalent to clicking on a link that takes you to the given contact form page.

Next, having retrieved the form action (the URL where the form is submitted), as well as the form variables, the program will make a post request to that file, and send the post variables populated with pseudo randomly-generated data.

Finally, as an optional step, subsequent post requests will be made to the same address, each time by sending out random post data.

As you can see, the required steps to automate form submissions can be fairly simply implemented. Therefore you have yet another reason to pay strong attention, as you develop Web programs, to building safer forms and writing robust user input verification code.

Based on the above explained program logic, below is the list of functions tasked with each relevant operation:

// function getXMLHTTPObject - returns instances of the XMLHttpRequest object

function getXMLHTTPObject(){}

// function sendRequest – makes get/post request to a specified URL

function sendRequest(){}

// function displayStatus – display the status of the requests

function displayStatus(){}

// function getFormCode – returns the form page’s (X)HTML code

function getFormCode(){}

// function getFormVariables – returns the form variables

function getFormVariables(){}

// function getFormAction – returns the form action attribute

function getFormAction(){}

// function getRandomValue – return a random string value

function getRandomValue(){}

// function getRandomEmail

function getRandomEmail(){} – returns a pseudo random email address

With all the required functions listed, we can move on and see in detail the code for some of them, as the next stage for turning the program fully functional. Just keep on reading.

Next: Building the form emulator: defining the core functions “getXMLHTTPObject()” and “sendRequest()” >>
 

More JavaScript Articles
More By Alejandro Gervasio

Comments On: Programmatic POST Requests with JavaScript: Automated Form Submissions

· The second part of the series explains the basics of POST http requests, used widely...    · Hi,Based on your article, I should be able to retrieve the values sent with the...    · Hello,Thanks for the comments.About your question, I've not tested...    · Excellent serie,But, when i try with any compiled page get following error “Acceso...    · Thank you for the kind comments on my Ajax article. Actually, it’s normal to get...   >>> Post your comment now!