Programmatic POST Requests with JavaScript: Automated Form Submissions - Tracking the request’s status: defining the “displayStatus()” function
(Page 4 of 4 )
Certainly, the program needs to be capable of tracking the status of the current http request. For doing that, I’ve defined the “displayStatus()” function, useful for tracking the request status. Its code looks like this:
// function displayStatus
function displayStatus(){
// check XMLHttpRequest object status
if(objhttp.readyState==4){
// create paragraph elements
var parStat=document.createElement('p');
var parText=document.createElement('p');
var parResp=document.createElement('p');
// assign ID attributes
parStat.id='status';
parText.id='text';
parResp.id='response';
// append text nodes
parStat.appendChild(document.createTextNode('Status : '+objhttp.status));
parText.appendChild(document.createTextNode('Status text : '+objhttp.statusText));
parResp.appendChild(document.createTextNode('Document code : '+objhttp.responseText));
// insert <p> elements into document tree
document.body.appendChild(parStat);
document.body.appendChild(parText);
document.body.appendChild(parResp);
}
}
The task that the above function must perform is simply to verify the status of the XMLHttpRequest object, by checking the value of the “readyState” property. Once the request has been completed, the function will append dynamically three regular paragraphs to the document tree, in order to display basic information about the status of the request.
As you can see, the values for the “status”, “statusText” and “responseText” properties are displayed, useful for tracking the server response. In particular, I’ve defined this function to show information in a rather rough way, but it might be improved by adding a more polished look and feel.
At this point, I’ve specified generically the complete set of functions that composes the JavaScript program to generate post form submissions. Aside from exposing in detail the core logic of the script, the key functions have been covered, in order to get an accurate idea about how http requests can be handled in the background, as a transparent execution process.
Certainly, there are a few functions that need to be deeply reviewed yet, to complete the program and make it fully functional. Also, a working example is definitely highly desired, so you can see how a visitor with bad intentions may use this technique for firing attacks, by exploiting the fairly weak structure present in Web forms.
Wrapping up
In the next part of the series, I’ll be covering all of the above mentioned topics, by providing you with all of the makings of a functional JavaScript-based form emulator. Since the logic of the program is based on real hacking techniques, I strongly encourage you to pay close attention to the concepts explained here. It never hurts to learn; you can then take what you learned here and translate it into building more robust and safer web applications.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 23 
