Home arrow JavaScript arrow Page 5 - Programmatic POST Requests with JavaScript: Form Emulator in Action
JAVASCRIPT

Programmatic POST Requests with JavaScript: Form Emulator in Action


In the fourth and final part of our series, we examine the form emulator we built in the third part in the context of a practical example that puts the program to work. The form emulator can be used as a simple testing bed to help you build more robust and safer Web applications.

Author Info:
By: Alejandro Gervasio
Rating: 5 stars5 stars5 stars5 stars5 stars / 23
August 03, 2005
TABLE OF CONTENTS:
  1. · Programmatic POST Requests with JavaScript: Form Emulator in Action
  2. · The first step in coding the example: listing the programís functions
  3. · The second step in coding the example: defining the sample files
  4. · The third step in coding the example: running the form emulator program
  5. · The complete form emulator script: listing the full source code

print this article
SEARCH DEVARTICLES

Programmatic POST Requests with JavaScript: Form Emulator in Action - The complete form emulator script: listing the full source code
(Page 5 of 5 )

To finish this tutorial, here is the full code for the form emulator script, including some basic (X)HTML markup and CSS declarations:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
transitional.dtd">

<html>

<head>

<title>Post Http Requests with JavaScript</title>

<script type="text/javascript">

function getXMLHTTPObject(){

    //instantiate new XMLHttpRequest object

    var objhttp=(window.XMLHttpRequest)?new XMLHttpRequest
():new ActiveXObject('Microsoft.XMLHTTP');

    if(!objhttp){return};

    // assign event handler

    objhttp.onreadystatechange=displayStatus;

    // return XMLHttpRequest object

    return objhttp;

}

// function sendRequest

function sendRequest(url,data,method,mode,header){

    // set default values

    if(!url){url='default_url.htm'};

    if(!data){data='defaultdata=defaultvalue'};

    if(!method){method='post'};

    if(!mode){mode=true};

    if(!header){header='Content-Type:application/x-www-form-
urlencoded; charset=UTF-8'};

    // get XMLHttpRequest object

    objhttp=getXMLHTTPObject();

    // open socket connection

    objhttp.open(method,url,mode);

    // set http header

    objhttp.setRequestHeader(header.split(':')
[0],header.split(':')[1]);

    // send data

    objhttp.send(data);

}

// function displayStatus

function displayStatus(){

    // check XMLHttpRequest object status

    if(objhttp.readyState==4){

        // create paragraph elements

        var parStat=document.createElement('p');

        var parText=document.createElement('p');

        var parResp=document.createElement('p');

        // assign ID attributes

        parStat.id='status';

        parText.id='text';

        parResp.id='response';

        // append text nodes

        parStat.appendChild(document.createTextNode
('Status : '+objhttp.status));

        parText.appendChild(document.createTextNode('Status
text : '+objhttp.statusText));

        parResp.appendChild(document.createTextNode
('Document code : '+objhttp.responseText));

        // insert <p> elements into document tree

        document.body.appendChild(parStat);

        document.body.appendChild(parText);

        document.body.appendChild(parResp);

        // get form code

        getFormCode();

    }

}

// function getFormCode

function getFormCode(){

    // create <div> container

    var fdiv=document.createElement('div');

    // append <div> container into document tree

    document.body.appendChild(fdiv);

    // get page code

    var html=objhttp.responseText;

    // insert form code into document tree

    fdiv.innerHTML=html.substring(html.search
(/<form\b/),html.search(/<\/form>/));

    // hide form from being displayed

    fdiv.style.display='none';

}

// function getFormVariables

function getFormVariables(){

    var formvars='';

    var childElements=document.getElementsByTagName('form')
[0].childNodes;

    for(var i=0;i<childElements.length;i++){

        if(/(INPUT|TEXTAREA|SELECT)/.test(childElements[i].nodeName)){

                                   // check if field name contains the string 'email'     

                                    formvars+=(/mail/.test
(childElements[i].getAttribute('name')))?childElements
[i].getAttribute('name')+'='+getRandomEmail()
+'&':childElements[i].getAttribute('name')
+'='+getRandomValue()+'&';

        }

    }

    formvars=formvars.substring(0,formvars.length-1);

    return formvars;

}

// function getFormAction

function getFormAction(){

    var formaction=document.getElementsByTagName('form')
[0].getAttribute('action');

    if(!formaction){return};

    return formaction;

}

// function getRandomValue

function getRandomValue(){

    var chars='abcdefghiklmnopqrstuvwxyz0123456789';

    var rndstring='';

    var strlength=Math.floor(Math.random()*8)+2;

    for(var i=0;i<strlength;i++){

        var rndvalue=Math.floor(Math.random()*chars.length);

        rndstring+=chars.substring(rndvalue,rndvalue+1);

    }

    return rndstring;

}

// function getRandomEmail

function getRandomEmail(){

    return 'johndoe'+getRandomValue()+'@'+getRandomValue()+'.com';

}

window.onload=function(){

    if(document.getElementsByTagName&&document.createElement){

        // send first get request to form page

        sendRequest('post_form.htm','','get',false);

        // send post request every 10 seconds

        setInterval("sendRequest(getFormAction
(),getFormVariables(),'post',true);",10*1000);

    }

}

</script>

<style type="text/css">

h1 {

    font: bold 12px Arial, Helvetica, sans-serif;

    color: #000;

}

p {

    font: normal 11px Arial, Helvetica, sans-serif;

    color: #00f;

}

</style>

</head>

<body>

<h1>Emulating POST form submissions with JavaScript...</h1>

</body>

</html>

With reference to the above code, Iíve basically specified the script to be executed when the page has finished loading, as well as declared a couple of CSS styles for controlling the visual presentation of the information. Quite simple, isnít it?

Conclusion

Over this series, Iíve offered wide-ranging coverage of the real implementation of JavaScript-based http requests as a growing form for attacking websites. The tutorials provided the basics of client-side denial of service attacks, as well as form emulation techniques.

Of course, due to the inherently insecure nature of the Internet, and specifically the Web, numerous attacking techniques are continuously emerging, so the methods described above are only a small piece within this conflictive scenario. Now that youíve been warned, go and build more robust and safer Web programs.


DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

blog comments powered by Disqus
JAVASCRIPT ARTICLES

- Project Nashorn to Make Java, JavaScript Wor...
- JavaScript Virus Attacks Tumblr Blogs
- Google Releases Stable Dart Version, JavaScr...
- Khan Academy Unveils New JavaScript Learning...
- Accessing Nitro? There`s an App for That
- JQuery 2.0 Leaving Older IE Versions Behind
- Fastest JavaScript Engine Might Surprise You
- Microsoft Adjusting Chakra for IE 10
- Brendan Eich: We Don`t Need Google Native Cl...
- An Overview of JavaScript Statements
- An Overview of JavaScript Operators
- Overview of JavaScript Variables
- More of the Top jQuery Social Plugins
- The Top jQuery Social Plugins
- More of the Top jQuery Slider Plugins

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2014 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials