Home arrow JavaScript arrow Page 2 - Programmatic POST Requests with JavaScript: A Functional Form Emulator
JAVASCRIPT

Programmatic POST Requests with JavaScript: A Functional Form Emulator


Welcome to the third part of this series, aimed at explaining specifically how http requests can be used by malicious users to launch attacks against unwarned websites. Since in the previous article I provided you with the core functions for building a JavaScript-based form emulator, this third part will be used to complete the definition for the remaining functions, and set up the basis for making the program fully functional.

Author Info:
By: Alejandro Gervasio
Rating: 4 stars4 stars4 stars4 stars4 stars / 20
July 27, 2005
TABLE OF CONTENTS:
  1. · Programmatic POST Requests with JavaScript: A Functional Form Emulator
  2. · Building a functional script: listing the “getXMLHTTPObject()” and “sendRequest()” functions
  3. · Getting the form’s (X)HTML markup: defining the “getFormCode()” function
  4. · Getting form data: defining the “getFormAction()” and “getFormVariables()” functions
  5. · Generating random data: defining the “getRandomValue()” and “getRandomEmail()” functions

print this article
SEARCH DEVARTICLES

Programmatic POST Requests with JavaScript: A Functional Form Emulator - Building a functional script: listing the “getXMLHTTPObject()” and “sendRequest()” functions
(Page 2 of 5 )

Throughout the previous part of the series, I covered in detail these functions, so I won’t stop long explaining what they do. Essentially, the first function is responsible for instantiating XmlHttpRequest objects each time it’s invoked, while the second one makes http requests to a given server. Retaking the program’s flow, they’re listed below:

// function getXMLHTTPObject

function getXMLHTTPObject(){

    //instantiate new XMLHttpRequest object

    var objhttp=(window.XMLHttpRequest)?new XMLHttpRequest():new ActiveXObject('Microsoft.XMLHTTP');

    if(!objhttp){return};

    // assign event handler

    objhttp.onreadystatechange=displayStatus;

    // return XMLHttpRequest object

    return objhttp;

}

// function sendRequest

function sendRequest(url,data,method,mode,header){

    // set default values

    if(!url){url='default_url.htm'};

    if(!data){data='defaultdata=defaultvalue'};

    if(!method){method='post'};

    if(!mode){mode=true};

    if(!header){header='Content-Type:application/x-www-form-urlencoded; charset=UTF-8'};

    // get XMLHttpRequest object

    objhttp=getXMLHTTPObject();

    // open socket connection

    objhttp.open(method,url,mode);

    // set http header

    objhttp.setRequestHeader(header.split(':')[0],header.split(':')[1]);

    // send data

    objhttp.send(data);

}

As I said before, the above functions implement actually the core logic of the program, because they provide the required functionality to use cross-browser XmlHttpRequest objects, and send http requests to a specific host as well. However, I explained previously that the program was capable of performing additional tasks, such as getting data about the form to be emulated. Thus, over the next section, I’ll define the functions tasked with obtaining the form’s source code, as well as its action attribute along with its field names.


blog comments powered by Disqus
JAVASCRIPT ARTICLES

- Project Nashorn to Make Java, JavaScript Wor...
- JavaScript Virus Attacks Tumblr Blogs
- Google Releases Stable Dart Version, JavaScr...
- Khan Academy Unveils New JavaScript Learning...
- Accessing Nitro? There`s an App for That
- JQuery 2.0 Leaving Older IE Versions Behind
- Fastest JavaScript Engine Might Surprise You
- Microsoft Adjusting Chakra for IE 10
- Brendan Eich: We Don`t Need Google Native Cl...
- An Overview of JavaScript Statements
- An Overview of JavaScript Operators
- Overview of JavaScript Variables
- More of the Top jQuery Social Plugins
- The Top jQuery Social Plugins
- More of the Top jQuery Slider Plugins

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials