Home arrow JavaScript arrow Page 4 - Programmatic POST Requests with JavaScript: A Functional Form Emulator
JAVASCRIPT

Programmatic POST Requests with JavaScript: A Functional Form Emulator


Welcome to the third part of this series, aimed at explaining specifically how http requests can be used by malicious users to launch attacks against unwarned websites. Since in the previous article I provided you with the core functions for building a JavaScript-based form emulator, this third part will be used to complete the definition for the remaining functions, and set up the basis for making the program fully functional.

Author Info:
By: Alejandro Gervasio
Rating: 4 stars4 stars4 stars4 stars4 stars / 20
July 27, 2005
TABLE OF CONTENTS:
  1. · Programmatic POST Requests with JavaScript: A Functional Form Emulator
  2. · Building a functional script: listing the “getXMLHTTPObject()” and “sendRequest()” functions
  3. · Getting the form’s (X)HTML markup: defining the “getFormCode()” function
  4. · Getting form data: defining the “getFormAction()” and “getFormVariables()” functions
  5. · Generating random data: defining the “getRandomValue()” and “getRandomEmail()” functions

print this article
SEARCH DEVARTICLES

Programmatic POST Requests with JavaScript: A Functional Form Emulator - Getting form data: defining the “getFormAction()” and “getFormVariables()” functions
(Page 4 of 5 )

As you might guess, getting the value for the form’s action attribute, as well as the field names, is pretty straightforward. First, here is the definition for the “getFormAction()” function, which not surprisingly obtains the form action’s value:

// function getFormAction

function getFormAction(){

    var formaction=document.getElementsByTagName('form')
[0].getAttribute('action');

    if(!formaction){return};

    return formaction;

}

As you can see, the function simply uses the methods provided by the DOM to obtain the URL specified as the form’s action attribute, and returns its value. Here, the scripts makes a rough assumption, by considering that the requested page contains only one form. Anyway, if more forms are coded within the same page, it’s fairly easy to adapt the code for dealing with multiple forms.

Once the program has obtained the URL where the form values will be processed, it needs to get the names of the corresponding fields, which will be populated with random strings. So, here is the list for the “getFormVariables()” function:

// function getFormVariables

function getFormVariables(){

    var formvars='';

    var childElements=document.getElementsByTagName('form')
[0].childNodes;

    for(var i=0;i<childElements.length;i++){

            if(/(INPUT|TEXTAREA|SELECT)/.test(childElements
[i].nodeName)){

// check if field name contains the string 'email'
                                                  formvars+=(/mail/.test(childElements
[i].getAttribute('name')))?childElements
[i].getAttribute('name')+'='+getRandomEmail()
+'&':childElements[i].getAttribute('name')
+'='+getRandomValue()+'&';

            }

    }

    formvars=formvars.substring(0,formvars.length-1);

    return formvars;

}

Basically, what the above function does is obtain the names that correspond to the form fields. As they’re obtained trough a regular loop, they’re populated with random data. Notice that the function roughly attempts to find out if the field’s name contains the string “mail”. In this case, the form variable will be populated with a pseudo randomly-generated email address, which is obtained by calling the “getRandomEmail()” function.

The expression listed above uses either the “getRandomEmail()” function, in the case of having a field that suggests entering an email address, or “getRandomValue()”, for populating other fields. Lastly, the function returns a string in the form of name=value pairs that will be sent as form data.

As I said previously, don’t feel concerned about how those undefined functions look, since they will be reviewed over the next few lines. All you have to do is keep on reading.


blog comments powered by Disqus
JAVASCRIPT ARTICLES

- Project Nashorn to Make Java, JavaScript Wor...
- JavaScript Virus Attacks Tumblr Blogs
- Google Releases Stable Dart Version, JavaScr...
- Khan Academy Unveils New JavaScript Learning...
- Accessing Nitro? There`s an App for That
- JQuery 2.0 Leaving Older IE Versions Behind
- Fastest JavaScript Engine Might Surprise You
- Microsoft Adjusting Chakra for IE 10
- Brendan Eich: We Don`t Need Google Native Cl...
- An Overview of JavaScript Statements
- An Overview of JavaScript Operators
- Overview of JavaScript Variables
- More of the Top jQuery Social Plugins
- The Top jQuery Social Plugins
- More of the Top jQuery Slider Plugins

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials