Home arrow JavaScript arrow Page 2 - Programmatic POST Requests with JavaScript: Automated Form Submissions
JAVASCRIPT

Programmatic POST Requests with JavaScript: Automated Form Submissions


In the first part of this article series, Alejandro Gervasio explained how the XMLHttpRequest object and be used to generate massive GET requests to a targeted server, in order to launch denial of service attacks. In this article, he shows how http POST requests, commonly used on Web forms to collect user data, can be automated, again leaving your system vulnerable to attack. With the information you learn from this series, you should be able to build more robust and safer Web applications, making your system less of a target.

Author Info:
By: Alejandro Gervasio
Rating: 5 stars5 stars5 stars5 stars5 stars / 42
July 20, 2005
TABLE OF CONTENTS:
  1. · Programmatic POST Requests with JavaScript: Automated Form Submissions
  2. · Automated POST requests: the basics of a JavaScript-based form emulator
  3. · Building the form emulator: defining the core functions “getXMLHTTPObject()” and “sendRequest()”
  4. · Tracking the request’s status: defining the “displayStatus()” function

print this article
SEARCH DEVARTICLES

Programmatic POST Requests with JavaScript: Automated Form Submissions - Automated POST requests: the basics of a JavaScript-based form emulator
(Page 2 of 4 )

To set up the general structure for a JavaScript-based form emulator, first I need to define the program’s core logic. Considering this, I’ll describe below the required functions to implement the application.

Keeping in mind that the program needs to use the functionality of the XMLHttpRequest object, I’ll use the same “getXMLHTTPObject()” function which we used in the first part of this series.

Next, as you might guess, post requests need to be sent to a specific server, so I’ll reuse the same “sendRequest()” function previously written, this time by specifying post data along with the proper http header for emulating form submissions. Also, this function will alternate the http requests either in synchronous or asynchronous mode.

Now that the program has available the above-described functions, I’ll cover in a step-by-step process, the way that a form sending process will be emulated, with the purpose of illustrating each task as clearly as possible.

First, the script will be pointed to a given file that contains the form itself to be submitted. For example, say the program targets an URL that looks like http://www.domain-to-be-hacked/contact/contact.php, where “contact.php” is the file that includes a contact form.

Then, a synchronous get request will be made to this file, for getting its (X)HTML code and obtaining the form action attribute, along with the names of the form fields. If you think about this process, it’s fairly equivalent to clicking on a link that takes you to the given contact form page.

Next, having retrieved the form action (the URL where the form is submitted), as well as the form variables, the program will make a post request to that file, and send the post variables populated with pseudo randomly-generated data.

Finally, as an optional step, subsequent post requests will be made to the same address, each time by sending out random post data.

As you can see, the required steps to automate form submissions can be fairly simply implemented. Therefore you have yet another reason to pay strong attention, as you develop Web programs, to building safer forms and writing robust user input verification code.

Based on the above explained program logic, below is the list of functions tasked with each relevant operation:

// function getXMLHTTPObject - returns instances of the XMLHttpRequest object

function getXMLHTTPObject(){}

// function sendRequest – makes get/post request to a specified URL

function sendRequest(){}

// function displayStatus – display the status of the requests

function displayStatus(){}

// function getFormCode – returns the form page’s (X)HTML code

function getFormCode(){}

// function getFormVariables – returns the form variables

function getFormVariables(){}

// function getFormAction – returns the form action attribute

function getFormAction(){}

// function getRandomValue – return a random string value

function getRandomValue(){}

// function getRandomEmail

function getRandomEmail(){} – returns a pseudo random email address

With all the required functions listed, we can move on and see in detail the code for some of them, as the next stage for turning the program fully functional. Just keep on reading.


blog comments powered by Disqus
JAVASCRIPT ARTICLES

- Project Nashorn to Make Java, JavaScript Wor...
- JavaScript Virus Attacks Tumblr Blogs
- Google Releases Stable Dart Version, JavaScr...
- Khan Academy Unveils New JavaScript Learning...
- Accessing Nitro? There`s an App for That
- JQuery 2.0 Leaving Older IE Versions Behind
- Fastest JavaScript Engine Might Surprise You
- Microsoft Adjusting Chakra for IE 10
- Brendan Eich: We Don`t Need Google Native Cl...
- An Overview of JavaScript Statements
- An Overview of JavaScript Operators
- Overview of JavaScript Variables
- More of the Top jQuery Social Plugins
- The Top jQuery Social Plugins
- More of the Top jQuery Slider Plugins

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials