Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: web form filling bots

From: "Rob" <synja () synfulvisions com>
Date: Thu, 28 Jun 2012 19:07:05 +0000
I've said this several times on this list: If you are going to be in any facet of the IT world, you *must* know the 
basics.

A lot of shell scripting looks complicated, but it isn't. For something like this, it's a simple loop. You can set 
variables by using awk to extract values from lists, then simply call curl (more than once if a session cookie is 
required) and specify the variables to POST, pipe the output somewhere you can parse it ( curl | grep | test or action) 
and then loop around again.

If you work with Linux or UNIX systems you should already be more familiar with this than you realize. Windows and 
VBscript aren't as easy to learn, but batch scripting can do anything that a bash script can, in much the same way. You 
can even install the standard GNU utilities on just about any platform.

The best bit of advice I can give for learning this is to use an editor with syntax highlighting; notepad++ for win32 
and nano for *NIX. I would avoid using Cygwin for script development, I've run into odd issues with variable 
handling... Didn't care enough to actually investigate.


Rob
Sent on the Sprint® Now Network from my BlackBerry®

-----Original Message-----
From: Anwar Khan <anwarrhce () gmail com>
Sender: listbounce () securityfocus com
Date: Thu, 28 Jun 2012 23:05:29 
To: rob siwicki<robert.siwicki () googlemail com>
Cc: <security-basics () securityfocus com>; <pen-test () securityfocus com>
Subject: Re: web form filling bots

I know folks, small python aur bash will do it, but i m not proficient
in writing scripts, please help.



On Thu, Jun 28, 2012 at 11:04 PM, rob siwicki
<robert.siwicki () googlemail com> wrote:

A small python script should do it.

On 28 June 2012 17:17, Anwar Khan <anwarrhce () gmail com> wrote:


Dear All,

Can anyone please suggest any web form filling tool, which automate
the form filling process and write bogus entries.
I have a website which i want to test against this, i just want to see
how things work without capthca, if i rely on POST and Connect.

Please suggest any tool or script.

thnks

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------







-- 
Regards,
Anwar
+91-915-806-9094

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: