Penetration Testing mailing list archives
Re: HTTP Manipulation
From: Rogan Dawes <lists@NO_dawes.SPAM_za.net>
Date: Wed, 21 Apr 2004 18:19:37 +0200
Jeremy Junginger wrote:
Hey guys, I'm putting together a perl script to do some HTTP manipulation (Methods, versions, overflow strings, etc), and am having some trouble reading from the socket. From tcpdump, I can see that it is completing the TCP three way handshake, and successfully GETting the default page with a 200 OK response, but I'm not sure how to capture this data from the socket prior to closing it. Could any of you PERL gurus see if I've missed something important here? Thanks,#!c:\Perl\bin\Perl.exeuse CGI qw(:standard); #use strict; use Socket; #Initialize the host, port, and protocols $host = shift||'ip.address.of.remote.host'; $port = shift||80; $proto = getprotobyname('tcp'); #Get the port address $remoteip = inet_aton($host); $remoteport = sockaddr_in($port,$remoteip); #$localhost = pack('S n a4 x8', AF_INET, 0, "\0\0\0\0"); #$remotehost = pack('S n a4 x8', AF_INET, $port, $host); #Create the socket and connect to the port socket(SOCKET,PF_INET,SOCK_STREAM,$proto) or die "socket:$!"; connect(SOCKET,$remoteport) or die "connect:$!"; print SOCKET "GET / HTTP/1.0\n\n";
while (<SOCKET>) { print $_; } You should also rather be doing print SOCKET "GET / HTTP/1.0\r\n\r\n"; according to the RFC'sFor something like this, libwhisker is probably a good starting point, or just use LWP, rather.
Regards Rogan -- Rogan Dawes email: lists AT dawes DOT za DOT net "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." - Gene Spafford ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- HTTP Manipulation Jeremy Junginger (Apr 21)
- Re: HTTP Manipulation Kenneth Peiruza (Apr 21)
- Re: HTTP Manipulation cdowns (Apr 21)
- Re: HTTP Manipulation Rogan Dawes (Apr 21)
- <Possible follow-ups>
- HTTP Manipulation Arthur Clune (Apr 21)