HTTP Manipulation

From: Jeremy Junginger (jj_at_act.com)
Date: 04/20/04

  • Next message: Hidenobu Seki: "BeatLM for LEAP" 
    To: <pen-test@securityfocus.com>
Date: Tue, 20 Apr 2004 11:14:51 -0700

    Hey guys,

    I'm putting together a perl script to do some HTTP manipulation (Methods,
    versions, overflow strings, etc), and am having some trouble reading from the
    socket. From tcpdump, I can see that it is completing the TCP three way
    handshake, and successfully GETting the default page with a 200 OK response,
    but I'm not sure how to capture this data from the socket prior to closing
    it. Could any of you PERL gurus see if I've missed something important here?
    Thanks,
     
    #!c:\Perl\bin\Perl.exe
    use CGI qw(:standard);
    #use strict;
    use Socket;

    #Initialize the host, port, and protocols
    $host = shift||'ip.address.of.remote.host';
    $port = shift||80;
    $proto = getprotobyname('tcp');

    #Get the port address
    $remoteip = inet_aton($host);
    $remoteport = sockaddr_in($port,$remoteip);

    #$localhost = pack('S n a4 x8', AF_INET, 0, "\0\0\0\0");
    #$remotehost = pack('S n a4 x8', AF_INET, $port, $host);

    #Create the socket and connect to the port
    socket(SOCKET,PF_INET,SOCK_STREAM,$proto) or die "socket:$!";
    connect(SOCKET,$remoteport) or die "connect:$!";

    print SOCKET "GET / HTTP/1.0\n\n";

    select(SOCK); $| = 1; select(STDOUT);

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------

  • Next message: Hidenobu Seki: "BeatLM for LEAP"

    Relevant Pages

    • Re: HTTP Manipulation
      ... > I'm putting together a perl script to do some HTTP manipulation (Methods, ... > but I'm not sure how to capture this data from the socket prior to closing ... > #Initialize the host, port, and protocols ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Pen-Test)
    • Re: HTTP Manipulation
      ... > I'm putting together a perl script to do some HTTP manipulation (Methods, ... > but I'm not sure how to capture this data from the socket prior to closing ... > #Initialize the host, port, and protocols ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Pen-Test)
    • .Net Socket closing too early
      ... Currently it's talking to a Perl script under Linux. ... I rewrote the Perl script receiver as a .Net application in C#. ... There is a "socket closed by remote host" ...
      (microsoft.public.dotnet.framework)
    • Re: Problem with socket
      ... Be aware that those port numbers are part of the IANA-assigned range. ... socket operations on sockets for which there are no handles... ... The result of using comma lists is ... you have used the completely meaningless word "crash" to describe your ...
      (microsoft.public.vc.mfc)
    • RE: call is blocked in recvfrom() and no further proceedings in Win CE
      ... In windows CE, I'm able to send a request but I'm unable to receive it. ... Create another socket & bind with server IP address. ... > My program has to send request to service through port 5070(in this port only ...
      (microsoft.public.windowsce.embedded)