Jump to content


Photo

HTTP and PHP


  • Please log in to reply
1 reply to this topic

#1 MasterCJ

MasterCJ
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 17 October 2006 - 08:04 PM

I hate to ask the exact same question in different forums, but here goes!

I am writing a PHP script which sends an HTTP client request header to an HTTP server by generating the header with a php scirpt.

Some websites that i am submitting these 'forged' headers to have me baffled. They contain, what as far as i can tell, is random data coded into the header and i'm not sure how this is generated or even why.

Do you understand HTTP? Then maybe you can help me out!

Heres the HTTP client header (one of the many which uses this random technique):

http://www.goteach.ca/jobboard/index.pl?post

POST /jobboard/index.pl?post HTTP/1.1
Host: www.goteach.ca
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.goteach.ca/jobboard/index.pl?form=0
Content-Type: multipart/form-data; boundary=---------------------------491299511942
Content-Length: 537
-----------------------------491299511942
Content-Disposition: form-data; name="name"

TEST
-----------------------------491299511942
Content-Disposition: form-data; name="email"

TEST
-----------------------------491299511942
Content-Disposition: form-data; name="subject"

TEST
-----------------------------491299511942
Content-Disposition: form-data; name="body"

TEST
-----------------------------491299511942
Content-Disposition: form-data; name="Post"

Post Message
-----------------------------491299511942--


This HTTP header has the random numbers 491299511942 coded into it.

When you submit the EXACT same POST data, the number are always different! For example: 222333444555.

The HTTP headers content length is of course affected by this change.

What i'm trying to figure out, or at least even get the slightest hint too, is how is this/why is being generated. And if i can go so far, how would i replicate this algorithm?


Thanks,

MasterCJ

The form can found at:
http://www.goteach.c...index.pl?form=0

and you can get an HTTP header capture plugin for mozilla at:
http://livehttpheade...stallation.html

#2 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 17 October 2006 - 09:02 PM

the number is a boundary marker that changes with each request, this is a client header and has nothing to do with the server. A boundary indetifier, signifies each part of a multipart document, so each part is a separate entity that makes up the complete multipart document. A multipart HTTP document works the same as a SMTP multi part document, where each entity starts with the boundary marker that has (2) extra (--) befoe it, followed by a single (\r\n) then information header(s), which can contain (type, name and disposition) header(s), followed by (\r\n\r\n) then the content, up to the start of the next boundary indentifier or the ending of the document, (the last) part is ended with (--) on the right hand side of the boundary marker.

//header declaration
Content-Type: multipart/form-data; boundary=--abc

//entity declaration
----abc
Content-Disposition: form-data; name="name"

//content declaration
CONTENT

//close document declaration
----abc--


me!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users