MasterCJ Posted October 17, 2006 Share Posted October 17, 2006 I hate to ask the exact same question in different forums, but here goes!I am writing a PHP script which sends an HTTP client request header to an HTTP server by generating the header with a php scirpt.Some websites that i am submitting these 'forged' headers to have me baffled. They contain, what as far as i can tell, is random data coded into the header and i'm not sure how this is generated or even why.Do you understand HTTP? Then maybe you can help me out!Heres the HTTP client header (one of the many which uses this random technique):[code]http://www.goteach.ca/jobboard/index.pl?postPOST /jobboard/index.pl?post HTTP/1.1Host: www.goteach.caUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Connection: keep-aliveReferer: http://www.goteach.ca/jobboard/index.pl?form=0Content-Type: multipart/form-data; boundary=---------------------------491299511942Content-Length: 537-----------------------------491299511942Content-Disposition: form-data; name="name"TEST-----------------------------491299511942Content-Disposition: form-data; name="email"TEST-----------------------------491299511942Content-Disposition: form-data; name="subject"TEST-----------------------------491299511942Content-Disposition: form-data; name="body"TEST-----------------------------491299511942Content-Disposition: form-data; name="Post"Post Message-----------------------------491299511942--[/code]This HTTP header has the random numbers 491299511942 coded into it.When you submit the EXACT same POST data, the number are always different! For example: 222333444555.The HTTP headers content length is of course affected by this change.What i'm trying to figure out, or at least even get the slightest hint too, is how is this/why is being generated. And if i can go so far, how would i replicate this algorithm?Thanks,MasterCJThe form can found at:http://www.goteach.ca/jobboard/index.pl?form=0and you can get an HTTP header capture plugin for mozilla at:http://livehttpheaders.mozdev.org/installation.html Quote Link to comment Share on other sites More sharing options...
printf Posted October 17, 2006 Share Posted October 17, 2006 the number is a boundary marker that changes with each request, this is a client header and has nothing to do with the server. A boundary indetifier, signifies each part of a multipart document, so each part is a separate entity that makes up the complete multipart document. A multipart HTTP document works the same as a SMTP multi part document, where each entity starts with the boundary marker that has (2) extra (--) befoe it, followed by a single (\r\n) then information header(s), which can contain (type, name and disposition) header(s), followed by (\r\n\r\n) then the content, up to the start of the next boundary indentifier or the ending of the document, (the last) part is ended with (--) on the right hand side of the boundary marker.//header declaration Content-Type: multipart/form-data; boundary=--abc//entity declaration----abcContent-Disposition: form-data; name="name"//content declarationCONTENT//close document declaration----abc--me! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.