Jump to content

Archived

This topic is now archived and is closed to further replies.

MasterCJ

HTTP and PHP

Recommended Posts

I hate to ask the exact same question in different forums, but here goes!

I am writing a PHP script which sends an HTTP client request header to an HTTP server by generating the header with a php scirpt.

Some websites that i am submitting these 'forged' headers to have me baffled. They contain, what as far as i can tell, is random data coded into the header and i'm not sure how this is generated or even why.

Do you understand HTTP? Then maybe you can help me out!

Heres the HTTP client header (one of the many which uses this random technique):

[code]
http://www.goteach.ca/jobboard/index.pl?post

POST /jobboard/index.pl?post HTTP/1.1
Host: www.goteach.ca
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.goteach.ca/jobboard/index.pl?form=0
Content-Type: multipart/form-data; boundary=---------------------------491299511942
Content-Length: 537
-----------------------------491299511942
Content-Disposition: form-data; name="name"

TEST
-----------------------------491299511942
Content-Disposition: form-data; name="email"

TEST
-----------------------------491299511942
Content-Disposition: form-data; name="subject"

TEST
-----------------------------491299511942
Content-Disposition: form-data; name="body"

TEST
-----------------------------491299511942
Content-Disposition: form-data; name="Post"

Post Message
-----------------------------491299511942--
[/code]


This HTTP header has the random numbers 491299511942 coded into it.

When you submit the EXACT same POST data, the number are always different! For example: 222333444555.

The HTTP headers content length is of course affected by this change.

What i'm trying to figure out, or at least even get the slightest hint too, is how is this/why is being generated. And if i can go so far, how would i replicate this algorithm?


Thanks,

MasterCJ

The form can found at:
http://www.goteach.ca/jobboard/index.pl?form=0

and you can get an HTTP header capture plugin for mozilla at:
http://livehttpheaders.mozdev.org/installation.html

Share this post


Link to post
Share on other sites
the number is a boundary marker that changes with each request, this is a client header and has nothing to do with the server. A boundary indetifier, signifies each part of a multipart document, so each part is a separate entity that makes up the complete multipart document. A multipart HTTP document works the same as a SMTP multi part document, where each entity starts with the boundary marker that has (2) extra (--) befoe it, followed by a single (\r\n) then information header(s), which can contain (type, name and disposition) header(s), followed by (\r\n\r\n) then the content, up to the start of the next boundary indentifier or the ending of the document, (the last) part is ended with (--) on the right hand side of the boundary marker.

//header declaration
Content-Type: multipart/form-data; boundary=--abc

//entity declaration
----abc
Content-Disposition: form-data; name="name"

//content declaration
CONTENT

//close document declaration
----abc--


me!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.