Penetration Testing mailing list archives
Re: HTTP Manipulation
From: Kenneth Peiruza <kpeiruza () gnunetworks com>
Date: Wed, 21 Apr 2004 17:19:55 +0200
Hi all, In short and attached downwards: On dt, 2004-04-20 at 20:14, Jeremy Junginger wrote:
Hey guys, I'm putting together a perl script to do some HTTP manipulation (Methods, versions, overflow strings, etc), and am having some trouble reading from the socket. From tcpdump, I can see that it is completing the TCP three way handshake, and successfully GETting the default page with a 200 OK response, but I'm not sure how to capture this data from the socket prior to closing it. Could any of you PERL gurus see if I've missed something important here? Thanks, #!c:\Perl\bin\Perl.exe use CGI qw(:standard); #use strict; use Socket; #Initialize the host, port, and protocols $host = shift||'ip.address.of.remote.host'; $port = shift||80; $proto = getprotobyname('tcp'); #Get the port address $remoteip = inet_aton($host); $remoteport = sockaddr_in($port,$remoteip); #$localhost = pack('S n a4 x8', AF_INET, 0, "\0\0\0\0"); #$remotehost = pack('S n a4 x8', AF_INET, $port, $host); #Create the socket and connect to the port socket(SOCKET,PF_INET,SOCK_STREAM,$proto) or die "socket:$!"; connect(SOCKET,$remoteport) or die "connect:$!"; print SOCKET "GET / HTTP/1.0\n\n";
while ( $buffer = <SOCKET> ) { print $buffer; }
select(SOCK); $| = 1; select(STDOUT);
PS: Some time ago I wrote a silly HTTP scanner based upon Perl & Sockets. My test version is working with LWP library, but you can still found how I did to manage this at: http://www.sourceforge.net/wanesa/ Cheers! -- Kenneth Peiruza <kpeiruza () gnunetworks com> +34-666.23.64.33 ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- HTTP Manipulation Jeremy Junginger (Apr 21)
- Re: HTTP Manipulation Kenneth Peiruza (Apr 21)
- Re: HTTP Manipulation cdowns (Apr 21)
- Re: HTTP Manipulation Rogan Dawes (Apr 21)
- <Possible follow-ups>
- HTTP Manipulation Arthur Clune (Apr 21)