Re: HTTP Manipulation

From: Kenneth Peiruza (kpeiruza@gnunetworks.com)
Date: Wed Apr 21 2004 - 11:19:55 EDT


Hi all,

In short and attached downwards:

On dt, 2004-04-20 at 20:14, Jeremy Junginger wrote:
> Hey guys,
>
> I'm putting together a perl script to do some HTTP manipulation (Methods,
> versions, overflow strings, etc), and am having some trouble reading from the
> socket. From tcpdump, I can see that it is completing the TCP three way
> handshake, and successfully GETting the default page with a 200 OK response,
> but I'm not sure how to capture this data from the socket prior to closing
> it. Could any of you PERL gurus see if I've missed something important here?
> Thanks,
>
> #!c:\Perl\bin\Perl.exe
> use CGI qw(:standard);
> #use strict;
> use Socket;
>
> #Initialize the host, port, and protocols
> $host = shift||'ip.address.of.remote.host';
> $port = shift||80;
> $proto = getprotobyname('tcp');
>
> #Get the port address
> $remoteip = inet_aton($host);
> $remoteport = sockaddr_in($port,$remoteip);
>
> #$localhost = pack('S n a4 x8', AF_INET, 0, "\0\0\0\0");
> #$remotehost = pack('S n a4 x8', AF_INET, $port, $host);
>
> #Create the socket and connect to the port
> socket(SOCKET,PF_INET,SOCK_STREAM,$proto) or die "socket:$!";
> connect(SOCKET,$remoteport) or die "connect:$!";
>
> print SOCKET "GET / HTTP/1.0\n\n";
>

        while ( $buffer = <SOCKET> )
        {

                print $buffer;

        }

> select(SOCK); $| = 1; select(STDOUT);
>
>

PS: Some time ago I wrote a silly HTTP scanner based upon Perl &
Sockets. My test version is working with LWP library, but you can still
found how I did to manage this at: http://www.sourceforge.net/wanesa/

Cheers!

-- 
Kenneth Peiruza <kpeiruza@gnunetworks.com>
+34-666.23.64.33
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT