From: Rogan Dawes (lists@NO_dawes.SPAM_za.net)
Date: Wed Apr 21 2004 - 12:19:37 EDT
Jeremy Junginger wrote:
> Hey guys,
>
> I'm putting together a perl script to do some HTTP manipulation (Methods,
> versions, overflow strings, etc), and am having some trouble reading from the
> socket. From tcpdump, I can see that it is completing the TCP three way
> handshake, and successfully GETting the default page with a 200 OK response,
> but I'm not sure how to capture this data from the socket prior to closing
> it. Could any of you PERL gurus see if I've missed something important here?
> Thanks,
>
> #!c:\Perl\bin\Perl.exe
> use CGI qw(:standard);
> #use strict;
> use Socket;
>
> #Initialize the host, port, and protocols
> $host = shift||'ip.address.of.remote.host';
> $port = shift||80;
> $proto = getprotobyname('tcp');
>
> #Get the port address
> $remoteip = inet_aton($host);
> $remoteport = sockaddr_in($port,$remoteip);
>
> #$localhost = pack('S n a4 x8', AF_INET, 0, "\0\0\0\0");
> #$remotehost = pack('S n a4 x8', AF_INET, $port, $host);
>
> #Create the socket and connect to the port
> socket(SOCKET,PF_INET,SOCK_STREAM,$proto) or die "socket:$!";
> connect(SOCKET,$remoteport) or die "connect:$!";
>
> print SOCKET "GET / HTTP/1.0\n\n";
while (<SOCKET>) {
print $_;
}
You should also rather be doing
print SOCKET "GET / HTTP/1.0\r\n\r\n";
according to the RFC's
For something like this, libwhisker is probably a good starting point,
or just use LWP, rather.
Regards
Rogan
-- Rogan Dawes email: lists AT dawes DOT za DOT net "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." - Gene Spafford ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT