|
Making a HTTP POST from sniffed packets |
Dizzy Egg
Member #10,824
March 2009
|
Hello guys, I have an IP controlled device that locks up on me due to a known issue, and in order for me to power it on sometimes I have to log into its webserver to power it on....I've managed to sniff some data, and I want to build it into a POST command so I can do it from code, but I don't know how what POST to send based on these packets! If someone could help me out I'd be very grateful Hypertext Transfer Protocol POST /MainZone/index.put.asp HTTP/1.1\r\n [Expert Info (Chat/Sequence): POST /MainZone/index.put.asp HTTP/1.1\r\n] Request Method: POST Request URI: /MainZone/index.put.asp Request Version: HTTP/1.1 Host: 192.168.54.11\r\n Connection: keep-alive\r\n Content-Length: 59\r\n Accept: */*\r\n Origin: http://192.168.54.11\r\n X-Requested-With: XMLHttpRequest\r\n User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36\r\n Content-Type: application/x-www-form-urlencoded\r\n DNT: 1\r\n Referer: http://192.168.54.11/MainZone/index.html\r\n Accept-Encoding: gzip, deflate\r\n Accept-Language: en-US,en;q=0.9\r\n Cookie: ZoneName=MAIN%20ZONE\r\n Cookie pair: ZoneName=MAIN%20ZONE \r\n [Full request URI: http://192.168.54.11/MainZone/index.put.asp] [HTTP request 1/1] File Data: 59 bytes HTML Form URL Encoded: application/x-www-form-urlencoded Form item: "cmd0" = "PutZone_OnOff/ON" Key: cmd0 Value: PutZone_OnOff/ON Form item: "cmd1" = "aspMainZone_WebUpdateStatus/" Key: cmd1 Value: aspMainZone_WebUpdateStatus/
---------------------------------------------------- |
Peter Hull
Member #1,136
March 2001
|
Wait a minute, that's the IP address for NORAD. What are you up to ?!
|
Dizzy Egg
Member #10,824
March 2009
|
Haha really?? It's also the address of my AV Amp!!!
---------------------------------------------------- |
bamccaig
Member #7,536
July 2006
|
Near as I can tell it's just posting two form fields: cmd0 = PutZone_OnOff/ON cmd1 = aspMainZone_WebUpdateStatus/ With a single cookie set: ZoneName=MAIN ZONE There's a chance the Web server will also be restricting the request to specific user agents (browsers) so you may need to spoof that as well. You can attempt to automate that request and see if your device likes it. It's unclear if you've logged in before this, but I see no sign of that. Dizzy Egg said: ...sometimes I have to log into its webserver to power it on... {"name":"Excuse-me-What.jpg","src":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/2\/4\/2468560f24d3a21a747a1892d156cb51.jpg","w":600,"h":450,"tn":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/2\/4\/2468560f24d3a21a747a1892d156cb51"} -- acc.js | al4anim - Allegro 4 Animation library | Allegro 5 VS/NuGet Guide | Allegro.cc Mockup | Allegro.cc <code> Tag | Allegro 4 Timer Example (w/ Semaphores) | Allegro 5 "Winpkg" (MSVC readme) | Bambot | Blog | C++ STL Container Flowchart | Castopulence Software | Check Return Values | Derail? | Is This A Discussion? Flow Chart | Filesystem Hierarchy Standard | Clean Code Talks - Global State and Singletons | How To Use Header Files | GNU/Linux (Debian, Fedora, Gentoo) | rot (rot13, rot47, rotN) | Streaming |
Dizzy Egg
Member #10,824
March 2009
|
I control it using it's IP control set on port 10000, but sometimes that locks up and the only way to turn it on is to open wa web browser and do it from there....I'm no expert with http commands, but so far I have: POST /MainZone/index.put.asp?cmd0=PutZone_OnOff/ON&cmd1=aspMainZone_WebUpdateStatus/ which I send after connecting on Port 80 from a normal tcp socket.....doesn't work though....but I'm getting close... EDIT: Got it, nailed it, fixed it.....none of you get cookies though.....OK, all of you get cookies....now NORAD.....how do I....
---------------------------------------------------- |
bamccaig
Member #7,536
July 2006
|
I'm not very familiar with the HTTP protocol either. I'd probably use Perl to do it because I know there are stable modules that already speak it better than I ever will (and if it doesn't work it'll be easier to add additional features to the request until it does work): perl -MWWW::Mechanize -e 1 If that fails you don't have the module installed. Easiest way I know of is App::cpanminus AKA cpanm. cpanm WWW::Mechanize That will probably take a while because it has lots of dependencies, but it's probably worth the wait (and disk usage). (If you don't have cpanm either then your package manager should; if you're on Windows installing "Strawberry Perl" should give you both Perl and cpanm) use strict; use warnings; use WWW::Mechanize; my $mech = WWW::Mechanize->new(); my $url = 'http://192.168.54.11/MainZone/index.put.asp'; my $payload = [ cmd0 => 'PutZone_OnOff/ON', cmd1 => 'aspMainZone_WebUpdateStatus/', ]; $mech->post($url, $payload); I can't quite figure out on a whim how to define your own cookies, but if it's necessary I'm sure you could figure it out with some more time spent on Google or asking in #perl on any popular IRC network. Append: /beaten -- acc.js | al4anim - Allegro 4 Animation library | Allegro 5 VS/NuGet Guide | Allegro.cc Mockup | Allegro.cc <code> Tag | Allegro 4 Timer Example (w/ Semaphores) | Allegro 5 "Winpkg" (MSVC readme) | Bambot | Blog | C++ STL Container Flowchart | Castopulence Software | Check Return Values | Derail? | Is This A Discussion? Flow Chart | Filesystem Hierarchy Standard | Clean Code Talks - Global State and Singletons | How To Use Header Files | GNU/Linux (Debian, Fedora, Gentoo) | rot (rot13, rot47, rotN) | Streaming |
Dizzy Egg
Member #10,824
March 2009
|
I'm using a piece of hardware (AV controller) that uses a 'C' based language....it provides the ability to create your own sockets etc, but usually any kit I control has a reliable IP based protocol.....this little bugger keeps locking up on port 10000, on a processor reboot, I'm guessing because the port/socket doesn't close properly....but port 80 remains open.....I've used HTTP "GET" a lot to read from RSS sites etc, but was a bit thrown by the PUT/POST.....thanks for the help though!.....would have been a doddle in C#
---------------------------------------------------- |
Peter Hull
Member #1,136
March 2001
|
I feel that I have been awarded cake that I don't deserve. How about using 'curl' - from the curl manual: -d, --data <data> (HTTP) Sends the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. This will cause curl to pass the data to the server using the content-type application/x-www-form-urlencoded. So you would have curl --data "param1=value1¶m2=value2" http://hostname/resource
|
|