thefatmoop Posted November 2, 2008 Share Posted November 2, 2008 I work for a pc/server security consulting company. it's normal for us to have legal permission to 'test' security on business networks. We're finding more and more clients are getting their makeshift sites exploited. Normally I just write a small program to go through and auto fill out sites for displaying... is there a good program for doing this instead of me writing something for every site? Quote Link to comment Share on other sites More sharing options...
digip Posted November 2, 2008 Share Posted November 2, 2008 Normally I just write a small program to go through and auto fill out sites for displayingWhat do you mean by this? "auto fill out"? Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 2, 2008 Share Posted November 2, 2008 I think he means spider the site for inputs the web server will accept, then fuzz the inputs until the server falls over indicating a flaw with the site. Quote Link to comment Share on other sites More sharing options...
digip Posted November 2, 2008 Share Posted November 2, 2008 I think he means spider the site for inputs the web server will accept, then fuzz the inputs until the server falls over indicating a flaw with the site. Thats good, as I was thinking he was looking for spam bots or something to spam sites with. Like finding wordpress blogs that don't use captchas or something like that which can exploit MySql or such. Quote Link to comment Share on other sites More sharing options...
thefatmoop Posted November 2, 2008 Author Share Posted November 2, 2008 Sites that are just basic html forms. Someone can spam them to death. What i mean by writing a program to auto fill it out... i haven't done it in a while, but using integrated IE in vb one can look at the html and search for variables. make the variable = a value and then action click the submit button. I originally did this back in highschool to the verizon wireless website to send text messages to people. Once a program was filling it out it was easy to really spam it. There are plenty of times when a website is totally insecure and open to possibilities for example: http://www.peoriabloomingtoncarloans.com/creditapp.html I'm looking for a program designed for this... don't want to remake all the programs Quote Link to comment Share on other sites More sharing options...
Steve8x Posted November 3, 2008 Share Posted November 3, 2008 Well I think the best way to do it would be a standalone app. Not an addon to IE... Have it read a list of urls from a text file... It will download and read each page individually... for example when it finds a form: <form action="/path/to/script.php" method="post"> <input name="fname" type="text" size="24" maxlength="15"> <input name="pass" type="text" size="24" maxlength="15"> <input name="postform" type="submit" value="Submit!"> </form> Get the input names and then post your data to them... It will be kind of difficult to make it dynamic (where as it will work for any page) You'd have to read the different input types and know the name's of the fields, and know what to put in them... How will you know what to put in the fields is the biggest problem? because not all fields are named the same on different sites, and they all need different values. For example, how will you know your not putting a name in a zipcode field? You called it "auto-fill" it should be called "auto-post"... What have you normally done? What do you "fill" in the boxes? just random stuff or what? Another benefit of downloading the html with winsock and then posting to the page is that you bypass any javascript/clientsided form-field validation... (however where your submitting the form to most likely has checks there which can't be bypassed since they are server sided!) I would suggest looking up HTTP protocol, particularly HTTP POST... This can also help you out too: http://hak5.org/forums/index.php?showtopic=10535 It's a recent thing I made which does what you want, it auto-posts form data to a server sided script... EDIT: I just came up with an idea actually but what are you going to be inputting into the fields? random numbers and letters or what? an app similar to that except it lets you specify the field names and values, something like this: lets say the app is called "formsubmit" formsubmit -h www.peoriabloomingtoncarloans.com -s /scripts/App.dll :fname="Bob" :lname="0x539" :WPhone="123-456-7890" :Addr="123 Burning Tree Lane" :city="Somecity" :State="somestate" :zip="zipcode" :comments="I'm interested in getting pre-approved for a vehicle" etc... * I only did the required fields on that form ;) where -h is the host, -s is the path to the script which its probably not a real Win32 "DLL" file , its probably some sort of scripting language like php disguised, maybe CGI, or ASP... then the fields are identified by some kind of marker, here I chose : marks the start of a field name, and = marks the end of it, then between the quotes is what to put in that field... make sense? It would take quite some time manually writing things to put into the fields, so I don't really get it... So are you wanting random values in the fields ? or ones that make sense? Anyway what would this do for you? I don't see what your getting out of it spamming junk to auto-loan forms? It doesn't seem like theres any benefit... Quote Link to comment Share on other sites More sharing options...
thefatmoop Posted November 3, 2008 Author Share Posted November 3, 2008 Well I think the best way to do it would be a standalone app. Not an addon to IE... Have it read a list of urls from a text file... It will download and read each page individually... for example when it finds a form: <form action="/path/to/script.php" method="post"> <input name="fname" type="text" size="24" maxlength="15"> <input name="pass" type="text" size="24" maxlength="15"> <input name="postform" type="submit" value="Submit!"> </form> Get the input names and then post your data to them... It will be kind of difficult to make it dynamic (where as it will work for any page) You'd have to read the different input types and know the name's of the fields, and know what to put in them... How will you know what to put in the fields is the biggest problem? because not all fields are named the same on different sites, and they all need different values. For example, how will you know your not putting a name in a zipcode field? You called it "auto-fill" it should be called "auto-post"... What have you normally done? What do you "fill" in the boxes? just random stuff or what? Another benefit of downloading the html with winsock and then posting to the page is that you bypass any javascript/clientsided form-field validation... (however where your submitting the form to most likely has checks there which can't be bypassed since they are server sided!) I would suggest looking up HTTP protocol, particularly HTTP POST... This can also help you out too: http://hak5.org/forums/index.php?showtopic=10535 It's a recent thing I made which does what you want, it auto-posts form data to a server sided script... EDIT: I just came up with an idea actually but what are you going to be inputting into the fields? random numbers and letters or what? an app similar to that except it lets you specify the field names and values, something like this: lets say the app is called "formsubmit" formsubmit -h www.peoriabloomingtoncarloans.com -s /scripts/App.dll :fname="Bob" :lname="0x539" :WPhone="123-456-7890" :Addr="123 Burning Tree Lane" :city="Somecity" :State="somestate" :zip="zipcode" :comments="I'm interested in getting pre-approved for a vehicle" etc... * I only did the required fields on that form ;) where -h is the host, -s is the path to the script which its probably not a real Win32 "DLL" file , its probably some sort of scripting language like php disguised, maybe CGI, or ASP... then the fields are identified by some kind of marker, here I chose : marks the start of a field name, and = marks the end of it, then between the quotes is what to put in that field... make sense? It would take quite some time manually writing things to put into the fields, so I don't really get it... So are you wanting random values in the fields ? or ones that make sense? Anyway what would this do for you? I don't see what your getting out of it spamming junk to auto-loan forms? It doesn't seem like theres any benefit... thanks for the in-depth reply. let met look into this, and I would like to show the owners of the site this. Quote Link to comment Share on other sites More sharing options...
Steve8x Posted November 3, 2008 Share Posted November 3, 2008 Alright I was messing around with it today and made the example app... It works similar to what I said previously except instead of using double quotes " you use single quotes! So for example instead of :name="Steve" you do :name='Steve' I did it that way because if you wanted to use double quotes you'd have to write a backslash \ before each " (to escape it) and I thought that would be annoying so I just made it a single quote... ;) You can also use most special characters[because I encode the field data before sending it], except for single quote(obviously since it will end the value early) and & the & sign is used to separate field=value's from each other this is an example of the content the app actually posts name=Steve&comment=hello+my+name+is+steve%21 So you can't put another & in there anywhere other wise somethings going to get cut off as it thinks your specifying a new field name and value.. the +'s are just spaces(you don't have to write plus though when doing spaces it converts it for you) the %21 is what all special characters are changed into its the hex byte of the character. %21 or 0x21 is a ! here's some example usage: You can test it on http://popeax.com/x/ and see the result of your post... there is no actual html form, only a script to accept posted data... the two values that it looks for for input are "name" and "comment" so doing a: frmpost -h popeax.com -s /x/index.php :name='My Name' :comment='Hello World!' would submit at comment to that web page ;) source code + binary: (Release folder contains binary executable) http://popeax.com/x/frmpost.zip batch scripting anyone? :) That should help you out with whatever your trying to do... Quote Link to comment Share on other sites More sharing options...
Jayze Posted November 14, 2008 Share Posted November 14, 2008 Nice program! Actually if you work with perl/PHP , curl is a way to go or with LWP (http://search.cpan.org/~gaas/libwww-perl-5.800/lib/LWP.pm) . Write a little perl script that downloads the webpage, parses it and then fills out all the form fields with and posts them. With LWP you can specify nearly anything you like. and then make a file with all SQL exploits in it, and loop trough it until you get a result from the website. $response = $browser->get($url, 'User-Agent' => 'Mozilla/4.76 [en] (Win98; U)', 'Accept' => 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*', 'Accept-Charset' => 'iso-8859-1,*,utf-8', 'Accept-Language' => 'en-US', ); use strict; use warnings; use LWP 5.64; my $browser = LWP::UserAgent->new; my $word = 'tarragon'; my $url = 'http://www.altavista.com/sites/search/web'; my $response = $browser->post( $url, [ 'q' => $word, # the Altavista query string 'pg' => 'q', 'avkw' => 'tgz', 'kl' => 'XX', ] ); die "$url error: ", $response->status_line unless $response->is_success; die "Weird content type at $url -- ", $response->content_type unless $response->content_type eq 'text/html'; if( $response->content =~ m{AltaVista found ([0-9,]+) results} ) { # The substring will be like "AltaVista found 2,345 results" print "$word: $1\n"; } else { print "Couldn't find the match-string in the response\n"; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.