I am creating an application in vb.net that allows users to sign up for text updates via a simple form. When users hit the submit button on the form it will send a POST to the website with the actual sign up form and then the website accepts the data. When I go to get the HTTP POST off of the website it looks very odd and seems to change every time. I am using Live HTTP Headers to get the data. Here is a sample of the header content:
Content-Length: 952
-----------------------------61332911729981
Content-Disposition: form-data; name="_wpnonce"
1d45b60ac9
-----------------------------61332911729981
Content-Disposition: form-data; name="_wp_http_referer"
/
-----------------------------61332911729981
Content-Disposition: form-data; name="_ninja_forms_display_submit"
1
-----------------------------61332911729981
Content-Disposition: form-data; name="_form_id"
1
-----------------------------61332911729981
Content-Disposition: form-data; name="ninja_forms_field_1"
(828) 555-3949
-----------------------------61332911729981
Content-Disposition: form-data; name="ninja_forms_field_2"
unchecked
-----------------------------61332911729981
Content-Disposition: form-data; name="ninja_forms_field_2"
checked
-----------------------------61332911729981
Content-Disposition: form-data; name="_ninja_forms_field_3"
Submit
-----------------------------61332911729981--
Here is a sample of what I previously have gotten from Live HTTP Headers with a newsletter form for email alerts:
fields%5Bemail_address%5D%5Bvalue%5D=blahblah%40email.com&cc_newsletter%5B%5D=1&cc_referral_url=http%253A%252F%252Fpeabodyswineandbeer.com%252F&cc_redirect_url=&constant-contact-signup-submit=Sign+Up&uniqueformid=constant_contact_api_widget-2
Any ideas how to get the first one like the second one? I got them from the exact same section in HTTP Live Headers, but I have no idea how to use the first one to POST data to the website.
Related
I want to upload a PDF file but can't seem to serialize it correctly. Because of specific requirements I cannot use the FormDataAPI nor an HTML form.
I'm manually creating the multipart/form-data body like so.
------WebKitFormBoundaryFb3Biw9LyOW5jlUQ
Content-Disposition: form-data; name="username"
bill
------WebKitFormBoundaryFb3Biw9LyOW5jlUQ
Content-Disposition: form-data; name="file"; filename="test.pdf"
Content-Type: application/pdf
[object ArrayBuffer]
------WebKitFormBoundaryFb3Biw9LyOW5jlUQ--`
and sending the request via xhr.send(body) where body is my built up string. Is this even possible?
When I've tested using the FormDataAPI I can see the file as a nice big (encoded?) blob in the Chrome network request inspector. Is FormDataAPI doing something that I cannot achieve via JS?
I guess I ran into a dot-stuffing problem sending SMTP messages. What i basically want to do is to send a message with a text and a attachment part.
In my example I defined a multipart/mixed message like following:
Mime-version: 1.0
Content-Type: multipart/mixed; boundary="YJiPVI9C2M93dRDm"
--YJiPVI9C2M93dRDm
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message
.
--YJiPVI9C2M93dRDm
Content-Type: application/gzip
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=2015-06-22-114558.tar.gz
H4sIAFbZh1UCA+2dXW/dNhKGc72/QujVLtAmIocjSqdXbbH9AJJt0G63F0URuPZJYdT2MezjNP33
FXkcbyQxh6TmnX4AOTdpUs3D0ejlkOKXbGv4o7b7yNqPjHHM/ZNH8F87/jxz/HP8zf+M/20sO+PZ
--YJiPVI9C2M93dRDm--
If I send the SMTP massage with libcurl like described above i will get connection timeouts. The problem is the single point (after "Message"). I know that this is a escape sign in SMTP, but it should be interpreted as a "normal" point. So how to do this? Is the mime body correct? Do i need to masquerade the single point?
I need help in setting the authorization header in html file. So I used OAuth tool on dev.twitter.com and got this header content:
Authorization: OAuth oauth_consumer_key="BKsXdR3SO4hSZyFT2JevHQ", oauth_nonce="718a5099a51230e737474c7e76d21581", oauth_signature="rQ5DJWi8qMmdR76rwIOwJYUhuvc%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1341342796", oauth_token="69848552-B6geQZCA8ttirQIMKrIk47SOE541V7d5ZcYwEBUqQ", oauth_version="1.0"
Now I don't know what to do. I tried this:
<meta name="Authorization" content="OAuth"
oauth_consumer_key="BKsXdR3SO4hSZyFT2JevHQ",
oauth_nonce="b98cf39b3f8dba6286cbd1b741eb7504",
oauth_signature="Vgmudlrkv1dzFel9zpFztXfR6gI%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1341339879",
oauth_token="69848552-B6geQZCA8ttirQIMKrIk47SOE541V7d5ZcYwEBUqQ",
oauth_version="1.0">
But it doesn't work! I am sure doing something wrong.
Help, please!
Aram.
There's an essential difference of headers. OAuth requires an "Authorization" on HTTP header, not in HTML header.
POST /1/statuses/update.json?include_entities=true HTTP/1.1
Accept: */*
Connection: close
User-Agent: OAuth gem v0.4.4
Content-Type: application/x-www-form-urlencoded
Authorization:
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1318622958",
oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
oauth_version="1.0"
Content-Length: 76
Host: api.twitter.com
You can set this headers on a request through server-side scripting (with PHP, Python, ...)
You can do HTTP requests (specifically XMLHttpRequests) from Javascript using AJAX calls (e.g. with jQuery). Check the example for the Perfect jQuery AJAX Request. Then you also can also set your request header.
For google found that the oauth header format is
GData-Version: 3.0
Authorization: OAuth oauth_version=1.0,oauth_nonce=5887e5b11904194f7d217e9b7f795d62, oauth_timestamp=1317623602,
oauth_consumer_key=56565768768.apps.googleusercontent.com",oauth_verifier=PH9etu_6shPOPvlFgiFJS-Dd,
oauth_token=4%2Fpdn5ZtajHsU-zeSxScNSil43sTK0,oauth_signature_method=HMAC-SHA1,
oauth_signature=ybgad%2B6LlQ8P3rwnFa8BpI8awok%3D
Content-Length: 353
Content-Type: application/atom+xml
Seeing this made a request header for facebook as
Authorization: OAuth oauth_version=1.0,oauth_nonce=5887e5b11904194f7d217e9b7f795d62, oauth_timestamp=1317623602,
oauth_consumer_key=12904260719,oauth_verifier=PH9etu_6shPOPvlFgiFJS-Dd,
oauth_token=4%2Fpdn5ZtajHsU-zeSxScNSil43sTK0,oauth_signature_method=HMAC-SHA1,
oauth_signature=ybgad%2B6LlQ8P3rwnFa8BpI8awok%3D
Content-Type: application/X-WWW-form-urlencoded
What's the mistake in this header
Can anyone help me out please
Got it solved. Facebook is not expecting a header which contains parameters like oauth_nounce, oauth_consumer_key etc
I have some field in form, lets say:
<FORM action="http://server.com/cgi/handle"
enctype="multipart/form-data"
method="post">
<P>
What is your name? <INPUT type="text" name="submit-name"><BR>
What files are you sending? <INPUT type="file" name="files"><BR>
<INPUT type="submit" value="Send"> <INPUT type="reset">
</FORM>
and on submission of this form is XMLHTTPrequest generated, for example:
Content-Type: multipart/form-data; boundary=AaB03x
--AaB03x
Content-Disposition: form-data; name="submit-name"
Larry
--AaB03x
Content-Disposition: form-data; name="files"; filename="file1.txt"
Content-Type: text/plain
... contents of file1.txt ...
--AaB03x--
and I want to change this request, I need to change the name and content of the file which is send. Could it be done? Is it not security issue?
I'm not sure I grasp the situation but I think you mean a normal POST request, not a XMLHTTPrequest which is specific to JavaScript (Ajax requests are based on this method).
If you are asking how to modify the request the browser sends to the server when using multipart/form-data then I am pretty sure the answer is: You can't. This is a matter completely beyond the site's control.
I also strongly doubt there is a JavaScript based way of doing this because you are using a file upload. The contents of an uploaded file are not available to the web page for security reasons, so you will have no chance of encoding that file yourself and making a raw request using XMLHTTPRequest or any other client-side method.