How to hit a web page programmatically and silently? - language-agnostic

I would like to know how can I hit a web page programmatically and silently using C/C++?
I tried ShellExecute (shellapi.h), don't know how to make use of it?

Use the HTTP protocol directly
netcat
curl
wget
HTTP Client Services
On linuxen there are perl implemented CLI commands (GET, PUT, POST), in short: pick one from a vast array; you platform will have tools too.
Simplistic example:
type request.http | netcat mywebserver:80
Where request.http could be as simple as
GET /
(mind the trailing empty lines, which SO helpfully hides)

Related

How to use sqlmap payload in browser manually?

When we use sqlmap, it does everything automatically for finding sql injection of a website. I'm interested in that I send malicious queries directly in my browser and get the results in it, but when I couldn't find anything, I use sqlmap for finding malicious queries. I use the payload that sqlmap gives me and enter it in the vulnerable field of the website in my browser. I want to get all databases of the website in my browser, but I cannot get them. Although sqlmap uses the payload and gives me all databases of the website. Now my question is how to use sqlmap payload in browser manually?
So this is the problem,I have a simple way to sound.
1.you must have burpsuite tools
2.Monitor local 8080 or any port you specify by burpsuite.
3. use the --proxy parameter U of sqlmap. It looks like this.
sqlmap.py -u "URL" --proxy http://127.0.0.1:8080
4.you can get all http requests,then you can test it in your browers
good luck to you!

How to create pop-up login box?

the box appears in below snapshot is neither alert box,prompt box nor confirm box. then what is this? how can i create the same thing like this?
It's a BasicAuth prompt, if your server return a request for BasicAuth it will get handled by the browser.
It happens when the browser receives a response with a header that looks like this, "insert realm" can be almost anything:
WWW-Authenticate: Basic realm="insert realm"
Usually the web browser handles it by itself and shows that kind of prompt. By the way it's unrelated to the web server as it's part of the protocole. If you happen to run an application server, you'll have to send the header above in a response and expect an Authorization header back from the "web client".
If you run apache, nginx, you can check simply for BasicAuth and you should be able to find documentation on how to set it up.
Read more here: BasicAuth
If you have enough courage you can read the RFCs
This is a simple HTTP Authentification, like the one you can setup with a ".htpasswd" file on Apache and so on.
You can't do it with Javascript (it's on server-side), in PHP it would be like this

Testing PUT methods on a RESTful web service

I have a simple RESTful web service and I wish to test the PUT method on a certain resource. I would like to do it in the most simple way using as few additional tools as possible.
For instance, testing the GET method of a resource is the peak of simplicity - just going to the resource URL in the browser. I understand that it is impossible to reach the same level of simplicity when testing a PUT method.
The following two assumptions should ease the task:
The request body is a json string prepared beforehand. Meaning, whatever is the solution to my problem it does not have to compose a json string from the user input - the user input is the final json string.
The REST engine I use (OpenRasta) understands certain URL decorators, which tell it what is the desired HTTP method. Hence I can issue a POST request, which would be treated as a PUT request inside the REST engine. This means, regular html form can be used to test the PUT action.
However, I wish the user to be able to enter the URL of the resource to be PUT to, which makes the task more complicated, but eases the testing.
Thanks to all the good samaritans out there in advance.
P.S.
I have neither PHP nor PERL installed, but I do have python. However, staying within the realm of javascript seems to be the simplest approach, if possible. My OS is Windows, if that matters.
I'd suggest using the Poster add-on for Firefox. You can find it over here.
As well as providing a means to inspect HTTP requests coming from desktop and web applications, Fiddler allows you to create arbitrary HTTP requests (as well as resend ones that were previously sent by an application).
It is browser-agnostic.
I use the RESTClient firefox plugin (you can not use an URL for the message body but at least you can save your request) but also would recommend curl on the command line.
Maybe you should also have a look at this SO question.

Consuming a Ruby on Rails app on my domain server

I am running rails version 2.3.2 on my website domain and I am having a huge problem with wrapping my head around how this works:
I have my website running a RoR app on my domain development server. It is just a sample scaffold that allows you to type in your name, zip, state, etc. I am using ruby 1.8.2, and have a mysql server also.
I want to consume this data into my windows phone 7 through SOAP (I don't know if I even have one to begin with), but here is where I have problems.
In using visual studio, it cannot locate my server when i direct it over to my url. It gives the error saying that there was nothing in the correct format.
Maybe I don't have a server running? I want to have the data be parsed out into XML for the phone to consume, but I have no idea how to set this up!
Basically, I have the domain, and the phone, but no knowledge of the steps inbetween.
Can anyone help me get this up and running?
A few things to try:
First - have you actually started the server? eg by running "script/server" ?
You can test that the server is up and running by using "curl" (google for it to install/download" which is a very simple (and very commonly used) application for testing this stuff easily.
if you run curl and type in the url that you'd be accessing via your windows phone... and it responds with something (probably html), then the server is up and running. You can later use CURL to test if it responds to an xml request too.
Second: go look in the controller. See if it has a section such as:
respond_to do |format|
format.html
format.xml { render :xml => #widgets.to_xml }
end
it's the "respond_to" and "xml" bits that matter if you are going to get your system to consume xml. They should be present in every action in your controller. If not - you will have to go a research how to do this for your code - alternatively, using a later version of rails will let you use the up-to-date scaffold generators that should include these as standard.
Third: it is possible that your Windows phone app is just not requesting the resources in xml format and so Rails is returning html (which your SOAP parser won't understand). I don't know how you can check this, but what rails requires is for the HTML-header: "Accept" to be set to "application/xml" or "text/xml"
You can also test this for any given URL with curl by using eg: "curl -H 'Accept: text/xml' 127.0.0.1/myapp" - if it continues to spit out html (and not xml) then obviously it's not producing xml for that URL.
The easiest way to go about this is to simply emit JSON and consume that on your mobile application. Generally you just need to call .to_json on an object and you're half done. SOAP requires a ton of XML overhead that's usually not worth it unless you're already neck-deep in an enterprise application that's overflowing with it.
Updating your Rails stack to 2.3.11 and Ruby 1.8.7 is strongly encouraged as older versions of Rails, as with any application, have vulnerabilities. Ruby 1.8.2 is from around 2005 and is effectively ancient.

HTTP application to GET, PUT, DELETE

Do you guys know if there is an application that enables me to use GET, PUT, DELETE HTTP methods in a simple way?
I want to run it against Google's BigTable.
Thanks a lot.
curl? It has a command-line client as well as libraries (written in C, but with bindings for all the major languages).
You can specify custom methods with -X:
curl -X DELETE mysite.appspot.com/foo
In the library, you use the CURLOPT_CUSTOMREQUEST option.
If you're using Windows, try Fiddler. It not only does logging of browser to server traffic but can also create requests in its own right.