Filling a form spambot style.
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Filling a form spambot style.

  1. #1
    Junior Member
    Join Date
    Sep 2005
    Posts
    5

    Filling a form spambot style.

    My ISP uses a html client , So to do a 'login' i have to goto a page like this:
    http://203.122.xx.xxx:8886/portalcgi...=00:xx.xx.x..x..
    fill-in the username,password and thats it!
    The trouble is that this has to be done after every 30 minutes of inactivity , and this totally confuses my computer-noob parents

    So i was wondering if I could automate this. i.e run a lil program that would go the specified page a fill in the username and password fields

    The first that comes to my mind are those spam-bots that are able to fill in forms, wreak comment systems. Unfortuantely I am anything but leet, so i have really no idea how to even begin. i am not a programmer though I am aware of basics of plenty of languages, so i could probably write something myself if there is a lil help.

    Any suggestions?

    relevant code from the source code.
    Code:
    <td > <input type="text" id="username" name="username" value="">
    Thanks

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    My first suggestion is that is not the way to go

    This "problem" used to be pretty common back in the early days of the internet and dial up connections. The solution was to instal a little proggy that "talked" to the ISP and reset the "clock"

    I don't know if you can find one these days as it is pretty unusual behaviour for 2007.

    You might talk to the ISP and ask their advice? For example, can't you just save the settings and login so all they have to do is click on an icon and it will redial?

    EDIT: If they pulled that kind of stunt on me they would lose a customer so fast their feet wouldn't touch the ground! I would get a different ISP if I were you. This may help, depending on your system:

    http://www.freedownloadscenter.com/N...tay_Alive.html
    Last edited by nihil; February 28th, 2007 at 09:34 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Junior Member
    Join Date
    Sep 2005
    Posts
    5
    Thanks for the quick reply, i am okay with the disconnection btw, as long as the re-login is totally idiot-proof, as my parents are just warming up to computers .

    I don't know if you can find one these days as it is pretty unusual behaviour for 2007.
    I am from India

    My second option is to use the auto-login extension with firefox. So i could have a lil autohotkey (or autoit ) script
    Code:
    run firefox.exe isp's-address.com
    minimize firefox
    wait 5 seconds
    close firefox
    How does the above sound?

  4. #4
    Member
    Join Date
    Feb 2005
    Posts
    45
    Your best bet as nihil has said is to contact your ISP and inform them you will be switching to another company if they can't provide an easier solution.

    If you are feeling more adventurous though... Capture the traffic as you POST the username and password info. Copy the http traffic from the post into a text file and then schedule netcat to run every 29 minutes or so using the text file as your input.

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Quote Originally Posted by stevel
    Your best bet as nihil has said is to contact your ISP and inform them you will be switching to another company if they can't provide an easier solution.

    If you are feeling more adventurous though... Capture the traffic as you POST the username and password info. Copy the http traffic from the post into a text file and then schedule netcat to run every 29 minutes or so using the text file as your input.
    Given the string he provided as the example URL, it would be a GET not a POST. It SHOULD be relatively easy to download say 'wget' for Windows, write a quick batch file that made wget request the proper URL, then use the Windows scheduler (AT) to run the .bat file every 29 minutes or so...

    A couple of things to be wary of: 1) It might violate your use policy that you agreed to when you subscribed to the ISP and 2) I hope you aren't charged for the time you are connected...

    EDIT: Since you didn't specify, I'm assuming windows, which is actually a little trickier. IF that is not the case, let us know what OS your parents are using...
    Last edited by nebulus200; February 28th, 2007 at 10:09 PM.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes, It would help to know what the OS is. I don't know about the ISP you use and their software, but your browser and/or Windows should give you the option to remember logins and passwords?

    Sometimes this facility is also provided by your modem/router management software as well.

    If your ISP has disconnected you, why would you want to minimize then close Firefox? Aren't they going to want the browser open to use the internet?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Junior Member
    Join Date
    Sep 2005
    Posts
    5
    Ah! now i am getting some answers.

    my parents will be using windows, though I have cygwin installed.

    Firefox will be closed just to simplify things for my parents. Click on login to login. Click on browser to browse. besides if they want to use skype, and instead firefox opens, all hell breaks lose (from their point of view).

    If you are feeling more adventurous though... Capture the traffic as you POST the username and password info. Copy the http traffic from the post into a text file and then schedule netcat to run every 29 minutes or so using the text file as your input.
    by capturing http traffic do you mean capturing http headers or using some sort of sniffer or something.
    Anyways Using Proxomitron i get this on submitting my login info:

    Code:
    Posting 187 bytes...
    admin_dosecure=
    requesturi=
    requestip=
    ip=172.16.xx.xx
    mac=xx.x.x.x.x.x.x.
    nas=whatever
    servertime=1172700717
    startnet=1
    username=actual-user-name-was-here
    password=-the-real-pass
    rememberme=on
    login=Login
    So i tried "nc.exe 203.3434.34.34 8886 < login.txt
    Where login.txt contains the above text.. it didn't work
    Anyways it check this thing also checks for time , so i don't think this would work even if i get it right. i will stick with the autohotkey method, crude but simple.

    btw how would wget help here?

  8. #8
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Try this: (I'm assuming that i misread your original post and that the forum actually requires a POST...if you look at the source of the page you are using to logon, look for <form action=BLAH> BLAH is the method to use...

    I'm going to assume POST: (make sure to properly fill out the rest)

    Make your file like follows:
    POST /portalcgi/userlogin.ssg?nas=xxxxxxx&ip=172.16.xxx.xxx&mac=00:xx.xx.x..x HTTP/1.1
    Host: 203.12.x.x
    Content-Length: X

    admin_dosecure=
    requesturi=
    requestip=
    ip=172.16.xx.xx
    mac=xx.x.x.x.x.x.x.
    nas=whatever
    servertime=1172700717
    startnet=1
    username=actual-user-name-was-here
    password=-the-real-pass
    rememberme=on
    login=Login

    1) Make sure to replace the proper values
    2) Make sure to end with two enters (blank lines)
    3) Since I don't know the exact value of the variables, I can't compute the Content-Length and give it to you...it IS however required...Basically count each character starting with the first variable...not forgetting to count the end-of-line character. That integer will be the value of Content-Length (replace the X).
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Unfortunately, the correct answer is to teach the parents to use the computer properly......like minimising applications for example.

    My quick and nasty solution would be to set power saving to turn it off after 20 minutes of inactivity. That way they would be forced to reboot
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Junior Member
    Join Date
    Sep 2005
    Posts
    5

    thanks for that ultra

    thanks for the explanation nebulus ( this may actually work!)
    but its gmt+5:20 = 6:30 Am right now, so its about time i go to sleep
    i'll try this later

    the correct answer is to teach the parents to use the computer properly
    trust me i could become leet before my parents could learn how to send a mail.

Similar Threads

  1. Code Injection via Hidden Form Field Manipulation
    By Chazwazza1337 in forum Security News
    Replies: 0
    Last Post: May 20th, 2006, 03:53 PM
  2. PHP Form Security
    By time_stopper in forum Web Security
    Replies: 9
    Last Post: February 14th, 2006, 04:29 AM
  3. What's Your Style?
    By GreekGoddess in forum Web Development
    Replies: 8
    Last Post: September 17th, 2003, 04:55 AM
  4. Replies: 1
    Last Post: July 15th, 2002, 04:46 AM
  5. VB Multiple Form Passing ?
    By July in forum Programming Security
    Replies: 9
    Last Post: June 29th, 2002, 07:05 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •