I've said this several times on this list: If you are going to be in any facet of the IT world, you *must* know the basics.
A lot of shell scripting looks complicated, but it isn't. For something like this, it's a simple loop. You can set variables by using awk to extract values from lists, then simply call curl (more than once if a session cookie is required) and specify the variables to POST, pipe the output somewhere you can parse it ( curl | grep | test or action) and then loop around again.
If you work with Linux or UNIX systems you should already be more familiar with this than you realize. Windows and VBscript aren't as easy to learn, but batch scripting can do anything that a bash script can, in much the same way. You can even install the standard GNU utilities on just about any platform.
The best bit of advice I can give for learning this is to use an editor with syntax highlighting; notepad++ for win32 and nano for *NIX. I would avoid using Cygwin for script development, I've run into odd issues with variable handling... Didn't care enough to actually investigate.
Rob
Sent on the Sprint® Now Network from my BlackBerry®
-----Original Message-----
From: Anwar Khan <anwarrhce (at) gmail (dot) com [email concealed]>
Sender: listbounce (at) securityfocus (dot) com [email concealed]
Date: Thu, 28 Jun 2012 23:05:29
To: rob siwicki<robert.siwicki (at) googlemail (dot) com [email concealed]>
Cc: <security-basics (at) securityfocus (dot) com [email concealed]>; <pen-test (at) securityfocus (dot) com [email concealed]>
Subject: Re: web form filling bots
I know folks, small python aur bash will do it, but i m not proficient
in writing scripts, please help.
On Thu, Jun 28, 2012 at 11:04 PM, rob siwicki
<robert.siwicki (at) googlemail (dot) com [email concealed]> wrote:
> A small python script should do it.
>
> On 28 June 2012 17:17, Anwar Khan <anwarrhce (at) gmail (dot) com [email concealed]> wrote:
>>
>> Dear All,
>>
>> Can anyone please suggest any web form filling tool, which automate
>> the form filling process and write bogus entries.
>> I have a website which i want to test against this, i just want to see
>> how things work without capthca, if i rely on POST and Connect.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
A lot of shell scripting looks complicated, but it isn't. For something like this, it's a simple loop. You can set variables by using awk to extract values from lists, then simply call curl (more than once if a session cookie is required) and specify the variables to POST, pipe the output somewhere you can parse it ( curl | grep | test or action) and then loop around again.
If you work with Linux or UNIX systems you should already be more familiar with this than you realize. Windows and VBscript aren't as easy to learn, but batch scripting can do anything that a bash script can, in much the same way. You can even install the standard GNU utilities on just about any platform.
The best bit of advice I can give for learning this is to use an editor with syntax highlighting; notepad++ for win32 and nano for *NIX. I would avoid using Cygwin for script development, I've run into odd issues with variable handling... Didn't care enough to actually investigate.
Rob
Sent on the Sprint® Now Network from my BlackBerry®
-----Original Message-----
From: Anwar Khan <anwarrhce (at) gmail (dot) com [email concealed]>
Sender: listbounce (at) securityfocus (dot) com [email concealed]
Date: Thu, 28 Jun 2012 23:05:29
To: rob siwicki<robert.siwicki (at) googlemail (dot) com [email concealed]>
Cc: <security-basics (at) securityfocus (dot) com [email concealed]>; <pen-test (at) securityfocus (dot) com [email concealed]>
Subject: Re: web form filling bots
I know folks, small python aur bash will do it, but i m not proficient
in writing scripts, please help.
On Thu, Jun 28, 2012 at 11:04 PM, rob siwicki
<robert.siwicki (at) googlemail (dot) com [email concealed]> wrote:
> A small python script should do it.
>
> On 28 June 2012 17:17, Anwar Khan <anwarrhce (at) gmail (dot) com [email concealed]> wrote:
>>
>> Dear All,
>>
>> Can anyone please suggest any web form filling tool, which automate
>> the form filling process and write bogus entries.
>> I have a website which i want to test against this, i just want to see
>> how things work without capthca, if i rely on POST and Connect.
>>
>> Please suggest any tool or script.
>>
>> thnks
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL
>> certificate. We look at how SSL works, how it benefits your company and how
>> your customers can tell if a site is secure. You will find out how to test,
>> purchase, install and use a thawte Digital Certificate on your Apache web
>> server. Throughout, best practices for set-up are highlighted to help you
>> ensure efficient ongoing management of your encryption keys and digital
>> certificates.
>>
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>
--
Regards,
Anwar
+91-915-806-9094
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]