How can I post data with POST method in C programming.

slzckboy · 04-07-2007, 06:25 AM

NOTE:

Your code will not work if the site that you wish to log onto
uses cookies in the validation process of logging in.

As a side note,
As a HTTP/1.1 implementation your code should be able to
handle HTTP re-directs,i.e status 30x return codes.

Also all HTTP/1.1 implementations should also be able to
handle the chunked transfer-encoding scheme
when retrieving documents which means that to be able to
properly retrieve such encoded docs you can't just read from
the socket until an error or EOF is seen.
The encoding scheme is not differcult but you need to be aware of it.
I re-direct your attention again to the HTTP/1.1 rfc

:0)

Anyway here is a successful POST / request capture using
cookies.
ta

Code:

192.168.1.105:43022 -> 8x.xx.xx.xx:80 [AP]
  POST /takelogin.php HTTP/1.1..Connection: Keep-Alive..User-Agent: Mozilla/5
  .0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko)..Referer: ht
  tp://www.xxxxxxxx.org/login.php..Pragma: no-cache..Cache-control: no-cache.
  .Accept: text/html, image/jpeg, image/png, text/*, image/*, */*..Accept-Enc
  oding: x-gzip, x-deflate, gzip, deflate..Accept-Charset: iso-8859-1, utf-8;
  q=0.5, *;q=0.5..Accept-Language: en..Host: www.xxxxxxxx.org..Content-Type:
  application/x-www-form-urlencoded..
######
T 8x.xx.xx.xx:80 -> 192.168.1.105:43022 [AP]
  HTTP/1.1 302 Found..Date: Sat, 07 Apr 2007 07:47:51 GMT..Server: Apache/1.3
  .33 (Unix) PHP/4.4.1..X-Powered-By: PHP/4.4.1..Set-Cookie: uid=549021; expi
  res=Tue, 19 Jan 2038 03:14:07 GMT; path=/..Set-Cookie: pass=f54152e374049cd
  4f0b98805c11ace3d; expires=Tue, 19 Jan 2038 03:14:07 GMT; path=/..Location:
   http://www.xxxxxxxx.org/my.php..Keep-Alive: timeout=6, max=200..Connection
  : Keep-Alive..Transfer-Encoding: chunked..Content-Type: text/html....0....
#########
T 192.168.1.105:43023 -> 8xxxxxxxxxx:80 [AP]
  GET /my.php HTTP/1.1..Connection: Keep-Alive..User-Agent: Mozilla/5.0 (comp
  atible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko)..Referer: http://www
  .xxxxxxxx.org/login.php..Pragma: no-cache..Cache-control: no-cache..Accept:
   text/html, image/jpeg, image/png, text/*, image/*, */*..Accept-Encoding: x
  -gzip, x-deflate, gzip, deflate..Accept-Charset: iso-8859-1, utf-8;q=0.5, *
  ;q=0.5..Accept-Language: en..Host: www.xxxxxxxx.org..Cookie: pass=f54152e37
  4049cd4f0b98805c11ace3d; uid=549021....
##
T 8x.xx.xx.xx:80 -> 192.168.1.105:43023 [A]
  HTTP/1.1 200 OK..Date: Sat, 07 Apr 2007 07:47:51 GMT..Server: Apache/1.3.33
   (Unix) PHP/4.4.1..X-Powered-By: PHP/4.4.1..Keep-Alive: timeout=6, max=200.
  .Connection: Keep-Alive..Transfer-Encoding: chunked..Content-Type: text/htm
  l; charset=iso-8859-1....

haxpor · 04-07-2007, 08:33 AM

If the case for loging in involve cookie, it shouldn't be so hard.
When server reply (as you can see in capture header, you can use Proxomitron in windows to capturing the header too), it will include "Set-Cookie:" header section that tell the piece of data of the loging in session.
So you can use this data to access other page that require it by request the file you want on the server side with 'Cookie: username=something; PHPSESSID=somthing\n" include in your header.
And you can see the authorized page.

As for redirect, maybe we just read the header sending back from the server that tell us to redirect to other page, and then call the process for connecting to that server again, if that server reply with redirect again we follow the same again.

For read the encode data, we must see http's rfc as per slzckboy said. TO see the method for encoding and decoding (of course the sender that encoding data want receiver to see the actual data so the decoding method should exist).

TO this point I think, we now can code get, post method and read header from server also sending header and data to server, i think we can create our own Proxy Program hmm!

slzckboy what program do you use to capture that header, is it on Linux? I am trying to find that kind of program except SQUID to run on linux for a while now.

slzckboy · 04-07-2007, 08:52 AM

I just use tshark(use to be tethereal) and pipe the output into ngrep.

i.e

tshark -x host www.somewebsite.com | ngrep "HTTP"

In Linux.

I don't do windows
:0)

haxpor · 04-08-2007, 03:18 PM

As i said about calculating size of post data, forget what I said this is the correct one.

Example
'username=user1&password=pass1' the size is 30, that is you fill in the http header with 'Content-Type: 30'.
REMEMBER calculate the length of string data and PLUS 1 for null-terminate.

slzckboy · 04-08-2007, 03:38 PM

you mean Content-length = 30!?

I just used strlen() to calculate the entity length.
The server is not going to be looking for the null terminator,its just going to read Content-Length bytes.
Thats what the Content-Length field is for.

This is how I built my header.
I have been able to login to a number of sites that I have a membership with ok.

Code:

......

#define POSTENTITY \
"username=%s&password=%s"

......

#define POSTHEADER \
"POST %s HTTP/1.1\r\nHost: %s\r\nConnection:"\
" keep-alive\r\nAccept: text/html\r\nAccept: image/gif\r\nAccept: image/x-xbitmap\r\n"\
"Content-Type: application/x-www-form-urlencoded\r\nContent-length: %d\r\n"\
"%s"\                                                                           /* Cookie header field */
"Accept: image/jpeg\r\nAccept: image/png\r\n\r\n"\
"%s"                                                                            /*entity*

..................

int login(POST *post){


        if((snprintf(post->entity,MAX,POSTENTITY,post->username,post->password)>=MAX))
                return -1;

        else
                return 0;


}

...................

if((snprintf(sendbuff,MAX,POSTHEADER,head->resource,head->dns_name,(int)strlen(head->entity),head->cookie,head->ent
ity) >=MAX)){
                puts("WARNING:Outputbuffer too small for last write");
                return -1;
        }

haxpor · 04-09-2007, 02:39 PM

I am sorry, I mean 'Content-Length'.
That's great to hear the code work.

belhifet · 04-11-2007, 07:25 AM

slzckboy, could you post the whole thing?

slzckboy · 04-11-2007, 08:05 AM

Sorry,over 1000 lines of code not including the ssl lib I am working on for it.

It's too big.

One day I will release it once I have worked out all the kinks.

There is the curl project as stated earlier in this post if you need a http lib
Apparently it does ftp and other stuff too.

Are you working on something similar?

belhifet · 04-11-2007, 08:19 AM

Ah ok.

Yes, but I'm close to giving up, it's too damn difficult to do using C.
I'm already aware of cURL.

When you' re ready to release it, please drop me a PM, I'm interested in seeing how you worked it out.

slzckboy · 04-11-2007, 08:34 AM

I have to agree,it was tricky in C although i did it as a
learning aid really to know more about www,C programming etc etc..

If your serious about it you have to get to grips with the
HTTP RFC first,which is unfortunately a bit boring,but it makes life easier in the long run.

The basics of it it easy enough,just reading and writing to a socket.
Then its just message parsing.

There's a whole lot of parsing strings.
C dosn't give you much help with this sort of thing.

<thinking out loud>

I think I'm going to learn a new language soon....

Maybe C++?!!
</thinking out loud>