Re: [PHP] how do I spoof a get request
On Wed, Aug 13, 2003 at 08:17:14AM -0700, Chris Shiflett wrote: why do sites such as Google, Amazon, TicketMaster, Yahoo!, and eBay use them? The difficulty with cookies is when a site doesn't work without them. Fortunately, Google works fine when cookies are disabled. Amazon is a great example of how a complex transaction can be completed without the use of even one cookie. --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NYv: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
--- Analysis Solutions [EMAIL PROTECTED] wrote: That's a good guess! Yet further proof that cookies suck, except the ones made with flour, shortening and sugar, of course. That's a pretty harsh description of one of Netscape's greatest contributions to the Web (the other being SSL). With a simple extension to HTTP, cookies provide a method for uniquely identifying Web clients. They can persists across browser sessions (or not), can be easily maintained by the user (I can choose which sites remember me, how long my cookies last, etc.), and are integrated directly into the protocol (no unique identifiers in the URL, proxy caches, etc.). You may have had bad experiences with them for one reason or another, but that is no reason to try and blindly describe cookies as sucking. If they suck, why do sites such as Google, Amazon, TicketMaster, Yahoo!, and eBay use them? Do you think you know something that they all don't? Anytime that I notice the major Web sites doing something I am not, I try to figure out why. If your argument against them has anything to do with users having the option to disable them, then you should try to learn how to work with that choice rather than writing off the entire technology. There are plenty of examples in the archives for working with cookies. Hope that helps. Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Hey Mike: On Tue, Aug 12, 2003 at 07:33:31PM -0700, Mike Migurski wrote: That's a good guess! Yet further proof that cookies suck, except the ones made with flour, shortening and sugar, of course. Huh? seems like further proof that cookies are working as intended: serving up individual, user-dependent content. Unless you are interested in having your personal info be the default return value from e-bay. :) I'm not going to debate this here. Just so I can quickly explain where I'm coming from regarding cookies, and other client dependent operations, are poor practice on the web -- where anybody can see your site with any browser with any set of preference combinations -- please read: http://www.analysisandsolutions.com/code/weberror.htm Enjoy, --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NYv: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Hey Chris: On Wed, Aug 13, 2003 at 08:44:40AM -0700, Chris Shiflett wrote: --- Analysis Solutions [EMAIL PROTECTED] wrote: The difficulty with cookies is when a site doesn't work without them. Right, which is an example of developers that suck, not the technology. You're right. When I say cookies suck, I'm being flippant. I really mean the programmers suck. By that logic, you would think that PHP sucks, because there are plenty of sucky PHP applications. :-) I've had folks say things along these lines. Considering the number of PHP related vulnerabilities showing up in Bugtraq/Security Focus newsletter, PHP must REALLY suck. :) Enjoy, --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NYv: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Analysis Solutions wrote: By that logic, you would think that PHP sucks, because there are plenty of sucky PHP applications. :-) I've had folks say things along these lines. Considering the number of PHP related vulnerabilities showing up in Bugtraq/Security Focus newsletter, PHP must REALLY suck. :) No, it just proves that it is a really popular language! :8] -- Seks, seksi, seksolatki... news:pl.soc.seks.moderowana http://hyperreal.info / ALinkA / bOrk! * WiNoNa ) ( http://szatanowskie-ladacznice.0-700.pl foReVeR( * ) Poznaj jej zwiewne ksztaty... http://www.opera.com 007 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
But some web pages when I cut and paste the URLs don't work. Like when I search for something on Ebay. Could this be because of cookies? That's a good guess! Yet further proof that cookies suck, except the ones made with flour, shortening and sugar, of course. Huh? seems like further proof that cookies are working as intended: serving up individual, user-dependent content. Unless you are interested in having your personal info be the default return value from e-bay. :) Anyway, like you said, they are easy to fake - just pass along a cookie header in your socket write. - michal migurski- contact info and pgp key: sf/cahttp://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Take a look at cURL: http://www.php.net/manual/en/ref.curl.php On Tue, 2003-08-12 at 20:13, Dan Anderson wrote: I have noticed that sometimes I cannot fopen($web_address,'r') or use any similar files if the web address contains a form get in it. (i.e. ends in a ?var1=xxxvar2=xxx...). I was wondering if there is any way to spoof a get request to a web address? I looked at fsockopen and think I need to look over the http specifications, but is there an easier way? Also, is there any easy way to spoof posting a form? Thanks in advance, Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Hey Dan: On Tue, Aug 12, 2003 at 08:13:32PM -0400, Dan Anderson wrote: I have noticed that sometimes I cannot fopen($web_address,'r') or use any similar files if the web address contains a form get in it. (i.e. ends in a ?var1=xxxvar2=xxx...). It should work. You said sometimes. What are the times it doesn't work? Are you always passing the same exact query string? If so, then their server is flaky. Or, if are you sending different info in the query string at different times, then you are likely not passing the info correctly. When constructing the query string, the values need to be URL encoded first. See http://php.net/urlencode for more info on this. Also, is there any easy way to spoof posting a form? Yes. http://www.php-faq.com/postToHost.html http://dodds.net/~cardinal/sendtohost.txt --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NYv: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Doesn't this have to be precompiled in? -Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Yeah, I believe on Apache/Linux, it needs to be compiled in, and on windows there is just some configuration and file moving to do. cURL will do what you need it to, there is even code on the PHP site for making the POST happen. Matt On Tue, 2003-08-12 at 20:27, Dan Anderson wrote: Doesn't this have to be precompiled in? -Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
--- Analysis Solutions [EMAIL PROTECTED] wrote: The difficulty with cookies is when a site doesn't work without them. Right, which is an example of developers that suck, not the technology. By that logic, you would think that PHP sucks, because there are plenty of sucky PHP applications. :-) Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
Hey Dan: On Tue, Aug 12, 2003 at 09:12:45PM -0400, Dan Anderson wrote: But some web pages when I cut and paste the URLs don't work. Like when I search for something on Ebay. Could this be because of cookies? That's a good guess! Yet further proof that cookies suck, except the ones made with flour, shortening and sugar, of course. You can insert cookie information if you need to by using the same concepts as the post to host scripts I gave links to in my last post. Enjoy, --Dan -- FREE scripts that make web and database programming easier http://www.analysisandsolutions.com/software/ T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y 4015 7th Ave #4AJ, Brooklyn NYv: 718-854-0335 f: 718-854-0409 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] how do I spoof a get request
It should work. You said sometimes. What are the times it doesn't work? I have a script to grab various info from web pages. Insert a web page address and it outputs the results. It's useful for different things. But some web pages when I cut and paste the URLs don't work. Like when I search for something on Ebay. Could this be because of cookies? -Dan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
