How ASP thieves use XMLHTTP to submit forms and send cookies or sessions

Source: Internet
Author: User
Tags send cookies
XMLHTTP is used to create thieves. Many people have already discussed and discussed the specific details behind the times. However, in the process of making ASP thieves, many people find that ASP thieves are not as powerful as PHP thieves. Indeed, if form submission or cookie verification exists on the original website, it is difficult for ASP to do so without using socket-based components. In fact, the other two methods of XMLHTTP are ignored, this is the key to the problem.

The method is described as follows:
1 .. Send ()
Because popular thieves use get instead of post to transmit data, many people ignore this method, and sending data using send is also very simple, that is, send ("content"). However,

Sending a form is not that simple, because if the form you send is in Chinese, it will involve encoding.
First, you must determine whether to use post or. Open ("Post", address, asynchronous) during open)
Then, add the content of your form to send. For example, the form you want to submit has three form fields: A, B, and C. The corresponding values are 1, 2, 3. Then, in the send

The sample can be submitted,. Send ("A = 1 & B = 2 & C = 3"). How is it very simple? Didn't you think of it? But don't be too happy. As I mentioned earlier, if the value of the form is

In Chinese, data transmission will fail. Here we use an escape () function, so anyone familiar with JavaScript should know the function's role. Now VBScript also supports this function .. Send ("A = escape ('value 1') & B = escape ('value 2') & C = escape ('value 3 ')")

2 .. SetRequestHeader ()
As mentioned above, when your data is sent, the other party will not receive it. Why? In fact, it is because your HTTP header has missing something, then you can use this function to add it, specifically. setRequestHeader ("Content-Type", "application/X-WWW-form-urlencoded") tells the other party that you have submitted a urlencode-encoded form.

Okay. After completing the form submission, let's talk about how to transmit cookies and sessions.

In fact, sending cookies is also very easy. I also use this function to add things to the HTTP header. For example, my current outdated cookies are
Cdb_sid = ybbik0; cdb_cookietime = 315360000; cdb_oldtopics = d869008d; cdb_visitedfid = 1d45; cdb_auth = signature % 2fbaijb1lucg; cdb_fid45 = 1113370145
Now I want to send this cookie directly. setRequestHeader ("cookie", "cdb_sid = ybbik0; cdb_cookietime = 315360000; cdb_oldtopics = d869008d; cdb_visitedfid = 1d45; cdb_auth = signature % signature; cdb_fid45 = 1113370145 ")
Of course, some website pages have the page judgment function, which is not difficult, that is,. setRequestHeader ("Referer", "lailu absolute address ")
There is another important problem here, that is, because this method is used to write an HTTP header, you cannot change the existing HTTP header. For how to use ASP to obtain cookies or sessions from the other side of the page and send them out.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.