Week 7: Advanced Web

Video Notes

  • wget [URL]
    • Lets you download files from a URL
  • cURL lets you do anything with a URL
    • curl [URL] : returns website html
    • -L : location
    • curl redirects you
  • Web interactions: sending a packet to a server and getting a response back from it
  • POST: curl <URL> -d realname=SAM -d hatesanchovies=true
    • -d flag stands for data
    • -I flag shows only headers
  • Get read of a header:
    • curl <URL> -H “name of header:”
  • Change  agent:
    • curl whatismyipaddress.com -A “Mozilla/4.05”

Lab

cURL 

  1. URL hacking using GET
    1. You will find a super important voting website located at: Simple Vote
    2. Try voting using your web browser.
    3. You don't like candidates 1, 2, or 3, but the other people aren't in your district.  Figure out how to vote for candidate 1000. Hint: Check your URL
    4. If you've figured out how to vote for candidate 1000 through your browser, try it again from the command line. NOTE: The voting page takes your input and passes it to a different page to process. To figure out where your input is passed, look at the HTML, or look at the URL after you hit submit. This is the same for the following problems and you will most definitely need this information. If all you're getting is the voting form in HTML, you are curling the wrong page.
  2. URL hacking a form submission using POST (cURL)
    1. Those tricky web admins have figured out your little ploys and have worked tirelessly to trump your little ploys. Their new website is at: Secure Vote.
    2. Trump them again and vote for candidate 1000!  
  3. So the president heard how awesome these guys were (they did a good job of keeping your little deeds under-wraps), so he hired them to make the new super-safe presidential voting system. The developers decided to ramp up their security even more and are now 100% sure you won’t hack them given they are using this super posh new technology called COOKIES. If you head over to their website: Super Secure Vote you can’t even see the poll! But we learned the president’s identity has something to do with Presidential.
    1. Using your web browser, you will notice that after visiting the presidential site, you can see the superSecureVote page.  However, you can't vote for number 1000 because you don't know how to POST using your browser.  So, you're back to the command line.  How can you use cookies?
    2. Note that there are two ways to use cookies.  One of them uses cookie files, like your web browser does, which is much easier to deal with if you have many values saved.  Try using that way.
    3. Don’t let them win!
    4. Tips: Try visiting the presidential site with the verbose flag (-v)
      1. -b flag or --cookie to set cookies
  4. Download a photo using CURL! 
    1. https://stanford.edu/~jainr/cgi-bin/curl-meme.jpg (Hint: Check out the -O flag)
    2. If you're using a gnome desktop, you can use eog (eye of gnome) to open the photo from the command line.