PDA

View Full Version : Help with secure string to send with url request.



MarcusMel
3rd February 2005, 19:06
Hi

Can anyone tell me the structure of an html header string that gets sent to the proxy server which allows you access to the web page your after?

or can anyone point me in the right direction to (free) web documents that may help me resolve the problems I am having in programming this up.

GlosRFC
3rd February 2005, 21:08
Do you mean using meta tags to prevent the proxy delivering up a cached version?

MarcusMel
3rd February 2005, 21:31
My racing post cookie looks like this

PermRpLogin
fredbloggs
racingpost.co.uk/
1536
754199552
29763613
2938745648
29690187
*

What is the meaning of each piece of data. I assume that each time I send a url request with ?parameters there is a headerstring, constructed from the cookie, that tells the proxy that it is ok for it to send the html code back.

I am ignorant of the way in which the web works - but in the end it just has to be strings of characters being sent backwards and forwards between two computers.

GlosRFC
3rd February 2005, 22:02
I can't tell you what each piece of data means as that's specific to whatever the RP determines it to be. The first four lines are identical to mine with the exception of the name. The rest of the stuff would refer to the relevant menupointer that the RP have determined in their database.

You're right in what you say - when you access the RP page it first checks to see if you have a cookie and then reads the content of it. Each of the lines will presumably point to a record in a database that will confirm your log-on details.

They also use an IFRAME tag to a secure server so it's not possible for you to try to glean the make-up of the cookie from examining the source.

GlosRFC
3rd February 2005, 23:03
Cookies for Dummies :D

A cookie is a plain text file that contains a maximum of five lines:
EXPIRES = date The date the cookie is set to expire. If left blank the cookie expires when you close your browser window.
DOMAIN = domainname The domain of your site.
PATH = path The path to the directory or webpage that set the cookie. By default cookies are available to other pages within the same directory but you can set the path to allow other directories/pages to access the cookie.
SECURE This stipulates that the cookie can only be accessed via a secure server.
NAME = value This is the nuts and bolts of the cookie. The name and the value is set by whoever constructs the cookie. It can be as simple as NAME = GlosRFC or as complicated as 903&$=kdcaOACEodnoa0-0-acmaew.
If it's the latter that means, like the RP site, they are using some form of cryptography to set the name and value. Typically they will use some kind of online form allied to a database e.g. when entering passwords.

Only the last line has to be present in a cookie. The rest can be ignored for the purposes of session-only cookies.

Hope this is useful.

MarcusMel
4th February 2005, 00:27
I know what that cryptograpy is or was- it is/was base64 encoding - friends where I used to work got that one sorted and were able to program access. It may have changed since then though.

The component I am using connects - but thats it- the processor fan starts to whirr at high speed and nothing happens so presumably I'm getting a message that demands a reply that I'm not sending and has a time out that is very long.

I think 1536 is the secure port number it talks through but can not confirm.

Any hacker sites I might learn more at?

MarcusMel
4th February 2005, 00:31
It might be possible to use some OLE encoding with I.E to solve my problme of accessing the restricted web pages. Again my ignorance in this is annoying.

GlosRFC
4th February 2005, 01:48
I shouldn't worry. I demonstrate my ignorance in here on a daily basis :D