HTTP POST using PuTTY (Windows)

[theereal]

Not sure if this is in the correct section, if posted in the wrong subcategory i apologize in advance

 

So, ive been given a task to use PuTTY to send a POST request to a server.

Its telling me to use Raw connection type and since its HTTP i assume i must use Port 80.

Its telling me to POST to a specific PATH which i dont understand. 

Its telling me to also include common request headers which i have no idea what are.

Its also telling me to put something in the body.

 

Is this making sense to someone smarter than me? haha

 

[mariushm]

POST /your-script.php HTTP/1.1
Host: www.your-domain-name.com
Origin: http://www.your-domain-name.com
Referer: http://www.your-domain-name.com/your-script.php
Accept: text/html,application/xhtml+xml
Content-Type: application/x-www-form-urlencoded
Content-Length: 27

field1=value1&field2=value2

/your-script.php = what resource is the data submitted to 

HTTP/1.1  - protocol used  (note that some web servers default to HTTP 2.0 and may refuse unencrypted connections)

Host:  = required,  servers can host multiple domains  on same IP address, as well as subdomains, so the web server needs to know what domain the resource is on 

Accept:  = (optional) , tells the server that you can only support receiving html , it should not answer with binary data (ex a picture)

Content-Type:  required, you tell the server that some parameters from a form were encoded and now are sent to the server

 

Origin and Referer = optional, some servers will have anti hacking protections and will not accept connections that say the data was submitted from another domain. 

 

Content-Length = the length in bytes of the data you're gonna submit 

after this, you leave one line empty then send the actual content and an empty line and close connection.. 

 

.. btw you have the developer tools in any browser.

load a page with a basic form, then Press F12 , move to the network tab, then in back in page with form post something  (ex type a text in a basic form and and hit submit button)  , You'll see the post request in developer tools, click on it and you see there the request and the response.

 

See also https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/POST

 

[theereal]

43 minutes ago, mariushm said:

POST /your-script.php HTTP/1.1
Host: www.your-domain-name.com
Origin: http://www.your-domain-name.com
Referer: http://www.your-domain-name.com/your-script.php
Accept: text/html,application/xhtml+xml
Content-Type: application/x-www-form-urlencoded
Content-Length: 27

field1=value1&field2=value2

/your-script.php = what resource is the data submitted to 

HTTP/1.1  - protocol used  (note that some web servers default to HTTP 2.0 and may refuse unencrypted connections)

Host:  = required,  servers can host multiple domains  on same IP address, as well as subdomains, so the web server needs to know what domain the resource is on 

Accept:  = (optional) , tells the server that you can only support receiving html , it should not answer with binary data (ex a picture)

Content-Type:  required, you tell the server that some parameters from a form were encoded and now are sent to the server

 

Origin and Referer = optional, some servers will have anti hacking protections and will not accept connections that say the data was submitted from another domain. 

 

Content-Length = the length in bytes of the data you're gonna submit 

after this, you leave one line empty then send the actual content and an empty line and close connection.. 

 

.. btw you have the developer tools in any browser.

load a page with a basic form, then Press F12 , move to the network tab, then in back in page with form post something  (ex type a text in a basic form and and hit submit button)  , You'll see the post request in developer tools, click on it and you see there the request and the response.

 

See also https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/POST

 

Thank you so much for your detailed answer

Im still struggling abit, ive got the basic syntax thanks to you, but would you mind giving me an example if i were to give you the task im given?  Its practice for my exam which is on December 12th.

 

The task is the following:

You are to connect to HTTP on the standard port (Raw connection type), on host www.eastwillsecurity.com

You are to send an HTTP POST to PATH tk1104/oppgave3d.php.

You should include common request headers according to the standard and you are to put a header EksamenTK1104 which will be set to your candidate number on this exam.

You must also set the User-Agent header to PuTTY.

In the request BODY you are to put the following text "OPPGAVE3"

 

Its from the exam of the previous year in this subject.

[mariushm]

POST /tk1104/oppgave3d.php HTTP/1.1
Host: www.eastwillsecurity.com
Origin: http://www.eastwillsecurity.com
Referer: http://www.eastwillsecurity.com/tk1104/oppgave3d.php
Accept: text/html,application/xhtml+xml
User-Agent: PuTTY
EksamenTK1104: 1234
Content-Type: text/plain
Content-Length: 8

OPPGAVE3

Something like this. 

Standard port for http is 80 and can be omitted, it's implicit. 

replace 1234 with your actual id. 

Content-Type : text/plain because you're just sending some text to the server/script, not form data. 

Origin and Referer are optional.

 

Not 100% sure of this final part, it should be correct but maybe check it, make tests, ask someone else 

 

You can write your own php script to test this stuff  (install apache and php on your windows machine, it's super easy) and read the "request body" from php://input and dump it to a file (ex see file_put_contents function)  and compare with what you send.

 

this outputs directly.

<?php
$body = '';
$fh   = @fopen('php://input', 'r');
if ($fh) {
  while (!feof($fh)) {
    $s = fread($fh, 1024);
    if (is_string($s)) { $body .= $s; }
  }
  fclose($fh);
}

echo "Body: $body";
?>

 

 

[theereal]

19 minutes ago, mariushm said:

POST /tk1104/oppgave3d.php HTTP/1.1
Host: www.eastwillsecurity.com
Origin: http://www.eastwillsecurity.com
Referer: http://www.eastwillsecurity.com/tk1104/oppgave3d.php
Accept: text/html,application/xhtml+xml
User-Agent: PuTTY
EksamenTK1104: 1234
Content-Type: text/plain
Content-Length: 8

OPPGAVE3

Something like this. 

Standard port for http is 80 and can be omitted, it's implicit. 

replace 1234 with your actual id. 

Content-Type : text/plain because you're just sending some text to the server/script, not form data. 

Origin and Referer are optional.

 

Not 100% sure of this final part, it should be correct but maybe check it, make tests, ask someone else 

 

You can write your own php script to test this stuff  (install apache and php on your windows machine, it's super easy) and read the "request body" from php://input and dump it to a file (ex see file_put_contents function)  and compare with what you send.

 

this outputs directly.

<?php
$body = '';
$fh   = @fopen('php://input', 'r');
if ($fh) {
  while (!feof($fh)) {
    $s = fread($fh, 1024);
    if (is_string($s)) { $body .= $s; }
  }
  fclose($fh);
}

echo "Body: $body";
?>

 

 

Thank you so much!  It really helped have a comparison to understand the different stuff. I really appriciate you taking your time to do this