really low level http, https access

hey all,

I was wondering how one could use libwww to send *really* low level get and post requests.


I have a spec that shows the exact text that needs to be sent to a service; Hence, instead
of perl doing any magic on the text when it sends it, I'd rather just pass a string to it
myself, as in:


my $req = Net::HTTPS->new( POST => "http://www.mysite.org");

$req->text("
POST /swapdriveservices/service.asmx/GetUserInfo HTTP/1.1
Host: www.swapdrive.com
Content-Type: application/x-www-form-urlencoded
Content-Length: $length
sAuthDomain=$mycontent
")

my $res = $ua->reqest($req);
print $res->as_string;

I don't know, it might be unnecessary, but I'd rather not have to munge the text
(since I have it verbatim in a source document). I'd rather just post the text
verbatim, and use perl variables to fill in the form variables.

Ed

Re: really low level http, https access

>>>>> "Ed" == Ed Peschko writes:

Ed> $req->text("
Ed> POST /swapdriveservices/service.asmx/GetUserInfo HTTP/1.1
Ed> Host: www.swapdrive.com
Ed> Content-Type: application/x-www-form-urlencoded
Ed> Content-Length: $length
Ed> sAuthDomain=$mycontent
Ed> ")

That's not a legal POST. Why are they pretending to be HTTP when
they are not? Unless there's a blank line in there somewhere.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095

Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: really low level http, https access

On Sun, Aug 06, 2006 at 11:38:52AM -0700, Ed Peschko wrote:

> That's not a legal POST. Why are they pretending to be HTTP when they are not?
> Unless there's a blank line in there somewhere.

That's exactly my point - lots of places don't adhere to strict standards.
If there was a low, low level interface, you could either do what I'm asking
(copy verbatim from a document) or just fire up ethereal and capture the traffic
that you want send *that* for the correct results.

At it stands, its very hard to work around the fuzziness of the net wrt to different
http strings. I'm getting internal 500 errors when I try to talk to an IIS server,
and I know that I need to be sending a slightly altered string in order to get it to work.

I suppose I'll dig in the code.

Ed

Re: really low level http, https access

On 8 Aug 2006, at 07:05, Ed Peschko wrote:
> That's exactly my point - lots of places don't adhere to strict
> standards.

What is the 'place' in question?

> At it stands, its very hard to work around the fuzziness of the net
> wrt to different
> http strings. I'm getting internal 500 errors when I try to talk to
> an IIS server,
> and I know that I need to be sending a slightly altered string in
> order to get it to work.

IIS isn't broken in that way. It still expects a valid HTTP request
with a blank line between the header and the body. Is the service
you're talking to a private one or is it publicly available on the
'net somewhere?

--
Andy Armstrong, hexten.net

Re: really low level http, https access

On Tue, Aug 08, 2006 at 12:36:59PM +0100, Andy Armstrong wrote:
>
> >an IIS server,
> >and I know that I need to be sending a slightly altered string in
> >order to get it to work.
>
> IIS isn't broken in that way. It still expects a valid HTTP request
> with a blank line between the header and the body. Is the service
> you're talking to a private one or is it publicly available on the
> 'net somewhere?
>
Its publicly available on the net - its called 'swapdrive.com' - but
forget about my 'standards' argument for a bit - I agree its a bit
mesleading.

My example was not meant to be taken literally, it was an example of what
I was trying to do, ie: pass text verbatim to a website, in the chance
that the website is expecting some unusual headers.

For example, I know that the following string works with swapdrive
(tokens replaced by ... and split to 80 chars/line)

GET http://www.swapdrive.com/swapdriveservices/service.asmx/Get. .. HTTP/1.0
Host: www.swapdrive.com
User-Agent: Mozilla/5.9 Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6
Accept: text/xml,application/xml,application/xhtml+xml,text/html;
q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language:en-us,en;q=0.5
Accept-Encoding; gzip,deflate
Accept-Charset; ISO-8851-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive

I know this because I sniffed it with ethereal. Now why should I take the extra step of
cutting up this perfecly good query and try to stuff it into perl methods when
its available for free and I could pass it verbatim to LWP?

Ed

(
ps - On a related matter, I'm having issues with lwp, Crypt-SSLeay, and proxies.
I know this is slightly different because the negotiation of viewing secure
traffic, but when I use lwp-request with the following query I get errors, wheras
with firefox everything works out fine:

% lwp-request 'https://www.swapdrive.com/swapdriveservices/service.asmx/Ge tUserInfo?sAuthDomain=pge.com&sAuthUserID=autoadmin&sAuthPas sword=yabbadab&sUserID=enalysis&sDomain=pge.com'

The requested URL could not be retrieved

The following error was encountered:

The request was rejected because the port it was connecting to

is not configured to receive the protocol being sent.

Please contact your network administrator.