Tuesday, June 21, 2011

http_fun_with_telnet

Subject: http_fun_with_telnet
note: originally emailed 06/21/2011 and sanitized for public consumption



This message [will help explain how] to speak HTTP via a TELNET session.

But, figured that I email this to everyone else -- just in case anyone might find something interesting in this little tid-bit.


If you have your own web server, you can test it like this:

telnet 80
i.e. telnet google.com 80

The command prompt window screen should be cleared after the command is typed in.

NOTE: the following commands (including the blank line) will not be echoed...

Just copy (both lines between the dashed markers) and paste it in your command prompt.
-- get page --
GET / HTTP/1.0

-- end commands --

This should return the index page of the web server you contacted.

Here's how to JUST get the header response from the web server:
-- get page --
HEAD / HTTP/1.0

-- end commands --

For the rest of these tests, using this simple PHP code -- we're going to understand how POSTDATA and data in-lined with GET are handled:

-- http_fun_with_telnet.php --
<?php
    if(empty($_POST))
        echo "No GET or POST variables found";
    else {
        echo "POST variables:";
        print_r($_POST);
    }
} else {
    echo "GET variables:";
    print_r($_GET);
} 
?>
-- end of file --

In your browser, go to:
http:///http_fun_with_telnet.php
http:///http_fun_with_telnet.php?item1=value1&item2=value2
Note what was printed in the browser.



Now, on the command prompt:
telnet 80
Retrieve the manually to make sure things are working:
-- get page --
GET /http_fun_with_telnet.php HTTP/1.0

-- end commands --


[Let's try] again:
telnet 80
[This time] with in-lined GET data embedded in the URL (just like the second browser link above):
-- get page --
GET /http_fun_with_telnet.php?item1=value1&item2=value2 HTTP/1.0

-- end commands --


Now for the fun [part], again:
telnet 80
[To] retrieve the page via POST – NOTE, no data is embedded in the URL fetch:
-- get page --
POST /http_fun_with_telnet.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 25

item1=value1&item2=value2
-- end commands --
The "25" is the string length of the last line.

Yes, you need to feed the POST data size to the web server before sending the data.

Content-Type and Content-Length are the 2 minimum required headers you need to send to the web server in addition to the fetch line.

It is possible to send binary data in POST and only POST.  This is how you upload photos and stuff to a web server.  But that’s for another post…


That’s all I have for simple HTTP fetching…

P.S. did you know SMTP (simple mail transfer protocol) works kinda like this too?


So, now [you can see] how easy it is to craft your own HTTP [request headers] to [talk to] your web scripts hosted on your server.

Have fun! -- Nick Shin

No comments: