Oops... My mistake. You are right. I thought you were referring to the dtml method not the external method. I'll hard code the url into the external method to secure it Thanks! -ed- On Wed, 19 Mar 2003, Ed Colmar wrote:
Not really, no.
It would be possible to attack that exact page/method anonymously, but Since the URL is hard coded in, it is not possible to direct it to another server... Interesting idea though. Maybe I will incorperate this in to my product designed to do http anonymizing.
Thanks for the note!
-ed-
On Tue, 18 Mar 2003, Oliver Bleutgen wrote:
Ed Colmar wrote:
Thanks again for all the tips!
Heres what I ended up with for anyone else trying to do the same thing:
--------------
I made an external method:
def formsender(self, url, params): """ This method is used to transparently send form data to an external server """ import urllib encodedParams = urllib.urlencode(params) print url print encodedParams try: result = urllib.FancyURLopener().open(url, encodedParams) urllib.FancyURLopener().close() return result.read() except: return 0
---------------
Then in dtml I placed this code on the page that the form points to:
<dtml-call "REQUEST.set('params', REQUEST.form)"> <dtml-call "REQUEST.set('url','http://www.whateversite.com/cgi?')"> <dtml-var "formsender(url, params)">
I'm a bit late to the game here, but haven't you just constructed a nice anonymizing http attacking engine? As I see it, formsender could be called through the web, so
http://yourserver/wherever/formsender?url=www.victimdomain.tld¶ms=bad_at...
would be possible, right?
cheers, oliver
-- Green Graphics ::: Print and Web Design ::: 510.923.0000