Not really, no. It would be possible to attack that exact page/method anonymously, but Since the URL is hard coded in, it is not possible to direct it to another server... Interesting idea though. Maybe I will incorperate this in to my product designed to do http anonymizing. Thanks for the note! -ed- On Tue, 18 Mar 2003, Oliver Bleutgen wrote:
Ed Colmar wrote:
Thanks again for all the tips!
Heres what I ended up with for anyone else trying to do the same thing:
--------------
I made an external method:
def formsender(self, url, params): """ This method is used to transparently send form data to an external server """ import urllib encodedParams = urllib.urlencode(params) print url print encodedParams try: result = urllib.FancyURLopener().open(url, encodedParams) urllib.FancyURLopener().close() return result.read() except: return 0
---------------
Then in dtml I placed this code on the page that the form points to:
<dtml-call "REQUEST.set('params', REQUEST.form)"> <dtml-call "REQUEST.set('url','http://www.whateversite.com/cgi?')"> <dtml-var "formsender(url, params)">
I'm a bit late to the game here, but haven't you just constructed a nice anonymizing http attacking engine? As I see it, formsender could be called through the web, so
http://yourserver/wherever/formsender?url=www.victimdomain.tld¶ms=bad_at...
would be possible, right?
cheers, oliver
-- Green Graphics ::: Print and Web Design ::: 510.923.0000