Solved

How to reverse-engineer a form? Warning -- contains moral dilemma!

Posted on 1997-12-27
3
155 Views
Last Modified: 2013-12-25
Let's say hypothetically that there's an online competition on the web.

I would like to enter this hypothetical competition more than once. This seems to be entirely within the rules.

If I have the source code of the form which one fills in to enter the competition, can I in some way automate the process of entering the competition?

For instance, can I automatically write a number of text files and submit them, for instance as email, as if they were generated by the form?

Or can I write a perl script or a local HTML file which mimics the action of the online form and have it churn out entries?

You'll have to trust me on this, but I am interested in the mechanics alone. The (hypothetical) competition prize is actually randomly awarded, but the competition entry consists of a "vote" for a favourite item -- let's say it's a movie of the year.

To enter the competition 100 times would merely increase my statistical /chance/ of winning the prize, but to "vote" 100 times might substantially improve the (hypothetical) movie's rating.

I'm concerned that (hypothetically) unscrupulous companies might already be influencing the results unfairly. Of course they could do this just by employing a minimum-wager to sit in front of Netscape 8 hours a day "voting" -- but is it possible they did something more sophisticated? I'm very suspicious of last year's results...
0
Comment
Question by:johnny99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Accepted Solution

by:
icd earned 100 total points
ID: 1831745
The Bad news.
Yes this is possible.

Any script on the Internet can be 'pointed to' by the action tag of any form. Thus the form which enters the data can be on some other web site. This could be set up with hidden 'fixed' fields with names the same as the original form. It would then be simple to set up a system that submits the form repeatedly.

The Good News.
It is possible for scripts to tell which form 'referred' to, or submitted the data. Any form not on the current web site can be excluded.

The Bad News.
Using a more sophisticated script running on a PC using the 'Socket' interface it is possible to make a request for any URL on the Internet. This includes form processing scripts. It would thus be possible to make a program that repeatedly submitted a form with the same data.

The Good News.
It should be possible to detect identical data sent in a short period of time with simple programming.

The Bad News.
The sending program can be more sophisticated and programatically change the data in some small way.

The Good News.
The Voting software can detect the address of the client program sending in the form. It can use this address to prevent the same person voting more than once (This will also prevent your 'minimum-wager' working 8 hours a day from the same computer).

The Bad News.
The address of the Client can be affected by 'proxy servers' that make it look like many people have the same address. You will thus end up preventing some people from voting because someone else using the same proxy server has already voted.

Finally. The very bad news.
Although there are lots of things that can be done to prevent many people from affecting the results, a determined and knowledgable 'hacker' can bypass them all.

0
 
LVL 84

Expert Comment

by:ozo
ID: 1831746
You may be able to make it more difficult for an automated script,
(as opposed to a human sitting in front of Netscape) by requireing responses to randomly presented images.
It could still be possible to write programs to, say, identify scenes from a movie,
but that may take more than 8 hours of above minimum wage work, so you should get
some assurance that any ballot stuffing is likely being done by a human rather than a program.
0
 
LVL 2

Author Comment

by:johnny99
ID: 1831747
Thanks for that! My moral dilemma is whether I want to call the "voting" process into disrepute: the company running the competition/voting page is totally innocent/ignorant of these implications but ... do you know how people felt when Marisa Tomei got an Oscar for "My Cousin Vinnie" over Judy Davis in "Husbands and Wives"?

hmmm -- does Experts-exchange have a "moral dilemma" area?
0

Featured Post

Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This tutorial will give you a fast look what you can do with WhizBase. I expect you already know how to work with HTML at least, and that you understand the basics of the internet and how the internet works. WhizBase is a server-s…
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question