[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to reverse-engineer a form? Warning -- contains moral dilemma!

Posted on 1997-12-27
3
Medium Priority
?
158 Views
Last Modified: 2013-12-25
Let's say hypothetically that there's an online competition on the web.

I would like to enter this hypothetical competition more than once. This seems to be entirely within the rules.

If I have the source code of the form which one fills in to enter the competition, can I in some way automate the process of entering the competition?

For instance, can I automatically write a number of text files and submit them, for instance as email, as if they were generated by the form?

Or can I write a perl script or a local HTML file which mimics the action of the online form and have it churn out entries?

You'll have to trust me on this, but I am interested in the mechanics alone. The (hypothetical) competition prize is actually randomly awarded, but the competition entry consists of a "vote" for a favourite item -- let's say it's a movie of the year.

To enter the competition 100 times would merely increase my statistical /chance/ of winning the prize, but to "vote" 100 times might substantially improve the (hypothetical) movie's rating.

I'm concerned that (hypothetically) unscrupulous companies might already be influencing the results unfairly. Of course they could do this just by employing a minimum-wager to sit in front of Netscape 8 hours a day "voting" -- but is it possible they did something more sophisticated? I'm very suspicious of last year's results...
0
Comment
Question by:johnny99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Accepted Solution

by:
icd earned 400 total points
ID: 1831745
The Bad news.
Yes this is possible.

Any script on the Internet can be 'pointed to' by the action tag of any form. Thus the form which enters the data can be on some other web site. This could be set up with hidden 'fixed' fields with names the same as the original form. It would then be simple to set up a system that submits the form repeatedly.

The Good News.
It is possible for scripts to tell which form 'referred' to, or submitted the data. Any form not on the current web site can be excluded.

The Bad News.
Using a more sophisticated script running on a PC using the 'Socket' interface it is possible to make a request for any URL on the Internet. This includes form processing scripts. It would thus be possible to make a program that repeatedly submitted a form with the same data.

The Good News.
It should be possible to detect identical data sent in a short period of time with simple programming.

The Bad News.
The sending program can be more sophisticated and programatically change the data in some small way.

The Good News.
The Voting software can detect the address of the client program sending in the form. It can use this address to prevent the same person voting more than once (This will also prevent your 'minimum-wager' working 8 hours a day from the same computer).

The Bad News.
The address of the Client can be affected by 'proxy servers' that make it look like many people have the same address. You will thus end up preventing some people from voting because someone else using the same proxy server has already voted.

Finally. The very bad news.
Although there are lots of things that can be done to prevent many people from affecting the results, a determined and knowledgable 'hacker' can bypass them all.

0
 
LVL 84

Expert Comment

by:ozo
ID: 1831746
You may be able to make it more difficult for an automated script,
(as opposed to a human sitting in front of Netscape) by requireing responses to randomly presented images.
It could still be possible to write programs to, say, identify scenes from a movie,
but that may take more than 8 hours of above minimum wage work, so you should get
some assurance that any ballot stuffing is likely being done by a human rather than a program.
0
 
LVL 2

Author Comment

by:johnny99
ID: 1831747
Thanks for that! My moral dilemma is whether I want to call the "voting" process into disrepute: the company running the competition/voting page is totally innocent/ignorant of these implications but ... do you know how people felt when Marisa Tomei got an Oscar for "My Cousin Vinnie" over Judy Davis in "Husbands and Wives"?

hmmm -- does Experts-exchange have a "moral dilemma" area?
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Making a simple AJAX shopping cart Couple years ago I made my first shopping cart, I used iframe and JavaScript, it was very good at that time, there were no sessions or AJAX, I used cookies on clients machine. Today we have more advanced techno…
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question