Solved

File uploads via HTTP using Winsock but not forms

Posted on 2002-07-09
8
174 Views
Last Modified: 2013-11-13
Anyone,

I'm developing an application which will transfer binary files between a VB client and the web.  It works at the moment courtesy of me having developed a basic FTP client which communicates with an FTP server (via a Winsock control) and transfers files using RETR and STOR commands.  The application also communicates with a Perl interface to MySQL via HTTP.

I can't help feeling that life would be simpler if I handled the file transfers using HTTP.  FTP requires a log in, changing directories, PORT commands, keeping the session alive and more (all of which may or may not succeed and as such have to be handled when they don't) whereas HTTP seems far simpler - GET and PUT/POST - which I figure would either work or not.

GETting a file is easy.  I wouldn't be typing this question if that's all I wanted to do.  I also want to PUT files, but I understand that servers may be configured to not allow this.  So what are my options?

The POST command looks like a suitable candidate, but sadly my knowledge of HTTP/CGI/Perl is not sufficient for me to know HOW I could use it.  My thoughts are to build a request on the client which consists of the appropriate headers and a long stream of binary data (potentially several megabytes worth) which constitute the file.  The server-side script would then turn that back into a file.

I've seen Perl which claims to do this, but involves the use of a form at the client end.  Remember that I'm trying to do this by building a request in a VB client and sending it through a Winsock control.  abel's code here, for example : http://www.experts-exchange.com/questions/Q_10292336.html works fine if I create the form he suggests.

Any ideas how I can do it without the form?

Bill Kennedy.
0
Comment
Question by:wrk
  • 4
  • 3
8 Comments
 
LVL 4

Expert Comment

by:AlonHirsch
ID: 7142589
Hi,

I've accomplished a similar thing, but from a VB front-end.
The biggest problem, was trying to understand what the HTTP message looked like.
In order to decipher this, I created a VB program that would listen on port 81 and simply display in a text box all data that arrived on that port.
I then created an HTML form that would allow an upload of a file to the server and set the Form action in the HTML to post to port 81 (my IP listener).
When I submitted the data from the HTML - I could see what needed to be sent from my VB program.
From then on it was simply a case of reading the stream of data from the file into the HTTP stream and sending it to the server.

The company I am contracting to has also just completed this in an OCX which is placed on a web page.

The biggest challenge there is the HTTP protocol.
If you want I can email you VB6 DLL (no source unfortunately) that will allow the transfer you require.
You can then reference the DLL from your project and perform the neccessary....

One other thing you need to look out for ... URLEncoding.
Data being sent to a web site needs to be URL Encoded before being sent.
I can include the code for URL Encoding if you require as well.

HTH,
Alon
0
 

Author Comment

by:wrk
ID: 7142891
Alon,

Thanks for your response.

I too tried sniffing the data being sent in order to build a message which would fool the script into thinking it had been submitted by a form, but I couldn't make that work.

The sniffer on the server would suggest that my request is correctly formatted - it *looks* the same as one which comes from a submitted form, yet the Perl script seems to ignore it.

It sounds like I could be falling foul of the encoding you mention, so if could send me some code that would be greatly appreciated.

My email address:  wrk@star-light.fsnet.co.uk

Regards,
Bill.
0
 
LVL 4

Expert Comment

by:AlonHirsch
ID: 7145325
Hi,

The class I wrote to handle URL encoding / decoding can be found at http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=31731&lngWId=1
It is available as freeware.

Another thing to check - in order for the Server to recognise Form data being submitted, you need the following in the HTTP Header :
Content-Type: application/x-www-form-urlencoded

Without it - the form data is simply ignored.

If you're still having problems, email me the source code and I'll try it with IIS - maybe it's a funny on Perl ?

My email address is alonh@debtpack.com

HTH,
Alon
0
 

Author Comment

by:wrk
ID: 7179613
OK, I've figured this out.  The problem I was having was related to the boundary information.  This seems to be an area which isn't particularly well documented on the web (unless I have just been very unlucky when searching), but which is crucial to this working.

The following code seems to do the trick :

HTTPBoundary = <some random string of characters which won't occur anywhere else>

PreBinaryStructure = "--" & HTTPBoundary & vbCrLf & "Content-Disposition: form-data; name=""filename""; filename=""" & RemoteFileName & """" & vbCrLf & "Content-Type: application/octet-stream" & vbCrLf & vbCrLf

PostBinaryStructure = vbCrLf & "--" & HTTPBoundary & "--"

TotalLength = Len(PreBinaryStructure) + FileLength + Len(PostBinaryStructure)
   
Request = "POST http://" & Host & CGIBINDirectory & "/UploadScript.pl HTTP/1.0" & vbCrLf & "Accept: */*" & vbCrLf & "Content-Type: multipart/form-data; boundary=" & HTTPBoundary & vbCrLf & "Content-Length: " & Format$(TotalLength) & vbCrLf & "Connection: Close" & vbCrLf & vbCrLf

To upload the file to a Perl script such as abel's (see my original post), you need to send

Request
PreBinaryStructure
The Binary data itself
PostBinaryStructure

in that order.  And the minus signs which precede (and follow) the boundary string are VITAL, and that was where my error was.  The vbCrLfs are pretty important too.

Hope this helps somebody.

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 4

Expert Comment

by:AlonHirsch
ID: 7179634
Hi Bill,

I tried to email you several times - including the differences between the HTTP posts from your code and mine.
All email came back undelivered after a week.

Sorry I couldn't be of more help.

Alon
0
 

Author Comment

by:wrk
ID: 7179642
Strange, because I've been drowning in email as usual, so there are no obvious problems there.

Thanks for your help anyway - I'll email you a beer !!

Bill.
0
 
LVL 4

Expert Comment

by:AlonHirsch
ID: 7179686
Cheers ;-)
0
 
LVL 6

Accepted Solution

by:
Mindphaser earned 200 total points
ID: 7180179
wrk provided his own solution, therfore I will refund his points.

wrk

To award extra points to AlonHirsch, please post a 50p question in this Topic Area with the title "Points for AlonHirsch" and a body "For your Help in <URL>".

** Mindphaser - Community Support Moderator **
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
The viewer will learn how to implement Singleton Design Pattern in Java.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now