?
Solved

HTTP POST requests kill webserver

Posted on 2011-10-05
4
Medium Priority
?
1,284 Views
Last Modified: 2012-05-12
Dear community,

I am facing a very weird problem here.
We've got a webgui that we need to automatically configure and we've tried almost everything.. we're basically approaching this by sending HTTP POST requests. The webserver is a Allegro-Software-RomPager/4.01.
First, we manually filled out the form and send it. Thus, we were able to record the actual request with Firebug.
The post data is as following:
"ManagerLogin=admin&NewPassword=newpw&ConfirmPassword=newpw&SecurityMode=1&Submit=+Save+"
Next, we tried simulating that request with VBScript code:

 
Dim subConfigureUPSNM_objXMLHTTP	: Set subConfigureUPSNM_objXMLHTTP = CreateObject("MSXML2.XMLHTTP")

			subConfigureUPSNM_objXMLHTTP.open "POST", subConfigureUPSNM_strAddress, False, "admin", "admin"
	subConfigureUPSNM_objXMLHTTP.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
	subConfigureUPSNM_objXMLHTTP.setRequestHeader "Content-length", Len(subConfigureUPSNM_strParameters)
	subConfigureUPSNM_objXMLHTTP.setRequestHeader "Referer", subConfigureUPSNM_strReferer
	subConfigureUPSNM_objXMLHTTP.setRequestHeader "Connection", "keep-alive"
	subConfigureUPSNM_objXMLHTTP.setRequestHeader "Accept-Encoding", "gzip, deflate"
	subConfigureUPSNM_objXMLHTTP.setRequestHeader "Authorization", "Basic YWRtaW46YWRtaW4="
	subConfigureUPSNM_objXMLHTTP.send subConfigureUPSNM_strParameters
	Wscript.echo subConfigureUPSNM_objXMLHTTP.statusText

Open in new window


Sadly, this totally kills the webserver? When pinging it, it just says "Destination host unreachable" and "Request timed out". However, not all the time, only sometimes. (Analyzing the application layer traffic with wireshark, we were able to deduce, that the only difference is, that the HTTP 303 See Other package never turned up, when the webserver would crash. Through manual and sometimes when the scripted/automated method was successful, the HTTP 303 See Other package did show up.) After a while, it comes back up and the change we tried to send through the POST request didn't go through. Alright, we tried MSXML2.ServerXMLHTTP next. Same approach, just with timeouts. Again, webserver goes down sporadically. We looked very confused at this point.

Alright, time for some C# and Powershell. Maybe MSXML2.XMLHTTP and MSXML2.ServerXMLHTTP is just not working. Well, we were wrong ...

 
$tcpClient = New-Object System.Net.Sockets.TcpClient("10.48.254.26", 80)
$stream = $tcpClient.GetStream()
$stream.Write($postRequest, 0, $postRequest.length)
$buffer = New-Object System.Byte[] 8192
$tcpClientCount = $stream.Read($buffer, 0, 8192)
write-host ([System.Text.Encoding]::ASCII.GetString($buffer, 0, $tcpClientCount)) -ForeGroundColor Red
$stream.Close()
$tcpClient.Close()

Open in new window


That approach was also tried through basic telnet. However, both produced the same "errors" as the VBScript: sometimes the webserver would accept the changes (Although with http status codes 303 and 403, but the values were still posted) and sometimes he'd just totally go down.

Now up to C#. First WebRequest:

 
WebRequest req = WebRequest.Create("http://10.48.254.26/Forms/ups_cont_2");
            req.Credentials = new NetworkCredential("admin", "admin");
            req.Headers.Add(HttpRequestHeader.Authorization, "Basic YWRtaW46YWtyb3BvbGlz");
            req.Method = "Post";
            req.ContentType = "application/x-www-form-urlencoded";
 
            Stream s = req.GetRequestStream();
 
            byte[] bytes = Encoding.ASCII.GetBytes("ManagerLogin=admin&NewPassword=newpw&ConfirmPassword=newpw&SecurityMode=1&Submit=+Save+");
            s.Write(bytes, 0, bytes.Length);
            s.Close();
 
            StreamReader r = new StreamReader(req.GetResponse().GetResponseStream());
 
            Console.Write(r.ReadToEnd());

Open in new window


Second HttpWebRequest:

 
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("http://10.48.254.26/Forms/ups_cont_2");
			req.AllowAutoRedirect = true;
			req.Credentials = new NetworkCredential("admin", "admin");
			req.Headers.Add(HttpRequestHeader.Authorization, "Basic YWRtaW46YWRtaW4=");
			req.Method = "POST";
			req.ContentType = "application/x-www-form-urlencoded";
			req.ContentLength = (System.Text.Encoding.ASCII.GetBytes("ManagerLogin=admin&NewPassword=newpw&ConfirmPassword=newpw&SecurityMode=1&Submit=+Save+")).Length;		
			Stream stream = req.GetRequestStream ();
			stream.Write(System.Text.Encoding.ASCII.GetBytes("ManagerLogin=admin&NewPassword=newpw&ConfirmPassword=newpw&SecurityMode=1&Submit=+Save+"), 0, (System.Text.Encoding.ASCII.GetBytes("ManagerLogin=admin&NewPassword=newpw&ConfirmPassword=newpw&SecurityMode=1&Submit=+Save+")).Length);
			stream.Close();
			StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream());
			string response = streamIn.ReadToEnd();
			streamIn.Close();

Open in new window


Guess what? Yes! Same phenomenon. We're totally clueless. We're out of options and we need a solution. I'd be very happy if someone could take a look at this and give their professional opinion.

Thank you.
0
Comment
Question by:raiERB
  • 3
4 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 36921998
This is a pretty specialized piece of hardware have you tried contacting their customer support http://www.allegrosoft.com/email_contact_us.html
They are the best people to ask
0
 
LVL 3

Author Comment

by:raiERB
ID: 36922919
I've done that, however, seeing as I haven't gotten a reply with a workaround yet, I'd like to keep the question open for other experts to have a look.
0
 
LVL 3

Accepted Solution

by:
raiERB earned 0 total points
ID: 36925156
I was able to figure out the problem with one of our senior software developers today. It appears, that the webserver requires a GET request before the actual POST request where all the data is being transfered. Well, I simply requested the page where the form was present through GET and after that I sent my POST and voilá, it works. Apparently it's got something to do with the basic authentication which the webserver has to work out.. anyways, problem solved! Thanks to anybody who had a look and was trying to figure it out, I hope if someone else faces a similar problem in the future they will try to use a GET request before their POST request first.
0
 
LVL 3

Author Closing Comment

by:raiERB
ID: 36947374
Problem solved by myself.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Integration Management Part 2
Loops Section Overview
Suggested Courses
Course of the Month16 days, 7 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question