Send POST request with netcat

2020-02-17 06:03发布

问题:

I have found this little script in PHP that send a simple request to twitter for update your status, I have tried this: http://pratham.name/twitter-php-script-without-curl.html, and it work. Now, I want send this request with netcat, but this doesn't work, why?

I send request in this way:

echo -e $head | nc twitter.com 80

The $head are my header that I have tried with also PHP, so it are right.

Anyone know how I can make this? Thanks to all.

edit.

head="POST http://twitter.com/statuses/update.json HTTP/1.1\r\n
Host: twitter.com\r\n
Authorization: Basic myname:passwordinbs64\r\n
Content-type: application/x-www-form-urlencoded\r\n
Content-length: 10\r\n
Connection: Close\r\n\r\n
status=mymessage";

echo -e $head | nc twitter.com 80

回答1:

The data you send is not correct. Here's the command I'm executing:

$ head="POST /statuses/update.json HTTP/1.1\r\n
Host: twitter.com\r\n
Authorization: Basic myname:passwordinbs64\r\n
Content-type: application/x-www-form-urlencoded\r\n
Content-length: 10\r\n
Connection: Close\r\n\r\n
status=mymessage"; echo $head  | nc twitter.com 80

HTTP/1.1 400 Bad Request
Date: Tue, 29 Jun 2010 10:19:38 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>

I'm running a tcpdump in parallel and here is what it shows me:

0x0020:  5018 ffff 671f 0000 504f 5354 2068 7474  P...g...POST.htt
0x0030:  703a 2f2f 7477 6974 7465 722e 636f 6d2f  p://twitter.com/
0x0040:  7374 6174 7573 6573 2f75 7064 6174 652e  statuses/update.
0x0050:  6a73 6f6e 2048 5454 502f 312e 310d 0a20  json.HTTP/1.1...
0x0060:  486f 7374 3a20 7477 6974 7465 722e 636f  Host:.twitter.co
0x0070:  6d0d 0a20 4175 7468 6f72 697a 6174 696f  m...Authorizatio
0x0080:  6e3a 2042 6173 6963 206d 796e 616d 653a  n:.Basic.myname:
0x0090:  7061 7373 776f 7264 696e 6273 3634 0d0a  passwordinbs64..
0x00a0:  2043 6f6e 7465 6e74 2d74 7970 653a 2061  .Content-type:.a
0x00b0:  7070 6c69 6361 7469 6f6e 2f78 2d77 7777  pplication/x-www
0x00c0:  2d66 6f72 6d2d 7572 6c65 6e63 6f64 6564  -form-urlencoded
0x00d0:  0d0a 2043 6f6e 7465 6e74 2d6c 656e 6774  ...Content-lengt
0x00e0:  683a 2031 300d 0a20 436f 6e6e 6563 7469  h:.10...Connecti
0x00f0:  6f6e 3a20 436c 6f73 650d 0a0d 0a20 7374  on:.Close.....st
0x0100:  6174 7573 3d6d 796d 6573 7361 6765 0a    atus=mymessage.

Do you see the mistake? At each line break are three characters, but there should be only two. This happens because you have a real line break in your variable definition that becomes a space in the shell. E.g.

$ head="line1
line2" ; echo $head

line1 line2

Try writing it all in one line instead.

$ head="POST /statuses/update.json HTTP/1.1\r\nHost: twitter.com\r\nAuthorization: Basic myname:passwordinbs64\r\nContent-type: application/x-www-form-urlencoded\r\nContent-length: 10\r\nConnection: Close\r\n\r\nstatus=mymessage" ; echo $head | nc twitter.com 80

HTTP/1.1 401 Unauthorized
Date: Tue, 29 Jun 2010 10:25:43 GMT
Server: hi
Status: 401 Unauthorized
X-Runtime: 0.00577
Content-Type: application/json; charset=utf-8
Content-Length: 63
Cache-Control: no-cache, max-age=300
Set-Cookie: k=194.145.236.196.1277807143945525; path=/; expires=Tue, 06-Jul-10 10:25:43 GMT; domain=.twitter.com
Set-Cookie: guest_id=1277807143950191; path=/; expires=Thu, 29 Jul 2010 10:25:43 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBOsPYMpAToHaWQiJWQzZDkxNTg2MTY3OTFk%250AMzg5OTUyNWFhZGZlZDY0YjJmIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e95d14c755b85ff19606a0bc907c8b7a63d1b508; domain=.twitter.com; path=/
Expires: Tue, 29 Jun 2010 10:30:43 GMT
Vary: Accept-Encoding
Connection: close

{"errors":[{"code":32,"message":"Could not authenticate you"}]}


回答2:

If you don't put quotes around "$head" then your formatting won't be as you (or Twitter) expect it. Also, since your variable contains newlines/carriage returns, it will probably help to suppress echo from supplying its own.

echo -ne "$head" | nc twitter.com 80


标签: bash netcat