PhantomJS or CasperJS form autosubmit - phantomjs

I am building a laboratory task for exploitation CSRF vulnerability.
I need a bot, who will visit my page and execute JS:
<html>
<head>
</head>
<body>
<form action="http://localhost:9010/csrf/register.php" method="POST" id="csrf-form">
<input type="hidden" name="login" value="casper" />
<input type="hidden" name="password" value="casper" />
<input type="submit" value="Submit request"/>
</form>
</body>
<script>document.getElementById("csrf-form").submit()</script>
</html>
I can't proceed it with PhantomJS or CasperJS.
I don't know how HTML code will look like for different students (form id attribute can be different), I just want to execute JS code on page.
CasperJS version 1.1.4 at /opt/casperjs, using phantomjs version 2.1.1
var casper = require('casper').create();
casper.start('http://127.0.0.1/mypage.html');

Since you do not know the form id attribute (and since other element attributes are specific to each student), you can use casper.fillXPath() to use general selectors to fill out and auto-submit your form.
Example:
casper.start('https://example.com/', function () {
this.fillXPath('form', {
'//form/input[#type="hidden"][1]': username,
'//form/input[#type="hidden"][2]': password,
}, true);
});
Otherwise, you can look into using casper.fill(), casper.fillSelectors(), or casper.fillLabels() if you know more information about the selectors being used in the form.
If you need to simply execute JavaScript into the Page DOM environment, you can use casper.evaluate().

Related

POST request being redirected to GET on form submit

I use parse.com with their expressjs framework.
I have this html form which calls my /login url with post but for some reason it gets redirected(with status code 301) to a get request to that url.
This is my html form
<html>
<head></head>
<body>
<form method="post" action="/login">
<label>Username</label>
<input name="username"></input>
<label>Password</label>
<input name="password" type="password"></input>
<input class="button" type="submit" value="Log In">
</form>
</body>
To make the question more clear i use express js with parse.com and here are the two routing defined
app.get('/login', function(req, res) {
res.send('get is called');
});
app.post('/login', function(req, res) {
res.send('post is called');
});
Now no matter what i provide in my form method i always get "get is called" in the browser on submitting the button.
I also tried to debug what is happening in by the developer console and this is what i get
I think you are using ejs template try adding all the attributes in your form as without double quotes, something like this and try
<html>
<head></head>
<body>
<form method=post action=/login>
<label>Username</label>
<input name="username"></input>
<label>Password</label>
<input name="password" type="password"></input>
<input class="button" type="submit" value="Log In">
</form>
</body>
</html>
I checked in the console and the form attributes when double quotes were added was something of this sort
<form action=""/login"" method=""POST"">
so by default the form was getting submitted as a GET request instead of a POST. I am still not sure why this is happening, just started learning express, will add more details when I get them.

Show form after click back button

I use jquery to show hidden form. I want to know how I can automatically show form when user click Submit and then press back button. I don't want user to click New Account again to show form after they click back button.
I have these working code currently:
<head>
<script src="https://code.jquery.com/jquery-latest.js">
</script>
<script type="text/javascript">
$(function() {
$('#register_link').click(function() {
$('#show_form').toggle();
return false;
});
});
</script>
</head>
Google
|
New Account
<div id="show_form" style="display: none;">
<form id="register_form" method="post" action="verify.php">
Username
<inputname="username" id="username" type="text">
<br>
Email
<input name="email" id="email" type="email">
<br>
<input class="button_register" type="submit" value="Create New Account"
/>
</form>
</div>
Example: http://jsfiddle.net/n9uGH/17/
Is it actually possible? Thanks in advance
There are various ways that this could be achieved, however this depends on your server-side language and or hosting environment. Here is a fairly simple widely accepted methodology that should serve your purpose.
This is based on this cookie library for jQuery https://github.com/carhartl/jquery-cookie
Using cookies you can persist the information between the two page loads.
So on your form page you would do something like this
$(function() {
$('#register_link').click(function() {
$('#show_form').toggle();
return false;
});
if($.cookie('form_submitted')){
$('#show_form').toggle();
}
});
Then on the page which appears after submitting the form you can do this
$(function() {
$.cookie('form_submitted', 'yes');
});

How to open URL having POST request method in WebView in Windows Store App

I need to open some URL in WebView from the source code of an another URL. I am getting source code of that URL via ScriptNotify event. That URL contains a <form /> with GET/POST request & parameters
The HTML can contain either this
<form id="pay" method="GET" target="_blank" action="https://xxxxx.com/qqq/www">
<input type="hidden" value="643" name="param1">
<input type="hidden" value="313.62" name="param2">
<input type="hidden" value="GZc6PFXOTfmY58yJyk3DTg==" name="param3">
</form>
Or this
<form id="pay" method="POST" target="_blank" action="https://xxxxx.com/qqq/www">
<input type="hidden" value="643" name="param1">
<input type="hidden" value="313.62" name="param2">
<input type="hidden" value="GZc6PFXOTfmY58yJyk3DTg==" name="param3">
</form>
Now if I have GET method then I can develop URL by parsing the source code, it will become this for our example. I can open in WebView
https://xxxxx.com/qqq/www/?param1=643&param2=313.62&param3=GZc6PFXOTfmY58yJyk3DTg==
How can I do same if there's POST request ?
There's no method on WebView allowing you to perform a POST request. You could do it by invoking a JavaScript function inside WebView, though. First you need to construct a web page containg the form you require and a JavaScript function submitting it:
var html =
#"<html>
<head>
<script type=""text/javascript"">
function Submit()
{
document.getElementById('pay').submit();
}
</script>
</head>
<body>
<form id=""pay"" method=""POST"" action=""https://xxxxx.com/qqq/www"">
<input type=""hidden"" value=""643"" name=""param1"">
<input type=""hidden"" value=""313.62"" name=""param2"">
<input type=""hidden"" value=""GZc6PFXOTfmY58yJyk3DTg=="" name=""param3"">
</form>
</body>
</html>";
You then navigate to this HTML string and invoke the function:
webView.NavigateToString(html);
webView.InvokeScript("Submit", null);
During tests the second call always executed before the page was actually loaded and failed because of that so I had to work around it by reacting to LoadCompleted event:
webView.LoadCompleted += WebViewOnLoadCompleted;
webView.NavigateToString(html);
private void WebViewOnLoadCompleted(object sender, NavigationEventArgs navigationEventArgs)
{
webView.LoadCompleted -= WebViewOnLoadCompleted;
webView.InvokeScript("Submit", null);
}

Watir - file_field call is clicking on the wrong element when driving Chrome

Working on a web page that contains a form with a choose file input as in the following snippet:
<form ... >
<div class="form__wrap">
<ul class="form__list">
Import:
<label for="fileUploadInput" class="btn mediaChoose inline" id="fileUpload">Choose File</label>
<input class="mediaFile" id="fileUploadInput" name="file" type="file" />
</ul>
</div>
...
</form>
Using Watir WebDriver, the following returns true:
puts file_field(:id => "fileUploadInput").exists?
but, the file_field call below results in the following error on Chrome (works on Firefox and IE):
file_field(:id => "fileUploadInput").set(pathtofile)
Element is not clickable at point (695, 314). Other element would receive the click:
<label for="fileUploadInput" class="btn mediaChooseinline" id="fileUpload">...</label>
My guess is that you are driving Chrome, since I have seen errors like that before. The error message is saying that you are trying to click file upload element, but label is displayed over it, so clicking the desired coordinates on the screen will click the label instead of file upload element. Chrome gets confused at that point and refuses to click.
To make sure that is the problem, try the same code with another browser, Fireofox for example. Experience has shown that Firefox does not care if another element will receive the click.
I tried a scaled down form similar to your posted form and it has worked for me in Chrome and Firefox. This was tested on a Windows machine. I did notice that FireFox and Chrome have different syntaxes for the path directory.
HTML -
<!DOCTYPE html>
<html>
<body>
<form action="demo_form.asp">
Import:
<label for="fileUploadInput" class="btn mediaChoose inline" id="fileUpload" >test</label>
<input class="mediaFile" id="fileUploadInput" name="file" type="file" />
</form>
</body>
</html>
Test Code
require 'watir-webdriver'
browser = Watir::Browser.new :firefox
browser.goto "C:\\Users\\mike\\ruby\\chrome1.html"
puts browser.file_field(:id => "fileUploadInput").exists?
#browser.file_field(:id => "fileUploadInput").set("c:\\Windows\\") #chrome
browser.file_field(:id => "fileUploadInput").set("c:\\Windows\\..") #firefox
browser.file_field(:id => "fileUploadInput").click

How to stay in Current Page

I have one form of user name and password fields followed by submit button. How do I stay in current page after clicking submit button without reloding page?
Any help is appreciated.
Try tis if you need a sumit button.
<input type="submit" onclick="return false" />
But you may want to use a simple clickable button if you don't wan't to sumbit your form on click... in this case, this should do the trick:
<input type="button" />
There are a couple of options. First of all in the markup for the submit button you can return false:
<input type="submit" onclick="return false;" />
The problem with the approach above is that it will cancel the submit, not sure if that's desired or not. Another approach you can take is to use something like jQuery to do an ajax request.
To do that you'd need to include jQuery:
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
Then change your submit button to a regular button:
<input type="button" onclick="doAjaxCall();" />
The javascript function doAjaxCall would then be something like:
<script type="text/javascript">
function doAjaxCall() {
$.ajax({ url: "destinationurl.aspx", success: function(){
alert('success! insert success javascript code here');
}});
}
</script>