• Welcome to Valhalla Legends Archive.
 

HTTP Protocol Client and PHP

Started by Barabajagal, September 11, 2007, 03:37 AM

Previous topic - Next topic

Barabajagal

Well, due to me being totally sick of Microsoft's incompetence, I'm writing a replacement UserControl for the INET ocx. It was causing major issues, including freezing the IDE every time the program finished running (4srsly).

Almost everything's done except for some error support, and PHP. For some reason, all PHP files have their own header and footer which I never knew about before. As an example, I connected to my bot's IP grabber page, at http://rcb.realityripple.com/ip.php . This returns

72.173.96.196

0





or in hex64 20 20 0D 0A 37 32 2E  31 37 33 2E 39 36 2E 31
39 36 0D 0A 30 0D 0A 0D  0A


The "d" and the "0" obviously aren't supposed to be there. If I grab pages off my site, those random values are placed where I have includes of other php files within my site. I don't understand what these are, or what their purpose could possibly be. Can someone help me out?

Camel

Your code has a bug, probably caused back lack of comments. It needs three weeks of rest, and lots of liquids.

In all seriousness though, it might help if you actually posted some code.

Banana fanna fo fanna

ah, the infamous php-adding-random-shit-to-your-output bugs. i'd rewrite it to use only echo and print and trim all leading and trailing spaces in your pages.

Camel

The bug is not with his PHP, as evidenced by the lack of random shit appearing in the output of the PHP code.

Barabajagal

#4
You guys need to stop fucking blaming me for things that aren't anything to do with me. The CODE IS NOT THE PROBLEM.

My IP.php file's code looks like this:
<?php $IP = $_SERVER["REMOTE_ADDR"]; echo $IP;?>


Try packet logging your browser visiting the page, and it'll have those numbers there, too!

Like so:0000  48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D    HTTP/1.1 200 OK.
0010  0A 44 61 74 65 3A 20 54 75 65 2C 20 31 31 20 53    .Date: Tue, 11 S
0020  65 70 20 32 30 30 37 20 31 38 3A 34 33 3A 33 33    ep 2007 18:43:33
0030  20 47 4D 54 0D 0A 53 65 72 76 65 72 3A 20 41 70     GMT..Server: Ap
0040  61 63 68 65 2F 31 2E 33 2E 33 33 20 28 55 6E 69    ache/1.3.33 (Uni
0050  78 29 0D 0A 58 2D 50 6F 77 65 72 65 64 2D 42 79    x)..X-Powered-By
0060  3A 20 50 48 50 2F 35 2E 32 2E 31 0D 0A 43 6F 6E    : PHP/5.2.1..Con
0070  6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A    nection: close..
0080  54 72 61 6E 73 66 65 72 2D 45 6E 63 6F 64 69 6E    Transfer-Encodin
0090  67 3A 20 63 68 75 6E 6B 65 64 0D 0A 43 6F 6E 74    g: chunked..Cont
00A0  65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 2F 68    ent-Type: text/h
00B0  74 6D 6C 0D 0A 0D 0A 64 20 20 0D 0A 37 32 2E 31    tml....d  ..72.1
00C0  37 33 2E 39 36 2E 31 39 36 0D 0A 30 0D 0A 0D 0A    73.96.196..0....

iago

#5
Quote from: Andy on September 11, 2007, 01:42 PM
You guys need to stop fucking blaming me for things that aren't anything to do with me. The CODE IS NOT THE PROBLEM.
And you need to settle down if you want people to help you. Do you really expect people to want to answer the question if you just insulted them?

<edit> that being said, it looks fine to me:

13:21:56.170079 IP 10.160.22.31.59524 > perfora.net.http: P 1:566(565) ack 1 win 5840
        0x0000:  4500 025d f194 4000 4006 c0b0 0aa0 161f  E..]..@.@.......
        0x0010:  4ad0 1ac7 e884 0050 602a bb42 a370 07b1  J......P`*.B.p..
        0x0020:  5018 16d0 219a 0000 4745 5420 2f69 702e  P...!...GET./ip.
        0x0030:  7068 7020 4854 5450 2f31 2e31 0d0a 486f  php.HTTP/1.1..Ho
        0x0040:  7374 3a20 7263 622e 7265 616c 6974 7972  st:.rcb.realityr
        0x0050:  6970                                     ip
13:21:56.170777 IP perfora.net.http > 10.160.22.31.59524: . ack 566 win 6780
        0x0000:  4500 0028 dc53 4000 3f06 d926 4ad0 1ac7  E..(.S@.?..&J...
        0x0010:  0aa0 161f 0050 e884 a370 07b1 602a bd77  .....P...p..`*.w
        0x0020:  5010 1a7c 5d6a 0000 0000 0000 0000       P..|]j........
13:21:56.337445 IP perfora.net.http > 10.160.22.31.59524: P 1:221(220) ack 566 win 6780
        0x0000:  4500 0104 dc54 4000 3f06 d849 4ad0 1ac7  E....T@.?..IJ...
        0x0010:  0aa0 161f 0050 e884 a370 07b1 602a bd77  .....P...p..`*.w
        0x0020:  5018 1a7c ef35 0000 4854 5450 2f31 2e31  P..|.5..HTTP/1.1
        0x0030:  2032 3030 204f 4b0d 0a44 6174 653a 2054  .200.OK..Date:.T
        0x0040:  7565 2c20 3131 2053 6570 2032 3030 3720  ue,.11.Sep.2007.
        0x0050:  3139
13:21:56.337851 IP perfora.net.http > 10.160.22.31.59524: P 221:242(21) ack 566 win 6780
        0x0000:  4500 003d dc55 4000 3f06 d90f 4ad0 1ac7  E..=.U@.?...J...
        0x0010:  0aa0 161f 0050 e884 a370 088d 602a bd77  .....P...p..`*.w
        0x0020:  5018 1a7c 66d4 0000 6520 200d 0a32 3037  P..|f...e....207
        0x0030:  2e33 342e 3130 332e 3139 340d 0a         .34.103.194..
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Barabajagal

I really don't expect either of them to help me, no.

And that just looks horribly confusing. The end of the HTTP header is supposed to end with a double set of CrLf, yet I see none at all in your packet log. That, and your HTTP request is lacking any cache control. What browser are you using that sends requests like that?

iago

I'm sending the requests from a console. The output that's returned is lacking the characters you mentioned, too. I just posted the packetlog because it's more obvious. Here's the console output:

Quoteron@facevision:~$ telnet rcb.realityripple.com 80
Trying 74.208.26.199...
Connected to rcb.realityripple.com.
Escape character is '^]'.
GET /ip.php HTTP/1.0
Host: rcb.realityripple.com

HTTP/1.1 200 OK
Date: Tue, 11 Sep 2007 20:05:23 GMT
Server: Apache/1.3.33 (Unix)
X-Powered-By: PHP/5.2.1
Connection: close
Content-Type: text/html

207.34.103.194Connection closed by foreign host.


And I meant help from anybody. As soon as I saw that reply, I realized that normally I wouldn't help for any reason. But being bored at work overrode it in this case...
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Barabajagal

#8
What I view in my browser (and source code) doesn't have the characters either. It's just in the raw data received. Perhaps it's my ISP's doing, but that wouldn't explain why it doesn't show up after a browser (or even the inet control itself) gets the content and displays it.

Edit: how the hell did you establish a telnet connection to my site? I can't connect to it via telnet.

K


Trying 74.208.26.199...
Connected to rcb.realityripple.com.
Escape character is '^]'.
GET /ip.php HTTP/1.0
Host: rcb.realityripple.com

HTTP/1.1 200 OK
Date: Tue, 11 Sep 2007 20:26:45 GMT
Server: Apache/1.3.33 (Unix)
X-Powered-By: PHP/5.2.1
Connection: close
Content-Type: text/html

128.138.207.2

Connection closed by foreign host.

Trying 74.208.26.199...
Connected to rcb.realityripple.com.
Escape character is '^]'.
GET /ip.php HTTP/1.1
Host: rcb.realityripple.com

HTTP/1.1 200 OK
Date: Tue, 11 Sep 2007 20:27:37 GMT
Server: Apache/1.3.33 (Unix)
X-Powered-By: PHP/5.2.1
Transfer-Encoding: chunked
Content-Type: text/html


128.138.207.2
0

Connection closed by foreign host.

Barabajagal

Urk.... wtf? I'm NOT using 1.0 to get around this -.-

iago

That's crazy, when I tried HTTP/1.1, it put 'e' at the top and '0' at the bottom. Wacko!

And incidentally, you telnet to the site on port 80 and give it the same request the a browser would.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Barabajagal

when I do "telnet rcb.realityripple.com 80" it goes to a blank telnet screen... and sits there. Probably my ISP's fault. Anyway, what should I DO about those funky random bytes? I need to use 1.1 for the no-cache option.

rabbit

Type in the HTTP request in that blank screen and hit enter twice.
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

Barabajagal

Oog... telnet is glitchy, but that doesn't change anything. He was using HTTP 1.0, not 1.1