 |
 |
|
perkiset
... how would I go about that?
Couple of'ya in here know how to do that... I was thinking that having lots of surfers automatically post a complaint and a "We need to impeach this asshole for violating our civil rights with the eavesdropping crap" at house.gov would be great... I can do it a bunch of times, but it would be really cool if everytime a surfer hit a site it sent that message (or called home for a slightly different one or something) that was posted to the Senate Judiciary Committee page... I'ma thinking it's time for us smarties to get into the game... nop_90
look over at this site if u have not already seen it.
http://www.gnucitizen.org/ before the fixed it on most social networks with a seed to prevent XSS, most common method was 1x1 image.everytime viewer exposes page ..... nutballs
yep a beacon is the simplest if the target form allows GETs submitted from non-authoritative domains (read as: dumb ass form).
the second method is to create a "local copy" of the form, and post via javascript. still legal, though a little less "clean".xss is a whole nother ball game, doable, but, well, you've read the threads elsewhere. my guess is javascriptshould cover 99% of "suggestion" forms, especially on gov sites. probably 80% for GETs. just remember Gets are limited to certain byte lengths in some webservers. so JS posts will give you unlimited size allowances.KaptainKrayola
can't you just forge the http header information (ip, user agent, etc) and just do a POST directly to the action page of the form? If you did that, you could just use random data and post all day.
nutballs
spoofing is outta my realm at this point, but im sure would work.
the beauty of having your surfers do it for you is that you get a much more organic result and its simple use web tech. perkiset
quote author=nop_90 link=topic=244.msg1529#msg1529 date=1179464161 http://www.gnucitizen.org/ I gotta invite that guy to join here... he thinks the right way. Except that he's against all of those techniques 
perkiset
quote author=KaptainKrayola link=topic=244.msg1548#msg1548 date=1179500982 If you did that, you could just use random data and post all day. Yes, but even when forging the http header information the IP address of the request would still be present in the logs and therefore, traceable and deniable. I'd like every user that came to <a certain place> (Don't worry, not here  ) to X-Site a form to house.giv saying that Dubya is an asshole. That'd just be sweet.The repubs have got Diebold in their corner meaning that elections are rigged, so perhaps we need to rig the grassroots /p KaptainKrayola
quote author=perkiset link=topic=244.msg1569#msg1569 date=1179508897 Yes, but even when forging the http header information the IP address of the request would still be present in the logs and therefore, traceable and deniable. ahhh yes, good point. Strike the Kaptain's comments from the record. The Kaptain changes his vote to JavaScript |
Thread Categories
 |
|
Best of The Cache Home |
|
|
Search The Cache |
- Ajax
- Apache & mod_rewrite
- BlackHat SEO & Web Stuff
- C/++/#, Pascal etc.
- Database Stuff
- General & Non-Technical Discussion
- General programming, learning to code
- Javascript Discussions & Code
- Linux Related
- Mac, iPhone & OS-X Stuff
- Miscellaneous
- MS Windows Related
- PERL & Python Related
- PHP: Questions & Discussion
- PHP: Techniques, Classes & Examples
- Regular Expressions
- Uncategorized Threads