-1

I want to create a small tool like CRLF Injection or HTTP header respons splitting. I was successful created thousands NetData pattern (data payload) lists. The NetData pattern like this example:

  1. GET http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF]GET somesite.com HTTP/1.1[CRLF][CRLF]

  2. GET http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF][CRLF]GET somesitesite.com HTTP/1.1[CRLF][CRLF]

  3. HEAD http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF]CONNECT somesitesite.com HTTP/1.0[CRLF][CRLF][CRLF][CRLF]

    ...

If just one data pattern/data payload, I can write example code like:

procedure T_CRLFTest.IdMappedPortTCP1Execute(AContext: TIdContext);
begin
  if(Pos('CONNECT',TIdMappedPortContext(AContext).NetData)<>0) then
    TIdMappedPortContext(AContext).NetData := 'GET http://somebug.com/ HTTP/1.1'#13#10'Host : somehost.com'#13#10+TIdMappedPortContext(AContext).NetData+#13#10#13#10
end;

The problem is, how to test all data pattern let say over 20,000 lists using IdMappedPortTCP with multi threaded technique?

I'm using Delphi 2007 and Indy 10.

Community
  • 1
  • 1
  • I don't understand the question. Can you expand on what exactly you are stuck with. – David Heffernan Nov 15 '14 at 20:10
  • thank for your respon, I'm sorry for my bad english. In simple question, I have thousands list of NetData(data payload) with modified varians. I want to applay my NetData lists to `TIdMappedPortContext(AContext).NetData:=mymodifiednetdatalists` I'm stuk how to make my IdMappedPortTCP1 to applay thousands list using thread. I'm assuming in conventional 1 IdMappedPortTCP1 applay 1 mymodifiednetdatalists, this impossible because I don't want to put thousands IdMappedPortTCP base on mymodifiednetdatalists – Hiji Meta Nov 16 '14 at 05:49
  • I still don't understand. Sorry. – David Heffernan Nov 17 '14 at 04:38

1 Answers1

2

NetData contains whatever raw data was available on the socket at the moment the OnExecute event was fired. There is no guarantee of the content of NetData on any given triggering of the event. So every time the event is triggered, you need to store that data to your own per-connection buffer somewhere, then you can parse that buffer looking for complete lines and tweaking them as needed, then update the NetData with new data as needed. Whatever data is in NetData when the event handler exits is the data that gets passed along to the target server.

BTW, HEAD http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF]CONNECT somesitesite.com HTTP/1.0[CRLF][CRLF][CRLF][CRLF] is two HTTP commands overlapping each other. That should never happen in a real scenario. If it is, then the client that is sending those commands is faulty.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • Hello @Remy, yes maybe "my NetData pattern" it is not a regular http, but I have learning this mechanism for bypassing my ISP, and it work. The `HEAD http://somebug.com/ HTTP/1.1[CRLF]Host : somehost.com[CRLF]CONNECT somesitesite.com HTTP/1.0[CRLF][CRLF][CRLF][CRLF]` it just sample at one list of "my NetData pattern lists". Of course I will not applaying real string that pattern to NetData before replacing the strings. Just give me some code to create IdMappedPortTCP at runtime with 1 NetData from lists with looping until end of lists with my NetData pattern. – Hiji Meta Nov 16 '14 at 06:13
  • To do what you are asking for, you need to do what I told you. The unpredictable nature of `NetData` makes it impossible to do reliable pattern matching on every single firing of the `OnExecute` event without a buffer to save data between events. You need to buffer all incoming data, and perform pattern matching on that buffer, not on `NetData` itself. Receive some data, add to buffer, check buffer for completed requests. If none is ready, clear `NetData`, otherwise for each request set `NetData` to modified variant if found, otherwise set `NetData` to original request. – Remy Lebeau Nov 16 '14 at 08:37