trying to make a automatic virus checking tool with HTTP GET AND POST

**Anddos** · 04-20-2009

so looking at the header file recieved with a firefox addon i get

Code:

http://scanner.novirusthanks.org/

POST / HTTP/1.1
Host: scanner.novirusthanks.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://scanner.novirusthanks.org/
Content-Type: multipart/form-data; boundary=---------------------------24464570528145
Content-Length: 122682
-----------------------------24464570528145
Content-Disposition: form-data; name="upfile"; filename="HTTPGET.exe"
Content-Type: application/octet-stream

MZ
HTTP/1.x 200 OK
Date: Mon, 20 Apr 2009 23:06:51 GMT
Server: Apache
Content-Length: 2966
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

so i create the string like

Code:

char Dis[512];
		sprintf(Dis,"%s %s%c%s%c%c %s%c%s%c\r\n",
			        "Content-Disposition: form-data;",
					"name=",
					'"',
					"upfile",
					'"',
					';',
					"filename=",
					'"',
					"HTTPGET.exe",
					'"');

		MessageBox(NULL,Dis,"",0);
		char *post = new char[1024];
		sprintf(post,"%s%s%s",
			         "POST / HTTP/1.1\r\n" 
                     "Host: scanner.novirusthanks.org\r\n"
					 "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
					 "Accept-Language: en-gb,en;q=0.5\r\n"
					 "Accept-Encoding: gzip,deflate\r\n"
					 "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
					 "Keep-Alive: 300\r\n"
					 "Connection: keep-alive\r\n"
					 "Referer: http://scanner.novirusthanks.org\r\n"
                     "Content-Type: multipart/form-data; boundary=---------------------------24464570528145\r\n"
					 "Content-Length: 500\r\n",
					 Dis,
                     "Content-Type: application/octet-stream\r\n\r\n");

                    send(sock,post,strlen(post),0);

but its not working and nothing is getting recved saying , checking file please wait etc , i am unsure how how its going to know the dir my HTTPGET.exe is in which is the dummy virus exe that it sumbits , also how would you get the length of a exe for this field? , Content-Length: 123815

thank if you can help

**bithub** · 04-20-2009

Code:

"Content-Length: 500\r\n"

I don't see you sending 500 bytes anywhere.

**Anddos** · 04-20-2009

ye that was just for testing , so ive been thinking do you have to put the file in to a buffer and send that as well , and that buffer would be the content length?

**bithub** · 04-20-2009

Correct.

**Anddos** · 04-20-2009

how would u use strlen on a LPVOID?

**bithub** · 04-20-2009

You wouldn't. What are you trying to do?

**Anddos** · 04-20-2009

trying to submit the currently running file
so i need to make content lenght the lentgh of the read file buffer so it works with send()

Code:

HANDLE Upload = CreateFile(ModuleName,
			                       GENERIC_READ,
								   FILE_SHARE_READ,
								   NULL,
								   OPEN_EXISTING,
								   FILE_ATTRIBUTE_NORMAL,
								   NULL);
		if(Upload != INVALID_HANDLE_VALUE)
		{
			MessageBox(NULL,"Made file handle","",0);
		}

		LPVOID rBuffer;
		DWORD Read,ToRead;
		
		char *exe = new char [1024];
		ReadFile(Upload,rBuffer,Read,&ToRead,0);

sprintf(post,"%s%s%s",
			         "POST / HTTP/1.1\r\n" 
                     "Host: scanner.novirusthanks.org\r\n"
					 "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
					 "Accept-Language: en-gb,en;q=0.5\r\n"
					 "Accept-Encoding: gzip,deflate\r\n"
					 "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
					 "Keep-Alive: 300\r\n"
					 "Connection: keep-alive\r\n"
					 "Referer: http://scanner.novirusthanks.org\r\n"
                     "Content-Type: multipart/form-data; boundary=---------------------------24464570528145\r\n"
					 "Content-Length: %i\r\n",strlen(exe),
					 Dis,
                     "Content-Type: application/octet-stream\r\n\r\n");

**bithub** · 04-20-2009

The ReadFile() function is telling you how many bytes were read from the file. The 4th parameter gets filled with the number of bytes read.

**Anddos** · 04-20-2009

so that would be the content length for the post string?

**bithub** · 04-20-2009

Well keep in mind that if the file is greater than 1024 bytes (the size of your buffer), you will not be reading in the whole file. In that case you would need to call ReadFile() several times. To answer your question, the content length should be set to the total number of bytes from the file that you send across.

**Anddos** · 04-20-2009

do you think you could clean up my code so its actaully working , i am struggling on this one and think you have the experienced to fix it

**bithub** · 04-20-2009

POST your code which includes you reading the file from disk, and sending the POST data to the server.

**Anddos** · 04-20-2009

Code:

char Dis[512];
		sprintf(Dis,"%s %s%c%s%c%c %s%c%s%c\r\n",
			        "Content-Disposition: form-data;",
					"name=",
					'"',
					"upfile",
					'"',
					';',
					"filename=",
					'"',
					"HTTPGET.exe",
					'"');

		MessageBox(NULL,Dis,"",0);
		char *post = new char[1024];
		char ModuleName[65];
		GetModuleFileName(NULL,ModuleName,sizeof(ModuleName));
		MessageBox(NULL,ModuleName,"",0);

		HANDLE Upload = CreateFile("C:\Users\Anddos\Documents\coding\HTTPGET\Release\HTTPGET.exe",
			                       GENERIC_READ,
								   FILE_SHARE_READ,
								   NULL,
								   OPEN_EXISTING,
								   FILE_ATTRIBUTE_NORMAL,
								   NULL);
		if(Upload != INVALID_HANDLE_VALUE)
		{
			MessageBox(NULL,"Made file handle","",0);
		}

		char rBuffer[500000];
		DWORD Read,ToRead;
		
		char *exe = new char [1024];
		BOOL s; 
		while(1)
		{
		s = ReadFile(Upload,rBuffer,Read,&ToRead,0);
		   
		   MessageBox(NULL,"read loop","",0);

		   if(s == true)
		   {
			MessageBox(NULL,"break","",0);
			break;
		   }
		}
		
		char Out[32];
		//sprintf(Out,"%s %i %s %i","read",Read,"toread",ToRead);
		//MessageBox(NULL,"read",Out,0);
		//sprintf(exe,(char*)rBuffer);

		




		sprintf(post,"%s%d%s%s",
			         "POST / HTTP/1.1\r\n" 
                     "Host: scanner.novirusthanks.org\r\n"
					 "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
					 "Accept-Language: en-gb,en;q=0.5\r\n"
					 "Accept-Encoding: gzip,deflate\r\n"
					 "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
					 "Keep-Alive: 300\r\n"
					 "Connection: keep-alive\r\n"
					 "Referer: http://scanner.novirusthanks.org\r\n"
                     "Content-Type: multipart/form-data; boundary=---------------------------24464570528145\r\n"
					 "Content-Length: \r\n",strlen(rBuffer),
					 Dis,
                     "Content-Type: application/octet-stream\r\n\r\n");
					 
					
					//"Content-Length: %i\r\n\r\n", strlen(body));

		MessageBox(NULL,post,"",0);

	 send(sock,post,strlen(post),0);
	 send(sock,rBuffer,strlen(rBuffer),0);

**Anddos** · 04-20-2009

oh the loading file needs 2 // but still not working

**bithub** · 04-20-2009

Your header is wrong. Take a close look at the output you see when you print the header. Your content length header is not formatted correctly.

Thread: trying to make a automatic virus checking tool with HTTP GET AND POST

Thread Tools

Search Thread

Display

trying to make a automatic virus checking tool with HTTP GET AND POST