bashnetcat

Send POST request with netcat


I have found this little script in PHP that send a simple request to twitter for update your status, I have tried this: http://pratham.name/twitter-php-script-without-curl.html, and it work. Now, I want send this request with netcat, but this doesn't work, why?

I send request in this way:

echo -e $head | nc twitter.com 80

The $head are my header that I have tried with also PHP, so it are right.

Anyone know how I can make this? Thanks to all.

edit.

head="POST http://twitter.com/statuses/update.json HTTP/1.1\r\n
Host: twitter.com\r\n
Authorization: Basic myname:passwordinbs64\r\n
Content-type: application/x-www-form-urlencoded\r\n
Content-length: 10\r\n
Connection: Close\r\n\r\n
status=mymessage";

echo -e $head | nc twitter.com 80

Solution

  • The data you send is not correct. Here's the command I'm executing:

    $ head="POST /statuses/update.json HTTP/1.1\r\n
    Host: twitter.com\r\n
    Authorization: Basic myname:passwordinbs64\r\n
    Content-type: application/x-www-form-urlencoded\r\n
    Content-length: 10\r\n
    Connection: Close\r\n\r\n
    status=mymessage"; echo $head  | nc twitter.com 80
    
    HTTP/1.1 400 Bad Request
    Date: Tue, 29 Jun 2010 10:19:38 GMT
    Server: Apache
    Vary: Accept-Encoding
    Content-Length: 226
    Connection: close
    Content-Type: text/html; charset=iso-8859-1
    
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>400 Bad Request</title>
    </head><body>
    <h1>Bad Request</h1>
    <p>Your browser sent a request that this server could not understand.<br />
    </p>
    </body></html>
    

    I'm running a tcpdump in parallel and here is what it shows me:

    0x0020:  5018 ffff 671f 0000 504f 5354 2068 7474  P...g...POST.htt
    0x0030:  703a 2f2f 7477 6974 7465 722e 636f 6d2f  p://twitter.com/
    0x0040:  7374 6174 7573 6573 2f75 7064 6174 652e  statuses/update.
    0x0050:  6a73 6f6e 2048 5454 502f 312e 310d 0a20  json.HTTP/1.1...
    0x0060:  486f 7374 3a20 7477 6974 7465 722e 636f  Host:.twitter.co
    0x0070:  6d0d 0a20 4175 7468 6f72 697a 6174 696f  m...Authorizatio
    0x0080:  6e3a 2042 6173 6963 206d 796e 616d 653a  n:.Basic.myname:
    0x0090:  7061 7373 776f 7264 696e 6273 3634 0d0a  passwordinbs64..
    0x00a0:  2043 6f6e 7465 6e74 2d74 7970 653a 2061  .Content-type:.a
    0x00b0:  7070 6c69 6361 7469 6f6e 2f78 2d77 7777  pplication/x-www
    0x00c0:  2d66 6f72 6d2d 7572 6c65 6e63 6f64 6564  -form-urlencoded
    0x00d0:  0d0a 2043 6f6e 7465 6e74 2d6c 656e 6774  ...Content-lengt
    0x00e0:  683a 2031 300d 0a20 436f 6e6e 6563 7469  h:.10...Connecti
    0x00f0:  6f6e 3a20 436c 6f73 650d 0a0d 0a20 7374  on:.Close.....st
    0x0100:  6174 7573 3d6d 796d 6573 7361 6765 0a    atus=mymessage.
    

    Do you see the mistake? At each line break are three characters, but there should be only two. This happens because you have a real line break in your variable definition that becomes a space in the shell. E.g.

    $ head="line1
    line2" ; echo $head
    
    line1 line2
    

    Try writing it all in one line instead.

    $ head="POST /statuses/update.json HTTP/1.1\r\nHost: twitter.com\r\nAuthorization: Basic myname:passwordinbs64\r\nContent-type: application/x-www-form-urlencoded\r\nContent-length: 10\r\nConnection: Close\r\n\r\nstatus=mymessage" ; echo $head | nc twitter.com 80
    
    HTTP/1.1 401 Unauthorized
    Date: Tue, 29 Jun 2010 10:25:43 GMT
    Server: hi
    Status: 401 Unauthorized
    X-Runtime: 0.00577
    Content-Type: application/json; charset=utf-8
    Content-Length: 63
    Cache-Control: no-cache, max-age=300
    Set-Cookie: k=194.145.236.196.1277807143945525; path=/; expires=Tue, 06-Jul-10 10:25:43 GMT; domain=.twitter.com
    Set-Cookie: guest_id=1277807143950191; path=/; expires=Thu, 29 Jul 2010 10:25:43 GMT
    Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBOsPYMpAToHaWQiJWQzZDkxNTg2MTY3OTFk%250AMzg5OTUyNWFhZGZlZDY0YjJmIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e95d14c755b85ff19606a0bc907c8b7a63d1b508; domain=.twitter.com; path=/
    Expires: Tue, 29 Jun 2010 10:30:43 GMT
    Vary: Accept-Encoding
    Connection: close
    
    {"errors":[{"code":32,"message":"Could not authenticate you"}]}