Application Security Testing: An Integral Part of DevOps
HTTP post requests are very easy to handle by using HTML forms and other languages where they are natively supported. Basically, a request is nothing but a socket-based communication between the browser and Web server. The Hypertext Transfer Protocol, HTTP/1.1 (http://www.w3.org/Protocols/rfc2616/rfc2616.html), documents the standards.
The code in this article is based on these standards and has been tested to act as an HTTP client to make a post request and retrieve the response from Web server. Through the open socket, write and read are simple tasks to perform. Sending the requests in order and in the correct format is essential.
A client request looks like the following:
POST <Post program> HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 Content-Length: <length of parameters> Accept-Language: en-us Accept-Encoding: gzip, deflate Host: <hostname> Content-Type: application/x-www-form-urlencoded Authorization: Basic <base64 encoded login name : password> <param1=val1¶m2=val2>
The server responds with the header part and body part of the message.
HTTP/1.0 200 Date: Thu 9 Dec 2004 12:23:50 GMT Server: Archive-Appliance Connection: close Content-type: text/xml
The HTTP/1.0 200 status states everything went okay. For instance, it can be HTTP/1.0 404 if you made a wrong request. The body part is whatever the post script or program's output is.