form posts and scripts

Well well well ... all nice for get's, even authenticated gets. But how about form posts?

There's always the trouble of Referer. I guess If they want, they can shut me down by now. Damn mindless testing. I've left a trail. If they keep track of referer on requests, it's not even that uncommon, then they can get my script request -_- . I've checked it with wireshark. :S I even tried to modify it by using an XMLHTTPRequest object, but... If I had conveniently read the documentation I'd know in advance some headers can't be modified by reasons of security.... I can see why! =P

So I had to find a way to circle around it. And of course as always, I did. Lol see, the idea is that I needed on the fly modification of a form. To do that, I'd need a script to modify the source of a loaded page for me. Wow! Now that's spooky! But possible! Hihihi The name is GreaseMonkey. And there's even a hole gigantic script built for travian, called travian beyond that you can install. There are no limits to what you can do. With some trouble... the game plays it self. Of course... that takes all the fun out of it. I've proven that I can do it... now, I leave it aside and cut the too much to leave a little help only. =P

So far the application works pretty much as a human would operate on a browser, and asides from the fact that it never sleeps more than 20 minutes. It's untraceable!

The trick is the following:

The server can never know if a human or a script did it, because all it gets it's HTTP / TCP packets. If all is filled out correctly, then... bye bye intuition.

God I love machines and it's layered organization. I had never seen a breach in this model until this very moment. It's like completely separate universes communicating by laser beams. You can shake one of them, break it apart but has long has you keep the beams alive and right... no other universe knows you did.

Abstraction... abstraction...

I'm sleeping happier tonight. ;)

ohhh another curiosity. Imagine the following: some document, has anchors, and these anchors have actionscript calls for onclick. How do you make that code execute without using the mouse?

Reasoning:

Here's the function signature: function onclick(Event);

it's still a function... just another function that happens to be called when a mouseEvent occurs. Now if inside it's body it never uses the mouseEvent, can it tell whether it was called by a mouseEvent or some other thing? I have not checked.. but even if it did, I guess you could always instanciate a mouseEvent, but like this you don't even need it. Null is has valid has an object argument has any instance of an object. So if I do:

var anchors = document.getElementsByTagName("a");

for( i=0; i less Than anchors .length ; increase i )

if( anchors dot onclick diferent from null )

anchors[i] dot onclick (null) ;

I can force execution of all anchor onclicks.

Happy codings ;)

flush String with source from external URL in to Java

Well a fetch source using servlets is nonsence. Servlets run on server side and generate responses to requests so... it's a bad idea to go that way.

If I somehow exported the connection problem outside of the browser window... I'd have an authentication problem. So the best way would be to run it somehow using javascript, there's a Dom object capable of doing HTTPRequests and it's called XMLHTTPRequest. There are several details to take care when using this code. One must set browser to allow connection to remote servers from client pages. So there's a cost in security to achieve this goal. Furthermore I couldn't find a way to configure firefox to lower it's security params so it won't run on it yet.

By now I'm still hocked up to the idea of an Applet to manage flow control, and other heavy weight operations, Though my initial idea of processing the source as a raw string has fallen in the pit of plain stupidity. XMLHTTPRequest returns a DOMDocument which can be manipulated with all the charms of the DOM model, and will certainly be better than any code I could write in 3 life times.

So in conclusion I guess I can sleep better tonight :P

If you're trying to do the same for some reason, the way you'd get a raw String with the source to be inputed in to Java would be to declare an Applet on the page containing the script with the XMLHTTPRequest Object so you can call functions who manipulate it from java using the netscape.javascript package. Furthermore XMLHTTPRequest contains a DOMString propertie which can be cast to String no questions asked, leaving us with a happy:

a) (String)window.call(“getSource”,null).

//- ------------------------------- JS
var client = new XMLHttpRequest();
var source;

function init()
{
if (window.xmlhttprequest) { request = new XMLHTTPrequest();}
else if (window.ActiveXObject) {
try {
request = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e){
try{
request = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e){}
}
}
}

function handler( ) {
try{
if(this.readyState == 4 && this.status == 200) {
// so far so good
if(this.responseXML != null)
{ } // success! do nothing}
else{ }
}
else if (this.readyState == 4 && this.status != 200) { // fetched the wrong page or network error...
alert("ups check your glasses, wrong URL?");
}
}catch(e){alert("error on handler" +e );}
}

function fetchSource()
{
//wait for client to be ready =P
if(client.readyState!=4) return null;
return client.responseText;
}

function fetchURL(url){
//alert("fetchy is here!! cuxi cuxi ");
try{
client.onreadystatechange = handler;
client.open("GET", url,true);
client.send();
}
catch(e){alert("error on fetchSource:" + e);}

}

// -------------------------------- APPLET CODE
public static String getURLSource(String url)
{

if(window == null){System.out.println("window is null"); return null;}

try {
window.call("fetchURL",new Object[] {url});
Thread.sleep(2000);//give the server time to respond with source
return (String)window.call("fetchSource", null);
}
catch(Exception e){
System.out.println("GET URL CRACHED!!!");
return null;
}
}

//don't forget to start window :
public void init()
{
try {
Travian.window = netscape.javascript.JSObject.getWindow(this);
Travian.location = (JSObject)Travian.window.getMember("location");
}catch(Exception e ){System.out.println("init can't start JSObject");}
}


// -----------------------------------------------------------------------
happy coddings!

Breaking my head against the Travian wall

I've been fixed on the idea of building an Admin interface for the Travian game. Though out of all my crazy ideas this must have been the one with the MOST trouble. Along with the fact that my JS /DOM was very rusty, I've encountered other difficulties... So from the beginning.

Figuring out how it works:
Travian is build on a mix of php, JS & HTML. The big issue being php, because it's executed server side! Client sends a request. Server reply s with html page. I can't read it, can't access it and the only way I could glimpse it's workarounds would be by monitoring variables being passed to it along with every different call made to the server. Now besides not being the easiest task... it never will grant that I can figure params for hidden evolutions. Because it's not a static game. So I'd only be able to implement a scalable application once I reached the end... and well the hole purpose is to build something that will help me do that. So that made me quit the hole hack trough php idea. The objective is to build an application capable of monitoring action just like any human user would do by reading the page, not modifying it.

So that takes us to the next step. Ok.. I can recognize anchors with a scanner algorithm just as easily as I can with my eyes.... so I'll just have to find a way to process the source. All joyful stupid H. wandered around the house jumping and smoking cigarrets while planning the best way to do it. What language am I using? Am I going to go object oriented and define identities so I can delegate tasks and therefore better organize the application? How about GUI? I don't feel like spending hour costuming it! Javascript? It's cool I can generate tables through DOM and it offers anchors that I can customize by just copying the URLS from the source, I don't even have to worry about logging in as long as I grant that I'm opening the admin window on the the same browser window of the game. Java? Java has a bunch of cool classes for manipulating strings, the own String class, with it's contains and substrings gymnastics and Scanner and Tokenizer. Besides a comfortable Thread manipulation and Timer's... Hum... why don't I mix it all.. I just need a bridge between Java and Javascript so I can pass information around. Well.. I found the bridge, it's a package from netscape and it comes with the plugins jar, somewhere in your JRE. There's not much to know about it, it raps the JS object on a JSObject and sends it to java, while unraping it when it's send back to javascript. Furthermore it's very intuitive, you can even cast it directly to string if it's a text object like in document.body.innerHTML. All very cozy and comfortable. I wrote a window with a bunch of frames, drawn the hole communication and generalist aspects of the application. And I thought ok... now I just need to input the source from the site. And here the trouble started!! You can very easily view any source from any URL with a simple access to: window.document.body.innerHTML but if the URL is out side your “server” then the window becomes a fucking cocoon. You can't access document.body, therefore you can't read the source no fucking way without some other workaround external to plain JS. This is very plain simple conclusion but I lost hours!!! t'ill I realized there was no possible workaround for this. I tried to workaround it in a milion ways, by testing if it had anything to do with a particular propertie, going from window, from frame, from context, getting the calls made by different window object and even tried to schedule a call to an echo function by changing window.onload = setTimeout(“alert(window.document.body.html);”,1000); to make it seem like the window which contained the external URL was asking for this, but couldn't ;P


So now basically I'm stuck at a stupid fetch sorce. I can understand that I can't write to the document. But read it... I call this stupid security! Now to something so simple I'm gonna have to just flush the source right in to Java. Using some sort of bridge to HTTP. I smell servlets. But I know nothing 'bout that.... YET!!! hihihi So...

Don't miss the next chapter 'cause I certainly won't.
God what a bad joke!! LOL
I have two tests tomorrow and an assignment presentation at 11h30 AM. Need sleep.

helga@body: shutdown -h now

travian

Ohhh H! You're reading web page's script code again! Damn girl! Well... I just thought this was hilarious and had to share it with you. The following bit of code was taken from unx.js at http://s3.travian.pt/.

function T_Load(url,id)
{
g=false;
if(window.XMLHttpRequest)
{
g=new XMLHttpRequest();
if(g.overrideMimeType)
{
g.overrideMimeType('text/xml');
}
}
else if(window.ActiveXObject)
{
try
{
g=new ActiveXObject("Msxml2.XMLHTTP");
}
catch(e)
{
try
{
g=new ActiveXObject("Microsoft.XMLHTTP");
}
catch(e){}
}
}
if(!g)
{
alert('Can not create XMLHTTP-instance');
return false;
}
g.onreadystatechange=function(){al(id);};
g.open('GET',url,true);
g.send(null);
};

What's so funny in it, is the use of variable g. Which starts as boolean and ends up as an object. This could only be allowed in a language like javascript. And why? Well there's no type declaration, it's optional to do that. Now just how does it reach binary? How can you tell the size? Are they all the same size like in java? Javascript wonders!

Now the reason why I'm reading this:
This travian thing, it's a game. An online, strategy game. Make a village, get an army, attack neighbors kind of thing. But it's real time, things take for ever to evolve. I'd just love to leave some actions recorded to be done in the future. I imagine this would add considerable volume of data in to the server... not to mention that it could be programed so that my soldiers would leave the village and go visit some looser player that can't possibly have an army, while bringing back some resources anytime an attack is coming in. And then again there is the incentive of the “in control” feeling. I just can't bear the infinite number of tabs open one to each field (resources, village, future victims of attacks). I want a frame that lists previous attacks with distance to my village and resources taken, I want to know how long before I have resources to evolve something, I want to be able to put on an “agenda” any build, attack, market action I feel like so I can have my life back. LOL I mean.. I got other things to do!

3 ethernet cards , 2 computers , 1 internet conection

Why I hate windows to the gut?!

Here's a simple problem. 2 computers, 3 Ethernet cards 2 ethernet cables, 1 modem => 1 ISP connection. Objective share Internet connection between two computers. Should be a simple task.

If you're looking for a solution and out of patience just press ctrl+f and type in solution: lol

Now windows was suppose to be your friend. You say: hey I would love to set up a network. This computer connects to the Internet, or this computer connects to a network that somewhere has a computer that connects to the Internet. This would be logical, I send a packet outside of my network and it should find it's way to the gateway (the gate that guards the entrance to my little world) and there it should ask who ever knows and send it to where it's meant to go.

Problems:

I shall call primary to the computer that directly connects to the Internet and secondary to the computer we want to connect to primary so it can also access the internet. It's a wired network! At the very beginning it's like having to separate pipes. One pipe goes from primary to secondary, the other pipe goes from primary to the ISP. So without some trick it's like trying to flush my toilet in some chink bathroom in the other end of the world. There is no connection! The packets can reach the gateway, but they can't get out of it because no one inside the intranet knows where to look for the address. The card from intranet does not know where the card to the Internet is. Thought our friend windows should know!

I hate windows to the gut because windows help files never tell you anything, it's like trying to learn nutrition from a recipe book. Nothing against it when it works but it makes me real mad when it doesn't, it gives me that feeling that you get when you're a little kid trying to open that new toy you got in Xmas with your nails. Someone get the kid a screwdriver!

Well the missing part of the puzzle is bridge! As the name foresees it's something that “connects” the two cards together so they can act as a single connection.

Solution:
I found this at: http://forums.techguy.org/windows-vista/579886-ics-vista-host-xp-client-4.html
posted by: vasudevan84 , I also added some comments because the post sometimes seemed confusing or I really should be sleeping by now or something ;P

okie people..
Hi Guys Try this...

First RUN services.msc on your Vista Machine.
Start Two services.
1. Internet Connection Sharing
//I had trouble here... Vista was telling me It could not enable it 'cause it was not being used
// if so come back to enable it once you've created the bridge
2. Windows Firewall.

now go to Control Panel\Network and Sharing Center\Manage Connection(Left Side Options)

u should see Two connection(i'll rename then to HOME for Local Network and INTERNET for obviously Internet Access) and probably a Bridged Network(if u made one)
1. Now Configure INTERNET(with the IP addresses (TCP/IPv4)For your Internet Access)
//It was only a while ago that I learn how to edit this so... assuming you may be in trouble too
//go to INTERNET properties and then double click on TCP/IPv4 to edit
//most ISPs will want you to get you're IP over dhcp so if in doubt set it to be automatic
2. Set HOME to Auto Config (TCP/IPv4)
3. Select the two Connection now and Right Click\Bridge Connections.
4. Open the Network Bridge options\ UNCHECK the connection INTERNET from there.
5.Make sure the (TCP/IPv4) settings in the NETWORK BRIDGE are set to Auto Config...
6.Now go back to the INTERNET\Sharing TAB\Check option Allow Other Network users to connect through this computers Internet Connection and optionally the second one.

Thats all folks we are done.
PS. Make sure the Connection on XP machine is set to Auto Config again.

This give you File sharing and Inter Connection on Both Vista and XP machine now. BUT the catch is your IP address on XP machine would be dynamic...

Okie the Point is ENABLE the two services on the VISTA machine, bridge the two connection but uncheck the Internet Connetion from the bridge and then share it.

//of course the secondary can be running any Operating System providing dhcp, if on Slackware run
//myName@host: dhclient eth0

Enjoy surfing using your brain and saving 30 euros on a hub.
Nhaaa “Buy a hub!!! buy a hub!!! It so much easier... nha nha nha.“ Ohhh god save them from their stupidity!

Well have been Grumpy lately. ;P