Reputation: 1449
I tried searching and found out that someone has written a multipart form uploader.
Though it had one thing wrong: It transfered all the - supposedly - POST values in the url.. Which the web application doesn't like - somehow.
It went all
POST /index.php?page=post&s=add&title=test&tags=testtags HTTP/1.1
And only added the file into the post content.
I tried submitting with a browser, and this came out:
POST /index.php?page=post&s=add HTTP/1.1
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/ Safari/532.0
Content-Length: 54851
Cache-Control: max-age=0
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFqdVQ+1blrPMX2py
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Cookie: __utmz=52483902.1258558959.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);user_id=7382; pass_hash=lolpasswordcensored; __utma=52483902.1527465380.1258558959.1261431208.1261504455.7; __utmc=52483902; __utmb=52483902.1.10.1261504455
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Disposition: form-data; name="upload"; filename="001.jpg"
Content-Type: image/jpeg
Content-Disposition: form-data; name="source"
Content-Disposition: form-data; name="title"
Content-Disposition: form-data; name="tags"
Content-Disposition: form-data; name="rating"
Content-Disposition: form-data; name="submit"
I replaced the image data bytes with IMGDATA to make it shorter.
This upload was accepted. So I tried to imitate this with VB.NET code I will show soon. This came out:
POST /index.php?page=post&s=add& HTTP/1.1
Cookie: user_id=7382; pass_hash=lolpass_hashcensor;
Content-Type: multipart/form-data; boundary=----------8cc5152e90b3c60
Content-Length: 243397
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
Content-Disposition: form-data; name="tags"
Content-Disposition: form-data; name="source"
Content-Disposition: form-data; name="rating"
Content-Disposition: form-data; name="title"
Content-Disposition: form-data; name="submit"
Content-Disposition: form-data; name="upload"; filename="1017E.jpg"
Content-Type: application/octet-stream
This got NOT accepted though. So what was the problem? I also tried putting the two extra (--) somewhere else.. And in the end, it didn't change anything. This is the cutout of the VB.NET code I used for transmitting. The Uploader.Start starts the upload process through a thread which uses the global variables.
Sub StartUploadJob(ByVal filepath As String, ByVal tags As String, ByVal title As String, ByVal source As String, ByVal rate As rating)
ContinueProgressLoop = True
processloop = New Threading.Thread(AddressOf ProgressLoopThread)
Uploader = New Threading.Thread(AddressOf UploadFileEx)
uploadfile = filepath
querystring("page") = "post"
querystring("s") = "add"
'querystring("page") = "dapi"
'querystring("s") = "post"
'querystring("q") = "index"
'url = ""
url = ""
'url = ""
fileFormName = "upload"
contenttype = "application/octet-stream"
uploadstrings("tags") = tags
uploadstrings("source") = source
uploadstrings("rating") = rate.ToString
uploadstrings("title") = title
'querystring("user_id") = My.Settings("user_id")
'querystring("pass_hash") = My.Settings("pass_hash")
uploadstrings("submit") = "Upload"
working = True
cookies = New CookieContainer()
End Sub
Dim uploadstrings As New NameValueCollection
Dim uploadfile As String : Dim url As String : Dim fileFormName As String : Dim contenttype As String : Dim querystring As New NameValueCollection : Dim cookies As CookieContainer
Function UploadFileEx() '(ByVal uploadfile As String, ByVal url As String, ByVal fileFormName As String, ByVal contenttype As String, ByVal querystring As NameValueCollection, ByVal cookies As CookieContainer) As String
If (fileFormName Is Nothing) OrElse (fileFormName.Length = 0) Then
fileFormName = "file"
End If
If (contenttype Is Nothing) OrElse (contenttype.Length = 0) Then
contenttype = "application/octet-stream"
End If
Dim postdata As String
postdata = "?"
If querystring IsNot Nothing Then
For Each key As String In querystring.Keys
postdata += (key & "=") + querystring.[Get](key) & "&"
End If
Dim uri As New Uri(url + "?page=post&s=add")
Dim boundary As String = "----------" & DateTime.Now.Ticks.ToString("x")
Dim webrequest__1 As HttpWebRequest = DirectCast(WebRequest.Create(uri), HttpWebRequest)
'webrequest__1.CookieContainer = cookies
webrequest__1.Headers(HttpRequestHeader.Cookie) = My.Settings.cookie_string
webrequest__1.Headers.Add("Origin", "")
webrequest__1.Referer = ""
webrequest__1.ContentType = "multipart/form-data; boundary=" & boundary
webrequest__1.Method = "POST"
' Build up the post message header
Dim sb As New StringBuilder()
For Each key As String In uploadstrings.Keys
' content-disposition: form-data; name="field1"
'content-type: text/plain
sb.Append(boundary & vbCrLf)
sb.Append("Content-Disposition: form-data; name=""" + key + """" & vbCrLf)
' sb.Append("content-type: text/plain" & vbCrLf)
Dim close As Byte() = Encoding.UTF8.GetBytes("--")
sb.Append(vbCr & vbLf)
sb.Append("Content-Disposition: form-data; name=""")
sb.Append("""; filename=""")
sb.Append(vbCr & vbLf)
sb.Append("Content-Type: ")
sb.Append(vbCr & vbLf)
sb.Append(vbCr & vbLf)
Dim postHeader As String = sb.ToString()
Dim postHeaderBytes As Byte() = Encoding.UTF8.GetBytes(postHeader)
' Build the trailing boundary string as a byte array
' ensuring the boundary appears on a line by itself
Dim boundaryBytes As Byte() = Encoding.ASCII.GetBytes(vbCr & vbLf & boundary & "--" & vbCr & vbLf)
Dim fileStream As New FileStream(uploadfile, FileMode.Open, FileAccess.Read)
Dim length As Long = postHeaderBytes.Length + fileStream.Length + boundaryBytes.Length
webrequest__1.ContentLength = length
Dim requestStream As Stream = webrequest__1.GetRequestStream()
Dim fulllength As Integer = postHeaderBytes.Length + fileStream.Length + boundaryBytes.Length
RaiseEvent TextMessage("")
' Write out our post header
RaiseEvent TextMessage("Write out our post header")
requestStream.Write(postHeaderBytes, 0, postHeaderBytes.Length)
progress = New Progress_Struct(100 / fulllength * postHeaderBytes.Length, postHeaderBytes.Length, fulllength)
' Write out the file contents
RaiseEvent TextMessage("Write out the file contents")
Dim buffer As Byte() = New [Byte](CUInt(Math.Min(4096, CInt(fileStream.Length))) - 1) {}
Dim bytesRead As Integer = 0
While (InlineAssignHelper(bytesRead, fileStream.Read(buffer, 0, buffer.Length))) <> 0
requestStream.Write(buffer, 0, bytesRead)
Progress = New Progress_Struct(100 / fulllength * (Progress.bytes_read + buffer.Length), Progress.bytes_read + buffer.Length, fulllength)
End While
RaiseEvent TextMessage("bytesRead = " + bytesRead.ToString)
RaiseEvent TextMessage("postHeaderBytes.length = " + postHeaderBytes.Length.ToString)
RaiseEvent TextMessage("Main File bytes written")
' Write out the trailing boundary
requestStream.Write(boundaryBytes, 0, boundaryBytes.Length)
Progress = New Progress_Struct(100 / fulllength * (Progress.bytes_read + boundaryBytes.Length), Progress.bytes_read + boundaryBytes.Length, fulllength)
Dim responce As WebResponse
RaiseEvent TextMessage("Trying normal response...")
responce = webrequest__1.GetResponse()
Catch ex As Net.WebException
RaiseEvent TextMessage("ERROR " + ex.Status.ToString + " Trying to get Error response.")
responce = ex.Response
End Try
Dim s As Stream = responce.GetResponseStream()
Dim sr As New StreamReader(s)
ContinueProgressLoop = False
Dim returnstr As String = sr.ReadToEnd()
RaiseEvent ProgressChange(Progress)
RaiseEvent UploadFinished(returnstr)
RaiseEvent TextMessage("Working FALSE")
working = False
Return returnstr
End Function
I hope anybody can help me with this. I can't figure out what is wrong.
It should return a "Upload Success" message with a redirect, but it only returns the upload page itself. I checked with a network sniffer.
Upvotes: 0
Views: 6722
Reputation: 33541
Why don't you take a look at System.Net.WebClient
class instead? This way you do not have to worry about formatting the POST data, you just call WebClient.UploadFile()
Upvotes: 1