表单直接提交的问题
如果我访问链接 http://mega.1280.com/file/EKOZKE/ ,输入验证码并点击下载按钮,我就可以下载文件了。
我想知道是否可以在不点击“下载”按钮的情况下提交表格? 我的意思是直接在地址栏上输入验证码并按 Enter?
我尝试 http://mega.1280.com/file/EKOZKE/?code_security= xxxxxx 其中“code_security”是验证码文本框的名称,但失败了。 有任何想法吗?
If I visit the link http://mega.1280.com/file/EKOZKE/, enter the captcha code and click the Download button, I can download the file.
I wonder if I can submit the form without clicking the 'Download' button? I mean typing the captcha code directly on the address bar and hit Enter?
I try http://mega.1280.com/file/EKOZKE/?code_security=xxxxxx where 'code_security' is the name of the textbox of the captcha code but it failed. Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
该表单有一个 POST 方法。 您无法使用不同的 url 模拟 POST 请求,这就是 GET 请求的作用。
即使服务器不检查请求的方法,您仍然必须提供所有必需的数据。 如果您查看表单发送的内容,您会看到还有 3 个其他参数(
action、btn_download、file_id),以及更重要的是,服务器需要恢复您的 php 会话 (PHPSESSID) 所需的几个 cookie,而这又需要将您的 security_code 与提供的 CAPTCHA 进行匹配。底线:您可以模拟该请求,但不能通过提交简单的 GET 请求来模拟。 您必须使用真正的用户代理,它能够发送 POST 请求并处理 Cookie。
...但是,当然,这正是验证码在这里阻止您执行的操作:-)。
编辑:回复您的评论“我只是想了解该网站用于提交表单的技术。” :
实际上,该网站不提交表格。 由您的浏览器提交表单,并且它通过符合 HTML 和 HTTP 标准来完成此操作。 在网页上,表单是经过编码的
,因此,当您单击“提交”按钮时,浏览器会收集输入中的所有数据(文本、隐藏等),并将 HTTP POST 请求发送到表单源自的同一 URL ,带有一堆 HTTP 标头(包括一个 Cookie 标头,其中包含附加到该服务器域的所有存储的 cookie 信息)和包含表单数据的正文:键/值对列表。
服务器接收请求。 它可以检查这实际上是一个 POST 请求。 它可以并且将会检索所有提交的数据对(参数)。 它可以检索 cookie,并以此来恢复您的 php 会话。 然后,它会将您的
security_code参数与存储在 php 会话中的正确数据进行比较。 如果验证码匹配,它将向您发送一个响应,其中包含您的file_id参数指向的文件。The form has a POST method. You can't emulate a POST request with a different url, that's what GET requests do.
Even if the server doesn't check the method of the request, you still have to provide every mandatory data. If you look at what is sent by the form, you'll see there are 3 other parameters (
action,btn_download,file_id), and more importantly several cookies that the server need to recover your php session (PHPSESSID), which is in turn needed to match your security_code with the provided CAPTCHA.Bottom line: you can emulate the request, but not by submitting a simple GET request. You have to use a real user agent, one that is able to send post requests and handle cookies.
...But of course, that's exactly what CAPTCHA are here to prevent you to do :-).
edit: to reply to your comment "I just want to find out the technique that this website use to submit form." :
This website doesn't submit the form, actually. It's your browser that submits the form, and it does so by conforming to HTML and HTTP standards. On the webpage, the form is coded
So when you click on the "submit" button, your browser collects all the data from the inputs (text, hidden, whatever) and sends a HTTP POST request to the same url that the form originated from, with a bunch of HTTP headers (including a Cookie header that contains all the stored cookies information attached to this server domain) and a body containing the form data : a list of key/value pairs.
The server receives the request. It can check that it's actually a POST request. It can and will retrieve all submitted pairs of data (parameters). It can retrieve the cookies, and will do so to restore your php session. It will then compare your
security_codeparameter with the correct data stored in your php session. If the CAPTCHA matches, then it will send you a response containing the file pointed by yourfile_idparameter.