远程提交表单,进行灌水,程序简单,如果留言板有验证码,哪就over了
核心代码块
下载源文件
string URL = "http://localhost:3359/Web/Message.aspx";
#region //接受返回的页面
//方法一
//HttpWebRequest request = WebRequest.Create(URL) as HttpWebRequest;
//request.Method = "GET";
//request.KeepAlive = false;
//HttpWebResponse response = request.GetResponse() as HttpWebResponse;
//Stream stream = response.GetResponseStream();
//StreamReader reader = new StreamReader(stream, Encoding.UTF8);
// string srcString = reader.ReadToEnd();
//方法二
WebClient webClient = new WebClient();
byte[] responseBytes = webClient.DownloadData(URL);
string srcString = Encoding.UTF8.GetString(responseBytes);
#endregion
// 获取页面的 VeiwState
string regViewState = "<input type=\"hidden\" name=\"__VIEWSTATE\" id=\"__VIEWSTATE\" value=\"(?<viewState>[^\\s\t\r\n\"\"'<>]*)\" />";
Match mathView = Regex.Match(srcString, regViewState, RegexOptions.IgnoreCase | RegexOptions.Multiline);
string viewState = mathView.Groups[1].Value;
// 获取页面的 EventValidation
string regEvent = "<input type=\"hidden\" name=\"__EVENTVALIDATION\" id=\"__EVENTVALIDATION\" value=\"(?<viewState>[^\\s\t\r\n\"\"'<>]*)\" />";
Match matchEvent = Regex.Match(srcString, regEvent, RegexOptions.IgnoreCase | RegexOptions.Multiline);
string eventValidation = matchEvent.Groups[1].Value;
//自动提交
string submitButton = "留言";
string txtTitle = this.txtContent.Text; //标题
string txtContent = this.txtTitle.Text; //留言内容
// 将文本转换成 URL 编码字符串
viewState = System.Web.HttpUtility.UrlEncode(viewState);
eventValidation = System.Web.HttpUtility.UrlEncode(eventValidation);
submitButton = System.Web.HttpUtility.UrlEncode(submitButton);
// 要提交的字符串数据。格式形如:user=uesr1&password=123
string postString = string.Format("txtTitle={0}&txtContent={1}" + "&btnSave=" + submitButton + "&__VIEWSTATE=" + viewState + "&__EVENTVALIDATION=" + eventValidation, txtTitle, txtContent);
byte[] postData = Encoding.UTF8.GetBytes(postString); // 将字符串转换成字节数组
//循环提交
int num = Convert.ToInt32(txtNum.Text);
for (int i = 0; i <= num; i++)
{
webClient = new WebClient();
webClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
webClient.UploadData(URL, "POST", postData); // 上传数据,返回页面的字节数组
}
ClientScriptManager cs=Page.ClientScript;
cs.RegisterClientScriptBlock(typeof(Page),"","<script>alert('执行完成');</script>");
#region //接受返回的页面
//方法一
//HttpWebRequest request = WebRequest.Create(URL) as HttpWebRequest;
//request.Method = "GET";
//request.KeepAlive = false;
//HttpWebResponse response = request.GetResponse() as HttpWebResponse;
//Stream stream = response.GetResponseStream();
//StreamReader reader = new StreamReader(stream, Encoding.UTF8);
// string srcString = reader.ReadToEnd();
//方法二
WebClient webClient = new WebClient();
byte[] responseBytes = webClient.DownloadData(URL);
string srcString = Encoding.UTF8.GetString(responseBytes);
#endregion
// 获取页面的 VeiwState
string regViewState = "<input type=\"hidden\" name=\"__VIEWSTATE\" id=\"__VIEWSTATE\" value=\"(?<viewState>[^\\s\t\r\n\"\"'<>]*)\" />";
Match mathView = Regex.Match(srcString, regViewState, RegexOptions.IgnoreCase | RegexOptions.Multiline);
string viewState = mathView.Groups[1].Value;
// 获取页面的 EventValidation
string regEvent = "<input type=\"hidden\" name=\"__EVENTVALIDATION\" id=\"__EVENTVALIDATION\" value=\"(?<viewState>[^\\s\t\r\n\"\"'<>]*)\" />";
Match matchEvent = Regex.Match(srcString, regEvent, RegexOptions.IgnoreCase | RegexOptions.Multiline);
string eventValidation = matchEvent.Groups[1].Value;
//自动提交
string submitButton = "留言";
string txtTitle = this.txtContent.Text; //标题
string txtContent = this.txtTitle.Text; //留言内容
// 将文本转换成 URL 编码字符串
viewState = System.Web.HttpUtility.UrlEncode(viewState);
eventValidation = System.Web.HttpUtility.UrlEncode(eventValidation);
submitButton = System.Web.HttpUtility.UrlEncode(submitButton);
// 要提交的字符串数据。格式形如:user=uesr1&password=123
string postString = string.Format("txtTitle={0}&txtContent={1}" + "&btnSave=" + submitButton + "&__VIEWSTATE=" + viewState + "&__EVENTVALIDATION=" + eventValidation, txtTitle, txtContent);
byte[] postData = Encoding.UTF8.GetBytes(postString); // 将字符串转换成字节数组
//循环提交
int num = Convert.ToInt32(txtNum.Text);
for (int i = 0; i <= num; i++)
{
webClient = new WebClient();
webClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
webClient.UploadData(URL, "POST", postData); // 上传数据,返回页面的字节数组
}
ClientScriptManager cs=Page.ClientScript;
cs.RegisterClientScriptBlock(typeof(Page),"","<script>alert('执行完成');</script>");