• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

http hacking

M

mattsoftnet

New Member
I'm looking for a way to "hide" information in an http header. I can legally use post to send information, but I need to receive hidden information too. I don't want to do anything that could possibly brake a browser. any ideas?
 
Are you trying to hack or prevent? If hack I know ways but not gonna tell you. If prevent I don't know anything about it.
 
sEp said:
Are you trying to hack or prevent? If hack I know ways but not gonna tell you. If prevent I don't know anything about it.
Click to expand...

well.. not in the hacker sense that most people think of, but it would be interesting to know how. more of a trick. I'd like to hide information so a client program can download information from a server script, but if you look at the script from a browser or even view source, you wouldn't see the information.
 
You can mess with php coockie sessions using Firefox plugin called "HTTP Live Headers"
 
sEp said:
You can mess with php coockie sessions using Firefox plugin called "HTTP Live Headers"
Click to expand...

thanks. that's a good idea. I never thought of cookies. they can kinda be passed both ways, can't they.
 
I had the cookies adding to the headers nicely. works good. I think when I send a cookie from the server to the client, I should make the cookie expire within a second or even -1 second. I can still read the cookie from the header fine and it should hide it even more from browsers. :)

right now, I'm putting together a class to do the client side http requests. I've seen curl do some awesome preformance over fopen, so I'm gonna have the class use curl whenever possible, and fsockopen as a backup. sound good? now I just have to figure out how to make fsockopen do the same exact thing with headers as curl does.
 
I don't suggest using cookies to pass information over. What if the person has their cookies disabled? Instead, I would encrypt the information in the variable and then decrypt it.
 
Robert said:
I don't suggest using cookies to pass information over. What if the person has their cookies disabled? Instead, I would encrypt the information in the variable and then decrypt it.
Click to expand...

I don't think I explained it right. normal operation will always be server to server, but in the off chance someone does go to the url with a browser, I don't want my information displayed. I want it as hidden as possible. I plan on using expired cookies to send information from server to client, that way browsers will just drop the information completely, but the client program itself can still read the headers fine. smart trick?
 
You must log in or register to reply here.
Back
Top