Wireshark

I installed Wireshark out of curiosity – I’d seen it mentioned and wanted to see how I could find a use for the network protocol analyzer. It sat lying around until a friend asked whether or not it would be possible to skew a particular poll result.

The poll used a flash frontend. I knew there had to be backend it communicated with, so I fired up Wireshark, started logging and cast my vote. A simple ping to the web host revealed the IP address of the destination host which I used to sort the Wireshark result set. There it was – a post to a PHP script to record my vote, complete with HTTP headers and URL string.

Thanks to the Zend Framework and a few lines of code later, my very own poll skewer:

<?php

require_once(‘C:/php/libs/Zend/Http/Client.php’);

$client = new Zend_Http_Client(‘http://www.somedomain.com/poll/poll.php’);
$client->setParameterPost(‘pollId’, ‘7654’);
$client->setParameterPost(‘answerId’, ‘3’);

$response = $client->request(‘POST’);
print urldecode($response->getBody());

?>

Throw that in a loop and iterate a few thousand times and you quickly begin to understand how important it is to add restrictions based on a user’s IP address and / or cookies – even though these often cause more trouble than they’re worth.

Leave a Reply

Your email address will not be published. Required fields are marked *