Random thoughts
Simple telnet HTTP requests
Using Telnet is a great way to learn about HTTP requests.
For example.. back in the 90s microsoft was running their sites on apache. Nowadays they are eating their own dog food. ;-)
Here is a simple HEAD request to microsoft.com via telnet.
$ telnet microsoft.com 80Trying 207.46.232.182...Connected to microsoft.com.Escape character is '^]'.HEAD / HTTP/1.0HTTP/1.1 301 Moved PermanentlyConnection: closeDate: Thu, 12 Jul 2007 15:25:37 GMTServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETLocation: http://www.microsoft.comContent-Length: 31Content-Type: text/htmlSet-Cookie: ASPSESSIONIDSCAQCSBR=FMPJMMPAMGNBFELIPABIHHMN; path=/Cache-control: privateConnection closed by foreign host.The command above was simple. HEAD / HTTP/1.0 followed by 2 line feeds.
The 80 specified in the telnet command is the port that you are hitting when you type in a browser. If another port is used you will see it after a colon. ex: hits the server running on port 8080. If there was one. :-)
When doing GET commands you usually end up sending headers with your command. You should always send the Host header (this isn’t required for HTTP/1.0 but many servers are running multiple sites so you’ll want to send this.)
Here’s an example of a GET against my home page.
$ telnet tonycode.com 80Trying 208.97.136.171...Connected to tonycode.com.Escape character is '^]'.GET / HTTP/1.1Host: tonycode.comHTTP/1.1 200 OKDate: Thu, 12 Jul 2007 16:10:02 GMTServer: Apache/1.3.37 (Unix) mod_throttle/3.1.2 DAV/1.0.3 mod_fastcgi/2.4.2 mod_gzip/1.3.26.1a PHP/4.4.7 mod_ssl/2.8.22 OpenSSL/0.9.7eMS-Author-Via: DAVLast-Modified: Wed, 11 Jul 2007 14:10:28 GMTETag: "19cf7aa-68d-4694e4d4"Accept-Ranges: bytesContent-Length: 1677Content-Type: text/htmlI spared you the full contents of my home page. Why did it return the entire page? Because we did a GET instead of HEAD.
Remembering all the headers you need can get tricky so I usually use [ to get what I need and then I can make modifications for testing or scripting purposes.
Scripting telnet HTTP requests
I recently needed to hit several production servers that lived behind a VIP. I had access to the servers directly but their behavior was controlled by the host that they were called with so if I used the machine name I was out of luck. Also, port numbers in the request would throw it off. So I needed to send http requests directly to the server and lie about the hostname I was using to access them.
Here is a script file that I run and pipe into telnet.
echo "open $1 $2"sleep 2echo "GET $4 HTTP/1.0"echo "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"echo "Host: $3"echoechosleep 2lets put this in a file called getpage and then we run the following
./getpage tonycode.com 80 tonycode.com /| telnet
ok. what did we just do?
- getpage is sending commands on stdout and telnet is getting them via the pipe
- getpage 1st tells telnet to open a connection to tonycode.com ($1) port 80 ($2).
- getpage waits 2 seconds for the connection. Adjust as necessary.
- getpage sends the request. GET / HTTP/1.0 and sets the host ($3) to tonycode.com.
- Note $4 is the resource to fetch and we set it to /.
- I even threw in the user agent header for fun.
- Those 2 empty echo statements are necessary to tell the server this is the end of the request.
- Finally getpage sleeps for 2 seconds to allow time for the response to come back. Leave out this line and you’ll get nada.