C code : cURL POST - c

I have some hard time with my code. I'm trying to connect to a website using cURL.
Let's see the code of the website :
<td class="input "><input tabindex="1" class="text" name="authentificationLogin" id="authentificationLogin" type="text"/></td>
<td class="input "><input tabindex="2" class="text" autocapitalize="off" autocorrect="off" name="authentificationPassword" id="authentificationPassword" type="password"/></td>
<td class="input "><input name="authentificationRedirection" id="authentificationRedirection" type="hidden" value="http://myWebsite/?Redirect"/><input name="authentification08e11696a1" id="authentification08e11696a1" type="hidden" value=""/><br/><button class="button button-style" type="submit" name="Submit" id="authentificationSubmit" onclick="return lock("id:authentificationSubmit");">
Now, let's see my code :
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <curl/curl.h>
#include <curl/easy.h>
void Demarrage(void){
CURLcode res;
const char *userAgentMozilla = "Mozilla/5.0 (Windows; U; Windows NT 6.1; fr; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20"; // set userAgent
const char *data = "&to=gaia&login=myName&password=myPassword&isBoxStyle="; // set the data to send
curl_global_init(CURL_GLOBAL_ALL);
CURL *handle;
handle = curl_easy_init();
curl_easy_setopt(handle,CURLOPT_COOKIESESSION,1); // clean up session.
curl_easy_setopt(handle,CURLOPT_USERAGENT,userAgentMozilla); // set the user agent
curl_easy_setopt(handle,CURLOPT_URL,"http://myWebsite.com/logIn"); // set the url
curl_easy_perform(handle); // perform
// I must to take cookies that the website gave to me.
curl_easy_setopt(handle,CURLOPT_POSTFIELDSIZE,58L); // size of the request.
curl_easy_setopt(handle,CURLOPT_POSTFIELDS,data); // aray of the POST request
curl_easy_perform(handle); // perform and connect to the Website
}
I also use Wireshark,
What i have when i do it manually ( that's printable caract only )
$QU9Eq#*Y!P9?PDpPOST /site/doLogIn HTTP/1.1
I don't know what it is.
Host: myWebsite.com
The host.
Connection: keep-alive
Content-Length: 140
Accept: text/html, */*; q=0.01
Some formalities I think.
Origin: http://myWebsite.com
Host again. with type.
X-Requested-With: XMLHttpRequest
I don't know what it is.
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
User Agent. I don't really understand why there is 4 types of user agent.
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://myWebsite/logIn
Accept-Encoding: gzip, deflate
Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
Formalities.
Cookie: advertisementcookie=1; __utma=108225430.1356423961.1414526372.1414789248.1414921274.6; __utmz=108225430.1414526372.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); sessionprod=oekotlo6tfbujtpfirddvvqlp1; _gat=1; _ga=GA1.2.1356423961.1414526372
Well, that start to be interessant. This is cookies sent to the website during the HTTP request. They changed each time I sent a new HTTP request.
&to=gaia&login=myName&password=myPassword&redirection=http%3A%2F%2FmyWebsite.com%2%2F%3Fidentification%3D1&isBoxStyle=&08e11696a1=
This is the principal of my request. Name and password are sent to the server.
I have no error but my code is not working because my hour of last connection isn't change... Probably because i don't set cookies.
I'm really inexperienced and I know I'm doing probably so many stupid error. But, please, if you have any informations, answer to my question...
Have you some genious ideas for repair this code ?
Best regards.
Xavier.

You want to set the string "&to=gaia&login=myName&password=myPassword&redirection=http%3A%" ... to the CURLOPT_POSTFIELDS option for such a "regular" POST.
The CURLOPT_HTTPPOST option that you use (in combination with curl_formadd etc) is for multipart formposts, which you obviously don't want!

I'm happy to told you that i finally did it.
Thanks Daniel for your library and example on your website :
char *data = &togaia&login=login&password=pswd&isBoxStyle=
const char *userAgentMozilla = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6";
CURLcode res;
CURLcode err;
curl_easy_setopt(handle,CURLOPT_COOKIESESSION,1); // clean up session.
curl_easy_setopt(handle,CURLOPT_COOKIEJAR,"cookie.txt"); // save cookie. use it for each action on a website when you are register, juste doing curl_easy_setopt(handle,CURLOPT_COOKIE,"cookie.txt");
curl_easy_setopt(handle,CURLOPT_USERAGENT,userAgentMozilla); // set the user agent
curl_easy_setopt(handle,CURLOPT_URL,"http://thewebsite/site/doLogIn"); // set the url // perform
curl_easy_setopt(handle,CURLOPT_POSTFIELDSIZE,strlen(data)); // size of the request.
curl_easy_setopt(handle,CURLOPT_POSTFIELDS,data); // aray of the POST request
res = curl_easy_perform(handle); // perform and connect to the Website
If you have probleme, do no hesitate to post, and i will try to help you :)
It is the answer to connect to the website, you can also look what i sniffed to have an example ;)

Related

Missing Csrf token cookie

I'm relatively new to CakePHP (v3.7). I have an application in which I'm getting a "Missing Csrf Token Cookie" error.
In Application.php, I have:
$options = []; // I'm fine with the default options.
$csrf = new CsrfProtectionMiddleware($options);
$middlewareQueue->add($csrf);
The form page has a hidden form element with the _csrfToken in it.
I'm confused as to why it's not being found on the POST?
Digging further, I found that in CsrfProtectionMiddleware.php, the _validateToken() function below behaves as follows:
$cookies is null (there are no cookies set.)
thus, $cookie is null.
$post actually contains the content of the _csrfToken parameter from the hidden parameter on the page. However the function never looks at it. Because $cookie is null,
the if(!$cookie) statement causes an InvalidCsrfTokenException to be thrown.
protected function _validateToken(ServerRequest $request)
{
$cookies = $request->getCookieParams();
$cookie = Hash::get($cookies, $this->_config['cookieName']);
$post = Hash::get($request->getParsedBody(), $this->_config['field']);
$header = $request->getHeaderLine('X-CSRF-Token');
if (!$cookie) {
throw new InvalidCsrfTokenException(__d('cake', 'Missing CSRF token cookie'));
}
if (!Security::constantEquals($post, $cookie) && !Security::constantEquals($header, $cookie)) {
throw new InvalidCsrfTokenException(__d('cake', 'CSRF token mismatch.'));
}
}
}
Obviously, the middleware is expecting an actual cookie, in addition to a hidden parameter. Where is this cookie set (or supposed to be set?)
Update:
I checked on the browser side. The cookie is being set, but the browser isn't returning it on the POST request.
Here's CakePHP's RESPONSE to the original GET request to populate the page:
Connection: Keep-Alive
Content-Length: 3013
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2019 23:07:31 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.33 (Unix) PHP/7.1.1
Set-Cookie: csrfToken=b553dd2e06e57f6d514ee41a120e1c60084adafddfbaa6f72db1f7f590fcf50143876ac817d29d6f1cf9a786031d6235ba21e265b9d3b2a0ee4535854f048b66; path=/webroot/
X-Powered-By: PHP/7.1.1
Note the csrfToken cookie.
... and here's the POST that the browser sends back with the form data
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 184
Content-Type: application/x-www-form-urlencoded
DNT: 1
Host: *************
Origin: ****************
Pragma: no-cache
Referer: ***************
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
Query String Parameters
redirect: /Users/login
Form Data
_method: POST
_csrfToken: b553dd2e06e57f6d514ee41a120e1c60084adafddfbaa6f72db1f7f590fcf50143876ac817d29d6f1cf9a786031d6235ba21e265b9d3b2a0ee4535854f048b66
username: xxxxxxxxxx
password: xxxxxxxxxx
Note that it's sending back the hidden form parameter _csrfToken, but NOT the cookie.
Thanks for any help...
This turned out to be a problem with the DOCUMENT_ROOT directory setting in Apache. It was set to the parent directory of webroot, instead of to webroot itself. When I changed it everything worked.

$http.post() method is actally sending a GET

NOTE:
I've found a possibly related issue that warrants a new question here
This is a weird problem. I've been using angular over the course of 2 years and have never run into this problem.
I'm using angular v1.5.0. I'm making a post request like this:
$http({
method: "POST",
url: "/myurl",
data: {
file: myFile // This is just an object
}
});
Run-of-the-mill POST request right? Get this. I look in the console and the Network tab logs the request as a GET. Bizarre. So I've jiggered the code to work like this:
$http.post("/myurl", {file: myFile});
Same thing. After stepping through the $http service code I'm confident that the headers are being set properly. Has anyone else run into this problem?
Update
Taking germanio's advice, i've tried using the $resource service instead:
promise = $resource("/upload").save()
(this returns an error for another reason, it still executes the POST properly). I'm having the same problem: the request is logged as a GET in the console.
Here are the headers of the request when it gets to my server:
GET /myurl/ HTTP/1.1
Host: localhost:8001
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Pragma: no-cache
Referer: http://localhost:8001/myurl/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Update 2
As per georgeawg's suggestion I've used an interceptor to log the request at its various stages. Here is the interceptor code:
$httpProvider.interceptors.push(function() {
return {
request: function(config) {
console.log(config);
return config;
}
}
}
Having run this code I get this logged:
data:Object // contains file object
headers: Object // has Content-Type set to multipart
method:"POST" // ???
url :"/myurl
So this means the request is being sent as a POST from within Angular, but it is still logged as a GET both in the browser and on my server. I think there is something low level at work here about the HTTP protocol that I dont understand.
Is the request sent to the server before it is actually logged in the browser? If so, that might atleast point to my server as the culprit.
In the hopes of finding out whats going on, here is my server code:
type FormStruct struct {
Test string
}
func PHandler(w http.ResponseWriter, r *http.Request) {
var t FormStruct
req, _ := httputil.DumpRequest(r, true)
log.Println(string(req))
log.Println(r.Method) // GET
log.Println(r.Body)
decoder := json.NewDecoder(r.Body)
err := decoder.Decode(&t)
log.Println("Decoding complete")
if err != nil {
log.Println("Error")
panic(err.Error()+"\n\n")
}
log.Println(t.Test)
w.Write([]byte("Upload complete, no errors"))
}
func main() {
http.HandleFunc("/myurl/", PHandler)
fmt.Println("Go Server listening on port 8001")
http.ListenAndServe(":8001", nil)
}
My server throws an EOF error when it receives the request:
2016/03/30 10:51:37 http: panic serving [::1]:52039: EOF
Not sure what an EOF would even mean in this context.
Update 3
By the suggestion of another use, I tried using POSTMAN to hit my server with a fake POST request. The server receives the request properly. This means to me that there is something up with how angular is making the POST request. Please help.
Any ideas?
Full server logs:
Go Server listening on port 8001
2016/03/30 11:13:08 GET /myurl/ HTTP/1.1
Host: localhost:8001
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Content-Type: application/json
Postman-Token: 33d3de90-907e-4350-c703-6c57a4ce4ac0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
X-Xsrf-Token: null
2016/03/30 11:13:08 GET
2016/03/30 11:13:08 {}
2016/03/30 11:13:08 Decoding complete
2016/03/30 11:13:08 Error
2016/03/30 11:13:08 http: panic serving [::1]:52228: EOF
goroutine 5 [running]:
net/http.(*conn).serve.func1(0xc820016180)
/usr/local/Cellar/go/1.6/libexec/src/net/http/server.go:1389 +0xc1
panic(0x3168c0, 0xc82000b1a0)
/usr/local/Cellar/go/1.6/libexec/src/runtime/panic.go:426 +0x4e9
routes.FUPHandler(0x1055870, 0xc820061ee0, 0xc820104000)
/Users/projectpath/routes.go:42 +0x695
net/http.HandlerFunc.ServeHTTP(0x4e7e20, 0x1055870, 0xc820061ee0, 0xc820104000)
/usr/local/Cellar/go/1.6/libexec/src/net/http/server.go:1618 +0x3a
net/http.(*ServeMux).ServeHTTP(0xc820014b40, 0x1055870, 0xc820061ee0, 0xc820104000)
/usr/local/Cellar/go/1.6/libexec/src/net/http/server.go:1910 +0x17d
net/http.serverHandler.ServeHTTP(0xc820016100, 0x1055870, 0xc820061ee0, 0xc820104000)
/usr/local/Cellar/go/1.6/libexec/src/net/http/server.go:2081 +0x19e
net/http.(*conn).serve(0xc820016180)
/usr/local/Cellar/go/1.6/libexec/src/net/http/server.go:1472 +0xf2e
created by net/http.(*Server).Serve
/usr/local/Cellar/go/1.6/libexec/src/net/http/server.go:2137 +0x44e
Update 4
I stumbled onto something interesting:
Charles logs a POST request when I post to myurl, but the response status is 301. After the POST a GET is logged. This is the GET that is hitting my server.
My server, as you can see above, does not do any sort of redirection. How is the 301 happening?
This is due to a security consideration.
In your situation when a redirect is sent back from the server to the browser, the browser will not repeat the POST request (but rather just a "simple" GET request).
Generally speaking a browser will not send POST data to a redirect URL because the browser is not qualified to decide if you're willing to send the same data to the new URL what you intended to send to the original URL (think about passwords, credit card numbers and other sensitive data). But don't try to circumvent it, simply use registered path of your handler to POST to, or any of the other tips mentioned in the linked answer.
For context see question:
Go web server is automatically redirecting POST requests
You can read more on the subject here:
Why doesn't HTTP have POST redirect?
This code actually send GET to server
$http({
method: 'POST',
params: {
LoginForm_Login: userData.username,
LoginForm_Password: userData.password
},
url: YOURURL
}).then(
You need to use transformRequest, sample below actually send POST
$http({
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
transformRequest: function (obj) {
var str = [];
for (var p in obj)
str.push(encodeURIComponent(p) + "=" + encodeURIComponent(obj[p]));
return str.join("&");
},
data: {
LoginForm_Login: userData.username,
LoginForm_Password: userData.password
},
url: YOURURL
}).then(

OPTIONS Error using Ionic AngularJS $http PUT, POST or DELETE requests

I know this has been asked time and time again but I cannot seem to fix my issue no matter what solution I try.
I'm trying to create a new user using AngularJS within Ionic. I have set up a small REST server on my localhost along with my testing of the app. So they are on the same server but are just in different folders. Nevertheless, I still need to apply CORS for some reason...
Using the $http method in AngularJS in a service I can do GET requests. However, when I try a PUT, POST or DELETE request I get an OPTIONS error in the console. Below are the settings I have...
API index.php File
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
My UsersSvc
app.factory('UsersSvc', function($http, $location){
return {
/**
* Adds a user to the database
*
* #param user
* #returns {*}
*/
addUser: function(user){
// User Format...
// user.user_email, user.user_password
return $http.post($location.apiUrl + '/credentials/add_user',
{user: user}).
success(function(data){return data});
}
};
});
Rest Server API method (I am using CodeIgniter and using Phil Sturgeon's REST server)
class Credentials extends REST_Controller {
public function add_user_post(){
$user = $this->user_model->add_user($this->post('user'));
if($user){
$this->response($user, 200);
}
else{
$this->response(
ENVIRONMENT == 'development' ? $this->db->last_query(): null,
ENVIRONMENT == 'development' ? 404 : 204
);
}
}
}
The Error in the Chrome Console
OPTIONS http://localhost/z-projects/git-motostatsfree/MotoStats/MotoStatsAPI/credentials/add_user
(index):1 XMLHttpRequest cannot load http://localhost/z-projects/git-motostatsfree/MotoStats/MotoStatsAPI/credentials/add_user. Invalid HTTP status code 404
Request Headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,en-GB;q=0.6
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:localhost
Origin:http://localhost:8100
Pragma:no-cache
Referer:http://localhost:8100/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.65 Safari/537.36
Response Headers
Access-Control-Allow-Headers:Origin, X-Requested-With, content-type, accept
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Length:42
Content-Type:application/json; charset=utf-8
Date:Thu, 20 Nov 2014 23:04:35 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Unix) PHP/5.5.9 OpenSSL/1.0.1f mod_perl/2.0.8-dev Perl/v5.16.3
Set-Cookie:ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22326db0454f2f256da6b6a526ed62cd2d%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A3%3A%22%3A%3A1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A120%3A%22Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_10_1%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F39.0.2171.65+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1416524675%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D3a3dfab89040b0df83c80eef434d063f; expires=Fri, 21-Nov-2014 01:04:35 GMT; Max-Age=7200; path=/
X-Powered-By:PHP/5.5.9
Any solution or a nudge in the right direction would be a massive help. I've been working on this for 4 hours already and still cannot figure it out.

CORS - CakePHP does not accept AngularJS JSON-Request

I'm using CakePHP as backend and AngularJS as frontend, whereas front- & backend are in different domains so this is basically a CORS-situation.
Basically I'm trying to send the contents of a form to a Cake-API (later this is meant to do authentication part - but I'm failing earlier) via $http.post. So here is the code:
aeapBackend.login = function(username, password) {
return $http.post(
API_URL + 'api_mobile_user/login', {
test: username,
test2: password
}
);
};
Whereas the corresponding API in CakePHP looks like this:
function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow(array('login'));
}
public function login() {
$this->response->header(array(
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Headers' => 'Content-Type'
)
);
$this->autoRender = false;
}
What happens next is that the preflight OPTIONS request ist done - which looks quite good to me:
Request Headers:
OPTIONS /api_mobile_user/login HTTP/1.1
Host: aeap.localhost
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://asf.localhost
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://asf.localhost/?username_input=hjk&password_input=hjgk&login_button=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Response headers:
HTTP/1.1 200 OK
Date: Wed, 05 Nov 2014 15:29:00 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.15
X-Powered-By: PHP/5.5.15
Set-Cookie: CAKEPHP=j6st0hnq8ear2cc6psg56d6eu3; expires=Wed, 05-Nov-2014 19:29:00 GMT; Max-Age=14400; path=/; HttpOnly
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
But when the actual POST-request is done I get an status code 403:
XMLHttpRequest cannot load http://aeap.localhost/api_mobile_user/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://asf.localhost' is therefore not allowed access. The response had HTTP status code 403.
How can I avoid this? In my opinion I already enabled CORS support for Cake ['Access-Control-Allow-Origin']. It seems to me that AngularJS posts some additional informations whioch are not checked during the preflight and then rejected by the backend.
Used versions: CakePHP 2.5.3, AngularJS: 1.3.0
Thanks to Marvin Smit I was able to determine the reason for the behavior which was not connected to CORS are the headers. I set 'Access-Control-Allow-Origin' => '*'on web-server level so I was able to get a response which pointed to the security component of CakePHP.
I basically tried to send a POST-Reuqest to an API which did not expect that data should be posted to it. Therefore the access was denied. So I had to add $this->Security->csrfCheck = false to the beforeFilter:
function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow(array('login'));
$this->Security->csrfCheck = false;
}
For what it's worth, the proper way to do this for Cakephp 3 is as follows
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow(array('login'));
$this->eventManager()->off($this->Csrf);
}
Although, this is not recommended for AJAX requests. The following doc can help you more. CSRF And AJAX

HTTP test code in C using POST request returns 405 status code

I have written a test code that first connects to a web server. It then requests a page, which has a login form, using GET. The GET works and a 200 status code is returned from the web server. After retrieving the page, I attempt to send a POST request to send some log in information but instead receive a 405 METHOD_NOT_ALLOWED status code in return.
Here is the code for sending the GET:
char data[273] = "GET /login HTTP/1.1\r\nHost: www.minecraft.net\r\nUser-Agent: Web-sniffer/1.0.37 (+http://web-sniffer.net/)\r\nAccept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7\r\nCache-Control: no-cache\r\nAccept-Language: de,en;q=0.7,en-us;q=0.3\r\nReferer: http://web-sniffer.net/\r\n\r\n";
if ((val = send(sockfd, &data,272,0)) == -1){
perror("send");
}
And here is the code containing the POST command, username and password are changed so no personal information is given out:
char data2[405] = "POST /login HTTP/1.1\r\nHost: www.minecraft.net\r\nConnection: close\r\nUser-Agent: Web-sniffer/1.0.37 (+http://web-sniffer.net/)\r\nAccept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7\r\nCache-Control: no-cache\r\nAccept-Language: de,en;q=0.7,en-us;q=0.3\r\nReferer: http://web-sniffer.net/\r\nContent-type: application/x-www-form-urlencoded\r\nContent-length: 38\r\n\r\nusername=ausername&password=apassword";
if ((val = send(sockfd, &data2,404,0)) == -1){
perror("send");
}
To make the packets readable:
GET /login HTTP/1.1[CRLF]
Host: www.minecraft.net[CRLF]
User-Agent: Web-sniffer/1.0.37 (+http://web-sniffer.net/)[CRLF]
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]
Cache-Control: no-cache[CRLF]
Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]
Referer: http://web-sniffer.net/[CRLF]
[CRLF]
And the POST packet:
POST /login HTTP/1.1[CRLF]
Host: www.minecraft.net[CRLF]
Connection: close[CRLF]
User-Agent: Web-sniffer/1.0.37 (+http://web-sniffer.net/)[CRLF]
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]
Cache-Control: no-cache[CRLF]
Accept-Language: de,en;q=0.7,en-us;q=0.3[CRLF]
Referer: http://web-sniffer.net/[CRLF]
Content-type: application/x-www-form-urlencoded[CRLF]
Content-length: 38[CRLF]
[CRLF]
username=ausername&password=apassword
As you may notice, the User-Agent is Web-sniffer as I used web-sniffer.net to make these packets, which worked on their website as the POST command there returned a 302 FOUND status code.
I am wondering why this behavior is observed here when the exact same packets worked on web-sniffer.net, yet don't work here.

Resources