Friday, July 25, 2014

How I Won the Company Costume Contest: Using CURL to Submit HTTP Forms

The Problem

It was Halloween, and there was a costume contest at the office. I had a beard, and I love Bill Murray, so I threw on an orange ski hat, cheap aviators, and a blue shirt. I was Steve Zissou. It was pretty glorious but my coworkers failed to recognize me. Everyone thought I was supposed to be the uni-bomber. I was not amused.

The people who dressed in costumes all got together for pictures. Someone made up a quick Google survey and sent out a link to vote on your favorite costume. After I made my decision, I noticed I could submit more than one vote. Classic mistake.

The survey was a simple form. All I needed to do was submit a bunch of these forms, with my name selected.



The Solution

After a bit of googleing, I came across a program called Curl. It’s a bit like wget if you’re familiar. Curl is a client that can send to (or receive files from) a server .The command is designed to work without user interaction or any kind of interactivity.

Curl can do a lot of stuff, but all I needed to do was make some HTTP posts.

I opened up the developer tools in chrome (F12), clicked the network tab, started logging, and submitted the form.
This gave me all the information I needed.
I opened up an editor, and wrote something along the lines of this:
curl -v --cookie "COOKIE_COPIED_FROM_CHROME" --data "FORM_DATA_COPIED_FROM_CHROME"
https://docs.google.com/url/copied/from/chrome
I saved that script in a file called “vote”. I wanted to repeat my form submission a lot, so I ran something like this in a linux shell:
for i in {1...1337}; do ./vote; sleep 1; done
i.e. Vote for me every second for 1337 times.

The Results

Needless to say, I dominated the competition. Unfortunately, our company has less than 200 employees, so my landslide victory was a bit suspicious. If I had known there was going to be a $100 prize, I might have been a bit more subtle.

All in all, Curl was a fast, free, easy to use scripting tool. I don't think I've ever had that much entertainment from a ten minute script.

No comments:

Post a Comment