Page 1 of 1
Web server returning "413 Request Entity Too Large"
Posted: Sat Jan 19, 2008 1:45 pm
by impulse()
I have wrote a simple login page that sends the username and password as POST variables to my server. I'm trying to write a PHP brute force script to try and guess the login details by sending headers to my server over and over with details from a dictionary file. I have no intentions to use the maliciously, only to see my options in defending against this type of attack.
My problem is that my web server (Apache) is returning the error "413 Request Entity Too Large". The headers I'm sending are the following:
POST /header/login.php HTTP/1.1
Host: myServer.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer:
http://myServer.co.uk/header/login.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 19\r\n
user=ste&pass=pword
Connection: Close\r\n
The headers are stored in a variable to start with and I run a foreach loop on each line to add "\r\n" to the end of each line. The reason there's some manual newlines is because from reading there needs to be 2 newlines in some places.
Can anybody see where the problem is here? Google has told me I need to change the configuration on the server but I think I'm sending wrong headers as trying to login through a web browser works fine.
Re: Web server returning "413 Request Entity Too Large"
Posted: Sat Jan 19, 2008 5:08 pm
by Mordred
Code: Select all
Content-Length: 19\r\n
user=ste&pass=pword
Connection: Close\r\n
should be
Code: Select all
Content-Length: 19
\r\n(i.e. another empty line)
user=ste&pass=pword
Edit: removed Connection: Close altogether, you have another connection header above. Are you using this keep-alive connection, or you just copy-pasted it from somewhere? If you want serious performance, check pipelining.
Re: Web server returning "413 Request Entity Too Large"
Posted: Sat Jan 19, 2008 5:56 pm
by VladSun
Have a look at this Apache module:
http://www.zdziarski.com/projects/mod_evasive/
It's very effective against username/password bruteforcing.
Re: Web server returning "413 Request Entity Too Large"
Posted: Sat Jan 19, 2008 6:15 pm
by impulse()
I haven't ventured as far into web development to have learnt about HTTP headers, this is sort of my first day. I used Firefox Live HTTP headers to grab what headers are sent and copied and pasted them. I didn't want to tamper with them too much incase it caused problems.
should be
1.
2. Content-Length: 19
3. \r\n(i.e. another empty line)
4. user=ste&pass=pword
5.
That is how I do have it. Each line has "\r\n" added to it by default from a foreach loop then I added in "\r\n" manually so I do have an empty line below the POST variables.
Have you got any links to hand for pipelining documentation? All I've found so far is an explanation of pipelining and howtos to enable it in Firefox.
Re: Web server returning "413 Request Entity Too Large"
Posted: Sat Jan 19, 2008 6:17 pm
by impulse()
Thanks VladSon but this is more of a learning trip for me to mess about with headers, I don't really need to go that far in protecting pages as I don't have anything important behind a login form, well, only on an internal network.
Re: Web server returning "413 Request Entity Too Large"
Posted: Sun Jan 20, 2008 12:43 am
by Mordred
impulse() wrote:.. I didn't want to tamper with them too much incase it caused problems.
In that case where did the
Connection: close header come from?
impulse() wrote:
should be
1.
2. Content-Length: 19
3. \r\n(i.e. another empty line)
4. user=ste&pass=pword
5.
That is how I do have it. Each line has "\r\n" added to it by default from a foreach loop then I added in "\r\n" manually so I do have an empty line below the POST variables.
No, you didn't. You had an additional Connection: close header, which to Apache was extra content, hence the 413.
After the double \r\n and POST string you shouldn't have anything else. The length in the Content-Length header should exactly match the strlen() of the POST data.
impulse() wrote:
Have you got any links to hand for pipelining documentation? All I've found so far is an explanation of pipelining and howtos to enable it in Firefox.
Err, google?
Pipelining is simple in theory - you send multiple requests on a keep-alive connection without waiting for responses. In practice, there's stuff to consider, I won't go into that now - have some working code first

Re: Web server returning "413 Request Entity Too Large"
Posted: Sun Jan 20, 2008 5:10 am
by impulse()
I'm not sure where I picked that up from. It may be from the PHP fsockopen() page. I have tried removing it and making sure Content-length is the exact length of the POST data I'm sending and now a different error is being generated. These are the headers I'm sending:
POST /header/login.php HTTP/1.1
Host: myServer.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer:
http://myServer.co.uk/header/login.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 19
user=ste&pass=pword
But I still receive "HTTP/1.1 413 Request Entity Too Large"
Re: Web server returning "413 Request Entity Too Large"
Posted: Sun Jan 20, 2008 7:39 am
by VladSun
Code: Select all
error_reporting(E_ALL);
$host = '127.0.0.1';
$fp = fsockopen($host, 80, $errno, $errstr, 30);
if (!$fp)
{
echo "$errstr ($errno)<br />\n";
}
else
{
$post_data = 'user=user&pass=user';
$out = "POST / HTTP/1.1\r\n";
$out .= "Host: $host\r\n";
$out .= "Content-Type: application/x-www-form-urlencoded\r\n";
$out .= "Content-Length: ".strlen($post_data)."\r\n";
$out .= "Connection: Close\r\n";
$out .= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11\r\n";
$out .= "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n";
$out .= "Accept-Language: en-gb,en;q=0.5\r\n";
$out .= "Accept-Encoding: gzip,deflate\r\n";
$out .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";
$out .= "\r\n";
$out .= "$post_data\r\n";
fwrite($fp, $out);
while (!feof($fp))
{
echo fgets($fp, 128);
}
fclose($fp);
}
Re: Web server returning "413 Request Entity Too Large"
Posted: Sun Jan 20, 2008 7:52 am
by VladSun
Re: Web server returning "413 Request Entity Too Large"
Posted: Sun Jan 27, 2008 9:06 am
by impulse()
Thanks Vladsun, your headers worked.
I've been reading about pipelining and it's said that pipelining shouldn't be used on POST requests.