Simple telnet HTTP requests
Using Telnet is a great way to learn about HTTP requests.
For example.. back in the 90s microsoft was running their sites on apache. Nowadays they are eating their own dog food. ;-)
Here is a simple HEAD request to microsoft.com via telnet.
$ telnet microsoft.com 80 Trying 22.214.171.124... Connected to microsoft.com. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 12 Jul 2007 15:25:37 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Location: http://www.microsoft.com Content-Length: 31 Content-Type: text/html Set-Cookie: ASPSESSIONIDSCAQCSBR=FMPJMMPAMGNBFELIPABIHHMN; path=/ Cache-control: private Connection closed by foreign host.
The command above was simple. HEAD / HTTP/1.0 followed by 2 line feeds.
The 80 specified in the telnet command is the port that you are hitting when you type http://microsoft.com/ in a browser. If another port is used you will see it after a colon. ex: http://tonycode.com:8080/ hits the server running on port 8080. If there was one. :-)
When doing GET commands you usually end up sending headers with your command. You should always send the Host header (this isn’t required for HTTP/1.0 but many servers are running multiple sites so you’ll want to send this.)
Here’s an example of a GET against my home page.
$ telnet tonycode.com 80 Trying 126.96.36.199... Connected to tonycode.com. Escape character is '^]'. GET / HTTP/1.1 Host: tonycode.com HTTP/1.1 200 OK Date: Thu, 12 Jul 2007 16:10:02 GMT Server: Apache/1.3.37 (Unix) mod_throttle/3.1.2 DAV/1.0.3 mod_fastcgi/2.4.2 mod_gzip/188.8.131.52a PHP/4.4.7 mod_ssl/2.8.22 OpenSSL/0.9.7e MS-Author-Via: DAV Last-Modified: Wed, 11 Jul 2007 14:10:28 GMT ETag: "19cf7aa-68d-4694e4d4" Accept-Ranges: bytes Content-Length: 1677 Content-Type: text/html <!DOCTYPE html PUBLIC "-//W3C//DTD
I spared you the full contents of my home page. Why did it return the entire page? Because we did a GET instead of HEAD.
Remembering all the headers you need can get tricky so I usually use [LiveHttpHeaders to get what I need and then I can make modifications for testing or scripting purposes.
Scripting telnet HTTP requests
I recently needed to hit several production servers that lived behind a VIP. I had access to the servers directly but their behavior was controlled by the host that they were called with so if I used the machine name I was out of luck. Also, port numbers in the request would throw it off. So I needed to send http requests directly to the server and lie about the hostname I was using to access them.
Here is a script file that I run and pipe into telnet.
echo "open $1 $2" sleep 2 echo "GET $4 HTTP/1.0" echo "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:184.108.40.206) Gecko/20070515 Firefox/220.127.116.11" echo "Host: $3" echo echo sleep 2
lets put this in a file called getpage and then we run the following
./getpage tonycode.com 80 tonycode.com /| telnet
ok. what did we just do?
- getpage is sending commands on stdout and telnet is getting them via the pipe
- getpage 1st tells telnet to open a connection to tonycode.com ($1) port 80 ($2).
- getpage waits 2 seconds for the connection. Adjust as necessary.
- getpage sends the request. GET / HTTP/1.0 and sets the host ($3) to tonycode.com.
- Note $4 is the resource to fetch and we set it to /.
- I even threw in the user agent header for fun.
- Those 2 empty echo statements are necessary to tell the server this is the end of the request.
- Finally getpage sleeps for 2 seconds to allow time for the response to come back. Leave out this line and you’ll get nada.