Coding a Webserver by: Common Exploit

Page: 2 of 4 (View All)

Creating the project

• 1 Form
• 1 Module

Under the components menu add a reference to MS Winsock. Place 2 Winsock controls on the form and call them WSock and PLink. Set the index of both the Winsock controls as 0 (so that they are instantiated as an array and we can load new instances of them at runtime). Now add a timer control called timer to the form and set the interval to 250 and enabled to false. When we receive incoming data from a PLink socket (i.e. from TRON) the timer is activated. The code for the timer event distributes the incoming data from the buffer to authenticated clients. A DoEvents command in the timer code allows new data to be added to the buffer as it arrives.

Our tState type allows us to set the mode for our connection and deal with incoming/outgoing data accordingly - we don't want to send log data to a client unless their connection state is authenticated. We also need to know what information we expect next from the client. We also want to have a command set for authenticated and unauthenticated connections. Because our connection has a state we would refer to this a 'Stated Service'. FTP, SMTP and POP3 all fall into the category of Stated services. HTTP on the other hand is a stateless service, in that it records no information about the user from connection to connection and closes the connection when it finishes sending the requested data. Therefore all client data has to be stored on the client, which is why we need to use cookies (or variant thereof) with HTTP.

This Type Connection declares the properties of a connection, and includes a value for the connection state, as defined by the tState type. In our web server we are going to assign a connection to each client that logs into port 255. In our main code the CN array holds an array of connections that we can use to access the properties for each connection at runtime.