[ale] Data encoding in a web page

Joe Steele joe at madewell.com
Sun Oct 19 18:14:08 EDT 2003


On Sunday, October 19, 2003 7:05 AM, Christopher Fowler wrote:
> On Sun, Oct 19, 2003 at 06:54:40AM -0400, David Corbin wrote:
> > On Sunday 19 October 2003 06:45, Christopher Fowler wrote:
> > > It seems that URLEncoding that value gets me part of what
> > > netscape is sending.  But netscape is sending much more data.

Your browser is returning the exact same __VIEWSTATE data that it 
received (except for the fact that it is URL encoded).  The reason 
the data looks as though it has grown tremendously is because you are 
not watching what is happening closely enough.  Every time you change 
the "Profession:" drop-box field, the form is reposted (via the 
__doPostBack() script) and a new __VIEWSTATE value is returned.  The 
first sample of __VIEWSTATE data you captured (with wget) is the 
initial data provided by their website.  Your second sample of 
__VIEWSTATE data can be replicated by changing the dropbox to some 
value other than "all", and then returning it back to "all".  


Incidentally, the __VIEWSTATE data is base 64 encoded.  As such, it 
uses characters a-zA-Z%/=.  The URL encoding requires that '%25', 
'%2F', '%3D' be converted back to '%', '/', & '='.  When fully 
decoded, it is mostly readable, but not particularly interesting.

--Joe

> > >
> >
> > Why don't you post a copy of what netscape is sending, and what you THINK it
> > should be sending?
>
> Great Idea.
>
> Below is the input of the form. I got this data just by using wget on the
> web site.
>
> <input type="hidden" name="__EVENTTARGET" value />
> <input type="hidden" name="__EVENTARGUMENT" value />
> <input type="hidden" name="__VIEWSTATE" value="dDwyMTQxMjc4NDIxO

[snip]

>
> --- Here is what I've captured ----
>
>

[snip]



More information about the Ale mailing list