A few days ago I downloaded a program called directorysubmission from here http://directorysubmitter.imwishlist.com/ to see how it works. As you probably know directories do have a form which webmasters fill including URL, Email and so on. When you use this program it fills these boxes for you and all you have to do is to select the category and type in the Captcha. Question: How can this program get access to those text boxes directly on the remote site? This is what I have done so far: hypothesis 1: The program uses javascript to access the elements of the form. Result: Wrong, if we try to access the remote objects of a page we would get permission error. hypothesis 2 : Program generates the whole page locally and then fills the boxes. Resut: Wrong, if we create the whole page locally, fill it and then submit it, the directory would reject the form because they somehow prevent remote submission. So how can they do it?
it will most likely collect the page to find out the details needed including any session variables/ cookies etc and simply post straight to the server mimicking what the form will do. Would need to test it to find out for certain but most elements can be bypassed
AstarothSolutions is correct. Most likely, it downloads the form, checks all the fields that are needed, and then POSTs the required data. This is incorrect. The script can mimick a web browser, and the remote server is unable to tell the difference between the script, and a user using a web browser. Basically, a POST request from a web browser looks a bit like: POST /submit.php HTTP/1.1 Host: example.com User-Agent: Opera/9.24 (X11; Linux i686; U; en) <some other headers here> name=Daniel&address=daniel15.net&submit=1 Code (markup): (the last bit is the data posted). The server then returns the page that is displayed. As you can probably tell, this isn't too hard to duplicate. It's not encryped, only Base64 encoded. Decoding this is trivial.