No_Explorer!

This page is proudly Microsoft Explorer Hostile

(not yet...? My *.ocx command will be soon implemented)
Exploder Control!

This page also crashes Netscape 2 with a divide by zero error

Cookies, CGI stuff, Robots and Spiders page

Under heavy construction: started in november

__Robots & Spiders__

Link to a small harvest robot: redWebglimpse available in late november

__Hostile applets__

you'll get the source code for some nice hostile applets
here
Let's have a look at all the applets we are loading "without knowing it" just by browsing around: Open your c:\NAVIGA~1.CACHE directory and, using your hexeditor, have a look at all the *.class files you loaded. Navigator, unfortunately, gives names without meaning to its cache files (using the "real" names of the files should be one of the top priority improvements for the next version), but you'll find the applets names (among many other information) inside the code.

__Cookies__

Well, what are cookies? Cookies are informations stored by you when you visit a site, designed and useful FOR THE SITE you visited
A Cookie is a little nugget of information that is sent to your browser from a World Wide Web Server. This block of data can be anything, a unique user ID generated by the server, the current date and time, the IP Address of where the browser is logged onto the net or any other chunk of data that you want.
After a browser receives a cookie it will then send that cookie (nugget of info) to the server that set it whenever it requests an html page. The browser will only send the cookie to the server that originally set it. This means that I (at my server) can't tell if you (some browser) have cookies that other sites have set. In other words I can't steal cookies I haven't given you by using HTTP protocols.

Cookies can be set either in the HTTP Header or in the Head portion of the HTML document using a META tag (It's described on the main page) the problem with doing it that way is that only netscape supports it.
This is the format a CGI script would use to add to the HTTP headers 
a new piece of data which is to be stored by the client
for later retrieval. 

Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure
expires is an optional attribute. If not specified, the cookie will expire when the user's session ends.
The default value of domain is the host name of the server which generated the cookie response
If a cookie is marked secure, it will only be transmitted if the communications channel with the host is a secure one. Currently this means that secure cookies will only be sent to HTTPS (HTTP over SSL) servers. If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.
When requesting a URL from an HTTP server, the browser will match the URL against all cookies and if any of them match, a line containing the name/value pairs of all matching cookies will be included in the HTTP request.
Have a look at the cookies you have in c:\windows\cookies and examine them with your hexeditor:
this is the cookie I have set in this page:
access.8.www.geocities.com/Athens/5513/.0.2922787840.29120835.1035370336.29084634.*.
this is the cookie from Hotbot
ink.IU082A0C432A6086A4F2FE64D40F4973EEF27C97.hotbot.com/.0.3590660096.29294449.682573152.29065138.*.
this is an interesting cookie from LordSomer:
DemoName.fravia.www.cris.com/~lordsome/.0.2705616768.29067717.1995643264.29067516.*.
Another one: with last visit informations
lastvisit.Tue%20Aug%2013%2003%3a04%3a22%201996%3a838814433.28818.members.tripod.com/.0.951197440.29087610.937623776.29067494.*.
and the cookie from Netscape:
NETSCAPE_ID.1000e010,1007abea.netscape.com/.0.617916800.29316075.3185882080.29069520.*.
and the Microsoft cookie
MC1.ID=d65fe66bea8211cfbceb0000f84a13db.microsoft.com/.0.3590660096.29294449.2359962560.29064890.*.
If a CGI script wishes to delete a cookie, it can do so by returning a cookie with the same name, and an expires time which is in the past. The path and name must match exactly in order for the expiring cookie to replace the valid cookie. This requirement makes it difficult for anyone but the originator of a cookie to delete a cookie.

So, once more: basically what happens is this: You visit a page and get as response
Set-Cookie: VISITOR=STUPID; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT
From now on, every time you request a URL in the path "/" of the above server, YOU send following message:
Cookie: VISITOR=STUPID

How do you go on from here?
As usual: Beg, Borrow and Steal! A good artist copies, a great artist steals - Picasso

Did you know that Netscape and MIE create a file that helps web servers keep track of you ?
On Macs it is in a file called Magic Cookie, on IBM type CPUs it is in a file called cookies.txt
It isn't really meant to be understood: some of the data is encrypted so it's a little hard to read :-)
This "MagicCookie" file is very useful in some cases, like storing some viewing configurations (i.e. with or without frames, etc...), but it can also help the server know WHO you are and what you do
Say you go to lycos and lookup some keywords, well lycos can store in the cookie file a number that helps it know that you're user ID 238f983298ds8s9df (for example) and store what you looked for in its database (on the web server, this time). Well, let's not be paranoid, but, say Glittering Computers Inc wants to spam some ads, it could ask lycos to setup a specific gif image on lycos' page only to users who lookedup computer related links. (that's a simple example).
Have a look at your cookies.txt file!
If you lock the cookies.txt file (c:\NAVIGA~1\cookies.txt on non-Mac machines) this will not stop cookies from working. Cookies will still reside in memory. It will however make it so the cookies can't be written to the hard drive, it may also cause netscape to bomb when you quit.

Boy, FraVia's page are like russian dolls... have a look at my red other cookies!

When the netscape prompt to accept a cookie appears it often gives the value Apache = nnnnnnn there are two possible reasons: Apache webservers will automatically set a cookie everytime a person goes there, it's to do hit counts & accounting. The other is a bug related to earlier versions of Apache where the cookie string is incorrectly terminated resulting in a cookie value that looks like s=2398709123948701. there is a patch at Apache's website to fix this.
Where does the cookie go after it is sent back to the server and how do you read it is another matter: It doesn't really get sent back to the server. It gets sent to he server when the browser makes a request for a page. So you have to serve your page from a CGI which recieves the cookie along with the page request then generates a custom page based upon the cookie.
And let's not forget:
Through cookies a browser can be tracked over multiple sites, therefore a cookie can be used to "register" that you have been to a site, or group of sites X number of times
Good news for the war against Micro$oft!
(I am currently working on it :-)
Another difference between Navigator and Explorer is in the cookie handling category: If you set a cookie in Netscape that is empty it will be empty, In Explorer it will not change e.g. Set-Cookie myCookie=; expires=Wednesday, 09-Nov-99 23:12:40 GMT... etc. Navigator will say the cookie is "" Explorer will say the cookie is the value that it was set to before the above Set-Cookie

You've seen this page times in the last semester!


redhomepage redlinks redback to anon red+ORC redtools redcocktails redsearch_forms redmailfravia

FraVia 06/11/96