I am a web developer for a website that sometimes suffers from form bots. I recently received an error message with a form message that should be impossible for a person. You cannot submit the form without using JavaScript, but the server side of the script received a form field value that JavaScript validation will not allow.
I suspect the form bot was able to submit the form without running JavaScript, but I'm not quite sure if this is a problem because the real user had a similar problem. I know how to use honeypot fields as a countermeasure for form bots, but I need to check my countermeasures. Therefore, I need a working bot to attack my form, so that I can see what the result will be, and check that my countermeasures will work.
I think you can use PHP with Curl to submit web forms, but I cannot find any sample code. I would rather use the actual form bot, so I can be sure that honeypot fields are not easy to get around.
Does anyone know what is currently being used to attack web forms? How do you check your countermeasures to make sure they are effective?
javascript security webforms bots
rsrobbins
source share