mqform.htm: MapQuest Lite: AFAAP

	MapQuest Lite CGI-reversing MapQuest	Removing banners
June 2000	by DarkWyrm
	Courtesy of Fravia's searchlores.org
fra_00xx 981607 [blue] 1000 AA RB	"It dawned on me while getting ready for a 9-hour trip that 1) the ads could be largely cut out and that it seemed like the URLs it was using seemed awfully long. As it turns out, there's a reason for this" DarkWyrm	Anti-advertisement
	There is a crack, a crack in everything That's how the light gets in
~S~ Rating	(x)Beginner ( )Intermediate ( )Advanced ( )Expert

MapQuest is, in a way, like a warez site - useful stuff, but ads abound.

MapQuest Lite
CGI-reversing MapQuest
Written by DarkWyrm

Introduction

MapQuest, for the neophyte, is a site which,amongst other things, allows you get directions from one city to another simply by typing in the addresses. Quite useful for those of us who get lost easy. :^D The only problem is that the site itself is overbloated from the "extras" which it also offers, e.g. places along the way for you to spend your money (and ads to go with them), channels, and other junk. Some other decent stuff there, too, (like yellow pages lookups, etc.), but the reason MapQuest exists is because of its directions.

Tools required

any browser
Text editor (I used UltraEdit for this)
Perl (useful, but not required)

Target's URL/FTP

www.mapquest.com

Program History

None.

Essay

For quite a while, MapQuest was really good about its content to advertisement ratio. Not any more. It's almost sickening when you actually notice how much there is. Have a look around first, and you'll see what I mean. It dawned on me while getting ready for a 9-hour trip that 1) the ads could be largely cut out and that it seemed like the URLs it was using seemed *awfully* long. As it turns out, there's a reason for this. Although I didn't use +ORC's zen approach, in retrospect, it seems like a good hunch works almost as well.

The URL

Let's go to MapQuest and get a test URL...

http://www.mapquest.com/cgi-bin/mqtrip?link=btwn%2Ftwn-ddir_na_basic_form_latw_jp
&uid=uu9c09rws4o7iave%3Ab09wblg08&ADDR_ORIGIN=123+some+st&CITY_ORIGIN=somewhere
&STATE_ORIGIN=xx&ZO=43227&OCC=US&ADDR_DESTINATION=1313+mockingbird+ln
&CITY_DESTINATION=anywhere&STATE_DESTINATION=xx&ZD=12345-6789&DCC=US
&dir=Get+Directions&POIRad=2.0

Ick. Lots of stuff, but this provides useful information about what's going on at the other side. The /cgi-bin/ (along with the mqtrip? section) clues us into this being a CGI script. Here's where knowing a little Perl comes in handy. Each & is actually the beginning of a variable processed by the script. If we change the values of some of the variables, we can get some interesting effects.

Let's look at the URL a little differently.

http://www.mapquest.com/cgi-bin/mqtrip?
link=btwn%2Ftwn-ddir_na_basic_form_latw_jp
&uid=uu9c09rws4o7iave%3Ab09wblg08
&ADDR_ORIGIN=123+some+st
&CITY_ORIGIN=somewhere
&STATE_ORIGIN=xx
&ZO=54321
&OCC=US
&ADDR_DESTINATION=1313+mockingbird+ln
&CITY_DESTINATION=anywhere
&STATE_DESTINATION=xx
&ZD=12345-6789
&DCC=US
&dir=Get+Directions&POIRad=2.0

Now it starts to make sense...Playing around a little with a URL after we've done a search, and we get much, much more than this:

link=btwn%2Ftwn-ddir_options_jumppage&avoid_mj_hwy=&avoid_mn_hwy=&avoid_thruways=
&avoid_local=&avoid_frontage=&avoid_ramps=&avoid_allfire=&avoid_ferry=
&avoid_walk=&avoid_lmTD_access=&avoid_toll_roads=&route_type=&ADDR_ORIGIN=
123+some+st&CITY_ORIGIN=somewhere&STATE_ORIGIN=xx&ADDR_DESTINATION=1313+mockingbird+
ln&CITY_DESTINATION=anywhere&STATE_DESTINATION=xx&quest_mode=&results_display_mode=
overview&OPC=&OPL=&DPC=&DPL=&OSAL=&OCAL=&DSAL=&DCAL=&ZO=12345&ZD=12345
&OCC=US&DCC=US&OLL=&DLL=&ORIGIN_NAME=&DEST_NAME=&ORIGIN_STREET_AMBIG_LIST=
&ORIGIN_CITY_AMBIG_LIST=&DEST_STREET_AMBIG_LIST=&DEST_CITY_AMBIG_LIST=&uid=
uu9c09rws4o7iave%3Ab09wblg08&POIRad=2.0&LangOpt=&AB_LABELS=&OAB=&DAB=&MPOICAT1=
&MPOICAT2=&MPOICAT3=&MPOICAT4=&MPOICAT5=&MPOICAT6=
&MPOICAT7=&MPOICAT8=&MPOICAT9=&MPOICAT10=&MPOICAT11=&MPOICAT12=&MPOICAT13=&MPOICAT14=
&MPOICAT15=&MPOICAT16=&MPOICAT17=&MPOICAT18=&MPOICAT19=&MPOICAT20=&MPOICAT21=&MPOICAT22=
&MPOICAT23=&MPOICAT24=&MPOICAT25=&MPOICAT26=&MPOICAT27=&MPOICAT28=&MPOICAT29=&MPOICAT30=
&MPOICAT31=&MPOICAT32=&MPOICAT33=&MPOICAT34=&MPOICAT35=&MPOICAT36=&MPOICAT37=&MPOICAT38=
&MPOICAT39=&MPOICAT40=&MPOICAT41=&MPOICAT42=&MPOICAT43=&MPOICAT44=&MPOICAT45=&MPOICAT46=
&MPOICAT47=&printer.x=77&printer.y=4

It makes sense that a "big" company (compared to us peons) uses big complex CGIs, but this is absurd. If you look closely at the above listing, there's a lot of &something=&somethingelse= stuff. These are vars which aren't assigned a value. *Stuff to play with* Now that we have some things to figure out how they work and what they do. *evil grin*

CGI scripts, unless done _very_ carefully, tend to give the smarter-than-the-average-user more info than they bargain for. If one simply goes to the Driving Directions page and looks at the source (ugly as it is), there are some useful clues and outright answers to our questions. If we search for all this MPOICAT jazz, we find this (names changed to protect the guilty):

< INPUT type="checkbox" name="MPOICAT9" value="11158">< IMG
/loadimage?http://mqgraphics.mapquest.com/gif/mb-button-lennys2.gif" width=72 height=15
border=0 alt="Lenny's Restaurant">

Lovely. An ad. Well, we know that all that stuff is junk for our purposes - a lean method for getting directions. Other tags are blatantly obvious (STATE_DESTINATION, etc.), so let's pick the real juicy one: the printer friendly page.

Ads removed

It has only one ad (easily killed by Proxomitron) and, thus, is a real prize. How do we figure it out? Easy. MapQuest does most of it for us - the "printer-friendly" page is also more user-friendly. It is only offered to us after we've endured 2 pages (or more) of ad-laden crap. Why not cut straight to it? Looking earlier in the source for something (try "printer" on a search results page) and it pops out here

.
-more code here-
.
mqgraphics.mapquest.com/gif/printer.gif
.
-more code here-
.

This doesn't look like anything useful, but sniffing around it gives us this:

    FORM method=get action="/cgi-bin/mqtrip"
     INPUT type=hidden name=link value=btwn/twn-ddir_options_jumppage
! Opening ../../html/bglobal/ddir-route_form.html 

INPUT TYPE=HIDDEN NAME="avoid_mj_hwy" VALUE=""

Interesting... the link= value changes - we change CGI scripts! A nugget of VERY useful information. If we came up with a form that, say, never requested anything but this form, we would have something wouldn't we?

The new, improved MapQuest form

I already did it - swiped quite a bit of it right from the site itself and heavily modified it. You can find it [here].

Final Notes

This work, as +fravia is so fond of saying, is in fieri. I haven't bothered to put in a way to avoid_highways, for example. My forms coding is a little rusty. It's a good start, and workable. Seekers need to know when it's ok to be lazy and when it's not ok. This'll work until after my trip. I'd appreciate any input and/or feedback, too.

Ob Duh

I won't bother going any further to explain why we all need to BUILD and distribute to others our tools and bots with which to fight (or disrupt ;^)) the crap which commercial sites thrust upon us, regardless of our own desires. It drives the message home to the advertisers' pocketbooks when one of their sleazy ploys doesn't work!