Penetration Testing mailing list archives
RE: manipulating query strings
From: "Nick Besant" <Nick.Besant () ioko com>
Date: Thu, 26 Feb 2004 09:01:37 -0000
You can do a lot of this with perl and LWP http://www.perl.com/pub/a/2002/08/20/perlandlwp.html?page=1 - you can create a POST request from scratch using this and manually create headers etc. A good tool is spike proxy (already mentioned I think), which I've successfully used for similar testing. Available GPL'd or commercially : http://www.immunitysec.com/spikeproxy.html This also provides additional testing functionality (if you're checking for XSS / other holes) Another commercial alternative would be something like Sleuth - http://www.sandsprite.com/Sleuth/about.html Nick Besant, ioko nick.besant () ioko com - http://www.ioko.com
-----Original Message----- From: Vel [mailto:vel () sympatico ca] Sent: Monday, February 23, 2004 12:43 PM To: pen-test () securityfocus com Subject: manipulating query strings Hello Group, Is there a way to send values to hidden fields , i.e Input tags with type=hidden attribute a value from the URL if the action attribute on the FORM is ACTION ? e.g: <FORM form1 ACTION= '/search/search.asp' METHOD=post> <Input type=hidden name=serverName value=www.abc.com> <Input type=hidden name=serverName value=www.def.com> -------------------------------------------------------------- ---------- --- Given the Method is "POST", can I pass values to the Hidden Input fields using the URL. i.e URL manipulation ? I know I can pass variables in URL to Server side script variables if METHOD is "GET". But how about POST method ? Thanks. Kumar.
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: manipulating query strings, (continued)
- Re: manipulating query strings Ariel Martinez (Feb 26)
- RE: manipulating query strings Campbell Murray (Feb 25)
- Re: manipulating query strings Markus Toman (Feb 25)
- RE: manipulating query strings Kris Wilkinson (Feb 25)
- Re: manipulating query strings ma1ler_deamon (Feb 25)
- RE: manipulating query strings Toni Heinonen (Feb 25)
- Re: manipulating query strings morning_wood (Feb 26)
- Re: manipulating query strings Karsten Johansson (Feb 25)
- RE: manipulating query strings Scovetta, Michael V (Feb 25)
- Re: manipulating query strings marko (Feb 26)
- RE: manipulating query strings Nick Besant (Feb 26)