WebApp Sec mailing list archives
Re: Looking for a POST statement Sniffer
From: Jon Hart <warchild () spoofed org>
Date: Mon, 15 Sep 2003 22:12:54 -0400
On Mon, Sep 15, 2003 at 03:26:53PM +0100, Andy Talbot wrote:
Hi Everyone It's been a long time since I've required the ability to sniff POST statements and the application I used many time ago has since died on my last machine (I think I used the proxy server included in one of Compuware's QA testing suite products to catch URL POST Statements). This requirement has arisen from a new web development within our Extranet, developed in Flash 5 with asp. As the URL's statements are not publicly visible in the address bar (they are passed transparently within the flash movie), I require a reliable method of catching the post statements sent from my client PC to my Websever, so I can check our current security measures. Ideally I'm looking for a free and reliable method of achieving this! If you guys could recommend something suitable to me this would be much appreciated.
Your best be will be SPIKE: http://www.immunitysec.com/spike.html This includes the SPIKE proxy, which will do all your GET/HEAD/POST sniffing, and then some. Hope that helps, -jon
Current thread:
- Looking for a POST statement Sniffer Andy Talbot (Sep 15)
- Re: Looking for a POST statement Sniffer Ivan Ristic (Sep 15)
- Re: Looking for a POST statement Sniffer Jon Hart (Sep 15)
- <Possible follow-ups>
- RE: Looking for a POST statement Sniffer Tom Arseneault (Sep 15)
- RE: Looking for a POST statement Sniffer Dawes, Rogan (ZA - Johannesburg) (Sep 16)