WebApp Sec mailing list archives

Re: Looking for a POST statement Sniffer

From: Jon Hart <warchild () spoofed org>
Date: Mon, 15 Sep 2003 22:12:54 -0400

On Mon, Sep 15, 2003 at 03:26:53PM +0100, Andy Talbot wrote:

Hi Everyone

It's been a long time since I've required the ability to sniff POST
statements and the application I used many time ago has since died on my
last machine (I think I used the proxy server included in one of Compuware's
QA testing suite products to catch URL POST Statements).

This requirement has arisen from a new web development within our Extranet,
developed in Flash 5 with asp. As the URL's statements are not publicly
visible in the address bar (they are passed transparently within the flash
movie), I require a reliable method of catching the post statements sent
from my client PC to my Websever, so I can check our current security
measures.

Ideally I'm looking for a free and reliable method of achieving this! If you
guys could recommend something suitable to me this would be much
appreciated.


Your best be will be SPIKE:

http://www.immunitysec.com/spike.html

This includes the SPIKE proxy, which will do all your GET/HEAD/POST
sniffing, and then some.

Hope that helps,

-jon

Current thread:

Looking for a POST statement Sniffer Andy Talbot (Sep 15)
- Re: Looking for a POST statement Sniffer Ivan Ristic (Sep 15)
- Re: Looking for a POST statement Sniffer Jon Hart (Sep 15)
- <Possible follow-ups>
- RE: Looking for a POST statement Sniffer Tom Arseneault (Sep 15)
- RE: Looking for a POST statement Sniffer Dawes, Rogan (ZA - Johannesburg) (Sep 16)