WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security tool for monitoring HTTP headers?

From: Grega Bremec <grega.bremec () noviforum si>
Date: Tue, 24 Feb 2004 15:27:20 +0100
...and on Tue, Feb 24, 2004 at 12:06:27AM -0800, patrick () curioustechnology com used the keyboard:

Does anyone know of a security tool for modifying HTTP headers directly?
For example if I wanted to verify that there was proper input validation
against some of the data in a POST request, does a tool besides Telnet
exist?  I was considering creating one but I don't want to duplicate someone
else's work.

Thanks,


Along the lines of simple socket-to-socket communication, netcat,
http://www.atstake.com/research/tools/network_utilities/ and netcat6,
http://www.deepspace6.net/projects/netcat6.html, its ipv6-extended
clone, might do the trick.

To my knowledge, both can read from stdin, so you can easily pipe
stuff to them, and they don't suffer from that same problem that
telnet does - disconnection upon encountering an EOF on standard
input.

Both also speak UDP and the old netcat can work as a server too,
which makes it quite useful as a monitoring proxy, so they both
qualify as must-have tools in any kind of ip-networked environment.

The equivalent of netcat/netcat6 that can be useful for multicast
testing is emcast, http://www.junglemonkey.net/emcast/, which is
actually a suite consisting of both a library and a trivial client,
that attempts to near what netcat should be if it spoke multicast.

Hope this helped,
-- 
    Grega Bremec
    Senior Administrator
    Noviforum Ltd., Software & Media
    http://www.noviforum.si/

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: