Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: manipulating query strings
From: "Nick Besant" <Nick.Besant () ioko com>
Date: Thu, 26 Feb 2004 09:01:37 -0000


You can do a lot of this with perl and LWP 
http://www.perl.com/pub/a/2002/08/20/perlandlwp.html?page=1 - you 
can create a POST request from scratch using this and manually 
create headers etc.

A good tool is spike proxy (already mentioned I think), 
which I've successfully used for similar testing.  Available
GPL'd or commercially : http://www.immunitysec.com/spikeproxy.html
This also provides additional testing functionality (if you're checking 
for XSS / other holes)

Another commercial alternative would be something like 
Sleuth - http://www.sandsprite.com/Sleuth/about.html


Nick Besant, ioko
nick.besant () ioko com - http://www.ioko.com 

-----Original Message-----
From: Vel [mailto:vel () sympatico ca]
Sent: Monday, February 23, 2004 12:43 PM
To: pen-test () securityfocus com
Subject: manipulating query strings 


Hello Group,

Is there a way to send values to hidden fields ,

i.e Input tags with type=hidden attribute a value from the URL if the
action
attribute on the FORM is ACTION ?

e.g:

<FORM form1 ACTION= '/search/search.asp'  METHOD=post>

<Input type=hidden name=serverName value=www.abc.com>
<Input type=hidden name=serverName value=www.def.com>


--------------------------------------------------------------
----------
---

Given the Method is "POST", can I pass values to the Hidden 
Input fields
using the URL. i.e URL manipulation ?
I know I can pass variables in URL to Server side script variables if
METHOD
is "GET".

But how about POST method ?

Thanks.

Kumar.

---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]