View and edit hidden HTML form fields (fwd)

[bugtraq () cgisecurity net]

This may be of interest to this list.

- zeno

> Delivered-To: mailing list vuln-dev () securityfocus com
> Delivered-To: moderator for vuln-dev () securityfocus com
> Date: Mon, 9 Jun 2003 16:23:38 +0200
> From: Richard van den Berg <richard () vdberg org>
> To: vuln-dev () securityfocus com, submissions () packetstormsecurity org
> Subject: View and edit hidden HTML form fields
> Message-ID: <20030609142338.GA14082 () vdberg org>
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> User-Agent: Mutt/1.4i
>
> This might be the most trivial security tool ever written, but I needed
> it and could not find it. I used this as an opportunity to learn some
> IE/ALT/WLT/COM programming.. so don't expect a flawless tool.
>
> What it does is display HTML fill-out form fields (including hidden ones)
> in a table outside the normal browser view. Values can be edited and are
> inserted back in to the live HTML view of the browser. This makes it
> possible to research the behaviour of CGI scripts to unexpected form
> field values.
>
> http://www.vdberg.org/~richard/htmlbar.html
>
> Many thanks to Bjarke Viksoe who made the initial HtmlBar upon which
> I build. HtmlBar is an Internet Explorer 5+ plugin.
>
> Any feedback is appreciated.
>
> Sincerely,
>
> Richard van den Berg