Modifying (hidden) form data
Results 1 to 7 of 7

Thread: Modifying (hidden) form data

  1. #1
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Thumbs up Modifying (hidden) form data

    I recently came across this little gem. It's an Explorer bar that will let you easily view/modify form data.

    HTML Source Code Explorer Bar 2.0
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Pretty cool, but there are also alot of neat tools out there similar to this, for example:

    http://packetstormsecurity.nl/filede...-0-27.zip.html
    Achilles is a tool for Windows designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session?s data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
    Others:

    RFProxy, RainForest Puppy
    WebProxy, Frank Swiderski
    ScanDo, Kavado
    Form Scalpel

    Out of the ones I have messed with, (and no I haven't messed with all of these), I have to say I have enjoyed Achilles the most...I have found it invaluable in messing around with the inputs to my CGI scripts to test various input validation and session-hijaacking attacks...

    There is also a command line tool that I have found helpful at times, Curl (and CurlSSL if you need the SSL functionality). It allows the easy manipulation of POST variables to forms...of course no GUI or anything like that, but then again, who needs a GUI ?

    Thanks for the link,

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Thanks SirDice and nebulus200 for the very intresting links ... I think I have a lot of exploring and learning ahead
    And to think I was just looking for something like this but could'nt realy think of a therm to search it.

    Thanks again.

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by nebulus200
    Pretty cool, but there are also alot of neat tools out there similar to this, for example:

    http://packetstormsecurity.nl/filede...-0-27.zip.html
    Yeah I know If you can proxy the request AND you have control over the proxy you can basicly do and change anything and everything. But this tool maybe useful for the newbies here that are just starting to grasp the idea of html source, forms and their data.
    And since it also has a nice point 'n click interface it shouldn't be to hard for the newbies to use it (for educational purposes only offcourse )
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Cheers to the both of you for these interesting links. Like Cemetric i still have a lot of learning ahead...and these links will help out.
    Insert whitty tagline right here.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    if were talking header manipulation or the like....why not NetCat? Capture the header as text with your favorite sniffer. copy into a txt editor make the changes you want then save it as as some text file:

    nc -vv xxx.xxx.xxx.xx 80 <sometext.txt
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by Tedob1
    if were talking header manipulation or the like....why not NetCat? Capture the header as text with your favorite sniffer. copy into a txt editor make the changes you want then save it as as some text file:

    nc -vv xxx.xxx.xxx.xx 80 <sometext.txt
    You could and you should do it like this to learn (netcat rulez ). But then you would also need to know how HTTP works. You'll need to know how to do a GET request etc. Heck i've even used the good old (read: crappy) telnet from windows to get some html source. But if you just want to see how a page is build up and/or change form data the explorer bar is much easier to use.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •