Modifying (hidden) form data

[SirDice]

I recently came across this little gem. It's an Explorer bar that will let you easily view/modify form data.

HTML Source Code Explorer Bar 2.0

[nebulus200]

Pretty cool, but there are also alot of neat tools out there similar to this, for example:

http://packetstormsecurity.nl/filede...-0-27.zip.html

Achilles is a tool for Windows designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session?s data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.

Others:

RFProxy, RainForest Puppy
WebProxy, Frank Swiderski
ScanDo, Kavado
Form Scalpel

Out of the ones I have messed with, (and no I haven't messed with all of these), I have to say I have enjoyed Achilles the most...I have found it invaluable in messing around with the inputs to my CGI scripts to test various input validation and session-hijaacking attacks...

There is also a command line tool that I have found helpful at times, Curl (and CurlSSL if you need the SSL functionality). It allows the easy manipulation of POST variables to forms...of course no GUI or anything like that, but then again, who needs a GUI ?

Thanks for the link,

/nebulus

[Cemetric]

Thanks SirDice and nebulus200 for the very intresting links ... I think I have a lot of exploring and learning ahead
And to think I was just looking for something like this but could'nt realy think of a therm to search it.

Thanks again.

C.

[SirDice]

Originally posted here by nebulus200
Pretty cool, but there are also alot of neat tools out there similar to this, for example:

http://packetstormsecurity.nl/filede...-0-27.zip.html

Yeah I know If you can proxy the request AND you have control over the proxy you can basicly do and change anything and everything. But this tool maybe useful for the newbies here that are just starting to grasp the idea of html source, forms and their data.
And since it also has a nice point 'n click interface it shouldn't be to hard for the newbies to use it (for educational purposes only offcourse )

[Shaggy]

Cheers to the both of you for these interesting links. Like Cemetric i still have a lot of learning ahead...and these links will help out.

[Tedob1]

if were talking header manipulation or the like....why not NetCat? Capture the header as text with your favorite sniffer. copy into a txt editor make the changes you want then save it as as some text file:

nc -vv xxx.xxx.xxx.xx 80 <sometext.txt

[SirDice]

Originally posted here by Tedob1
if were talking header manipulation or the like....why not NetCat? Capture the header as text with your favorite sniffer. copy into a txt editor make the changes you want then save it as as some text file:

nc -vv xxx.xxx.xxx.xx 80 <sometext.txt

You could and you should do it like this to learn (netcat rulez ). But then you would also need to know how HTTP works. You'll need to know how to do a GET request etc. Heck i've even used the good old (read: crappy) telnet from windows to get some html source. But if you just want to see how a page is build up and/or change form data the explorer bar is much easier to use.