Results 1 to 3 of 3

Thread: Advanced Browser Logging

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow Advanced Browser Logging

    Anyone know of a browser that can log the individual HTTP requests - i.e. - all the gets, posts, all the headers, etc while you are browsing?

    I am doing some security analysing for a company and their web apps could be vulnerable if someone were to know the address of the page they get redirected to and then redirected from right away (ok - that was as clear as mud) - like this:

    Login + Password form passes data to a program that tests to make sure Password is correct. If so, they get redirected (via a "Location: " header to a page that will process their data in the background and then right away will again redirect them w/ header to a "Successful" page. In other words, using a normal browser it would look as though they jumped from the form to the successful page (even though they acually just hit a bunch of pages).

    The problem is that if you go directly to the page that will process the data, it will do it without any security varification. Just wondering if there were browsers (or plugins?) that would either log this in some way or tell you it was happening.
    \"If you torture the data enough, it will confess.\" --Ronald Coase

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    If they're using POST data, you don't need to analyse the get/posts that the browser performs, just look at the raw HTML generated. The action clause of the form gives you the script that gets accessed upon submitting...
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow

    Originally posted by chsh
    If they're using POST data, you don't need to analyse the get/posts that the browser performs, just look at the raw HTML generated. The action clause of the form gives you the script that gets accessed upon submitting...
    Yeah - I know from the action the "authentication" page, but that page then transparently (through headers) transfers to two additional pages - those page changes are what I want to be able to see.
    \"If you torture the data enough, it will confess.\" --Ronald Coase

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •