From: Nick Besant (Nick.Besant@ioko.com)
Date: Thu Feb 26 2004 - 04:01:37 EST
You can do a lot of this with perl and LWP
http://www.perl.com/pub/a/2002/08/20/perlandlwp.html?page=1 - you
can create a POST request from scratch using this and manually
create headers etc.
A good tool is spike proxy (already mentioned I think),
which I've successfully used for similar testing. Available
GPL'd or commercially : http://www.immunitysec.com/spikeproxy.html
This also provides additional testing functionality (if you're checking
for XSS / other holes)
Another commercial alternative would be something like
Sleuth - http://www.sandsprite.com/Sleuth/about.html
Nick Besant, ioko
nick.besant@ioko.com - http://www.ioko.com
> -----Original Message-----
> From: Vel [mailto:vel@sympatico.ca]
> Sent: Monday, February 23, 2004 12:43 PM
> To: pen-test@securityfocus.com
> Subject: manipulating query strings
>
>
> Hello Group,
>
> Is there a way to send values to hidden fields ,
>
> i.e Input tags with type=hidden attribute a value from the URL if the
> action
> attribute on the FORM is ACTION ?
>
> e.g:
>
> <FORM form1 ACTION= '/search/search.asp' METHOD=post>
>
> <Input type=hidden name=serverName value=www.abc.com>
> <Input type=hidden name=serverName value=www.def.com>
>
>
> --------------------------------------------------------------
> ----------
> ---
>
> Given the Method is "POST", can I pass values to the Hidden
> Input fields
> using the URL. i.e URL manipulation ?
> I know I can pass variables in URL to Server side script variables if
> METHOD
> is "GET".
>
> But how about POST method ?
>
> Thanks.
>
> Kumar.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT