[WEB SECURITY] Free tool to analyse and post http request

P K pak76_apps at yahoo.com
Thu Mar 23 12:07:53 EST 2006


Well, personally I think that if you want to play with
the POST data you don't necessary need a proxy and
quite often it is overkilling the problem - You don't
test the implementation of the HTTP protocol, but just
behaviour of an application. Don't get me wrong, when
I'm testing HTTP implementation I'm using proxies or
tools like nc, but while I'm testing applications I'm
not really interested in all these details.

I wrote this tool a while back, so I can do exactly
this - test web applications. You can intercept,
replay POST body; play with headers, cookies; modify
source code; etc. Also if required you can intercept
raw reply from the server and modify it before
displaying.

Tool can be found here:
http://www.securityfocus.com/tools/3744

Best regards,

Pak76

--- RSnake <rsnake at shocking.com> wrote:

> 
>  	That's a pretty cool tool that I hadn't seen
> before, but I much
> preferr Burp Suite http://portswigger.net/suite/
> because it allows you
> to intercept both outbound and inbound requests
> (which is really useful
> when auditing applications that do subversive things
> in AJAX or Flash
> that is otherwise difficult to see.  If you've got
> Java it will work.
> It's worth a download if you haven't played with it.
>  Just set your
> browser to use 8080 and you're off.  Combined with
> Firefox's switchproxy
> tool and it's very easy to use (almost as easy as
> TamperData).
> 
> -RSnake
> 
> On Wed, 22 Mar 2006, Bill Pennington wrote:
> 
> > My current favorite manual tool to do this is
> TamperData extension for 
> > FireFox
> >
> >
>
https://addons.mozilla.org/extensions/moreinfo.php?id=966&application=firefox
> >
> >
> > On Mar 22, 2006, at 4:03 PM, Fayyaz Ahmad wrote:
> >
> >> Can any one recommend a free tool to post http
> request
> >> 
> >> thanks, Fayyaz
> >> 
> >> 
> >> Get MSN Messenger with FREE Video Conversation -
> the next best thing to 
> >> being there! 
> >>
>
---------------------------------------------------------------------
> The 
> >> Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/ The 
> >> Web Security Mailing List Archives 
> >>
> http://www.webappsec.org/lists/websecurity/archive/
> >
> >
> > ---
> > Bill Pennington, CISSP, CCNA
> > VP Services
> > WhiteHat Security Inc.
> > http://www.whitehatsec.com
> 
>
---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list