RE: manipulating query strings

["Nick Besant" <Nick.Besant () ioko com>]

You can do a lot of this with perl and LWP 
http://www.perl.com/pub/a/2002/08/20/perlandlwp.html?page=1 - you 
can create a POST request from scratch using this and manually 
create headers etc.

A good tool is spike proxy (already mentioned I think), 
which I've successfully used for similar testing.  Available
GPL'd or commercially : http://www.immunitysec.com/spikeproxy.html
This also provides additional testing functionality (if you're checking 
for XSS / other holes)

Another commercial alternative would be something like 
Sleuth - http://www.sandsprite.com/Sleuth/about.html


Nick Besant, ioko
nick.besant () ioko com - http://www.ioko.com 

> -----Original Message-----
> From: Vel [mailto:vel () sympatico ca]
> Sent: Monday, February 23, 2004 12:43 PM
> To: pen-test () securityfocus com
> Subject: manipulating query strings 
>
>
> Hello Group,
>
> Is there a way to send values to hidden fields ,
>
> i.e Input tags with type=hidden attribute a value from the URL if the
> action
> attribute on the FORM is ACTION ?
>
> e.g:
>
> <FORM form1 ACTION= '/search/search.asp'  METHOD=post>
>
> <Input type=hidden name=serverName value=www.abc.com>
> <Input type=hidden name=serverName value=www.def.com>
>
>
> --------------------------------------------------------------
> ----------
> ---
>
> Given the Method is "POST", can I pass values to the Hidden 
> Input fields
> using the URL. i.e URL manipulation ?
> I know I can pass variables in URL to Server side script variables if
> METHOD
> is "GET".
>
> But how about POST method ?
>
> Thanks.
>
> Kumar.

---------------------------------------------------------------------------
----------------------------------------------------------------------------