WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security tool for monitoring HTTP headers?

From: Ivan Ristic <ivanr () webkreator com>
Date: Tue, 24 Feb 2004 15:25:22 +0000
patrick () curioustechnology com wrote:

Does anyone know of a security tool for modifying HTTP headers directly?
For example if I wanted to verify that there was proper input validation
against some of the data in a POST request, does a tool besides Telnet
exist?  I was considering creating one but I don't want to duplicate someone
else's work.


  Give cURL a try: http://curl.haxx.se/

  ...

  If you want something simpler, have a look at this Perl script:

http://cvs.sourceforge.net/viewcvs.py/*checkout*/mod-security/mod_security/tests/run-test.pl?rev=1.1.1.1

  You simply create a file with a request and tell the script where
  to send it. If you put comments on top of the file and include a
  three digits number the script will assume that's the status code
  you expect, and check the response for it. For example:

----------------------
# 18 Keyword in POST only (500)
#
POST /cgi-bin/modsec-test.pl HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 5

p=333
----------------------

--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]
Previous By Date Next
Previous By Thread Next

Current thread: