WebApp Sec mailing list archives
Re: Security tool for monitoring HTTP headers?
From: Ivan Ristic <ivanr () webkreator com>
Date: Tue, 24 Feb 2004 15:25:22 +0000
patrick () curioustechnology com wrote:
Does anyone know of a security tool for modifying HTTP headers directly? For example if I wanted to verify that there was proper input validation against some of the data in a POST request, does a tool besides Telnet exist? I was considering creating one but I don't want to duplicate someone else's work.
Give cURL a try: http://curl.haxx.se/ ... If you want something simpler, have a look at this Perl script: http://cvs.sourceforge.net/viewcvs.py/*checkout*/mod-security/mod_security/tests/run-test.pl?rev=1.1.1.1 You simply create a file with a request and tell the script where to send it. If you put comments on top of the file and include a three digits number the script will assume that's the status code you expect, and check the response for it. For example: ---------------------- # 18 Keyword in POST only (500) # POST /cgi-bin/modsec-test.pl HTTP/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 5 p=333 ---------------------- -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
Current thread:
- Security tool for monitoring HTTP headers? patrick (Feb 24)
- RE: Security tool for monitoring HTTP headers? Skander Ben Mansour (Feb 24)
- RE: Security tool for monitoring HTTP headers? WebAppSecurity [Technicalinfo.net] (Feb 24)
- RE: Security tool for monitoring HTTP headers? Mark Curphey (Feb 24)
- RE: Security tool for monitoring HTTP headers? Glyn (Feb 24)
- RE: Security tool for monitoring HTTP headers? Internet User (Feb 24)
- Re: Security tool for monitoring HTTP headers? Grega Bremec (Feb 24)
- Re: Security tool for monitoring HTTP headers? lists AT dawes DOT za DOT net (Feb 24)
- Re: Security tool for monitoring HTTP headers? Keith W. McCammon (Feb 24)
- Re: Security tool for monitoring HTTP headers? Ivan Ristic (Feb 24)
- Re: Security tool for monitoring HTTP headers? znndrp (Feb 24)
- Re: Security tool for monitoring HTTP headers? Shade (Feb 24)
- Security tool for monitoring HTTPS traffic? Andreas Fredrich (Feb 24)
- RE: Security tool for monitoring HTTPS traffic? WebAppSecurity [Technicalinfo.net] (Feb 26)
- Re: Security tool for monitoring HTTPS traffic? Ivan Ristic (Feb 26)
- Re: Security tool for monitoring HTTP headers? Martin Tsachev (Feb 24)
- RE: Security tool for monitoring HTTP headers? sunzi (Feb 25)
- Message not available
- Re: Security tool for monitoring HTTPS traffic? Mike (Feb 26)
- Blocking/Screening any HTTP, HTTPS, FTP stream from intern to extern? Andreas Fredrich (Feb 26)
- Re: Security tool for monitoring HTTPS traffic? Mike (Feb 26)
- <Possible follow-ups>
- RE: Security tool for monitoring HTTP headers? Toni Heinonen (Feb 24)