Re: Testing app with heavy use of JS

[Lluis Mora <llmora () sentryware com>]

Hi,

What about using a HTTP "modification" proxy - it allows you to 
manipulate the raw HTTP request after the browser has generated it (via 
JS or whatever) and sent it.

They usually allow replay - you just have to submit the form once with 
the values the application is expecting - so that you do not trigger the 
client-side input validation - then intercept the request and do as many 
modifications to the parameters as you want.

A search for "pentest http proxy" should bring a few nice tools, I 
personally like burp_proxy.

Cheers,

Lluis
.

tblinux () covad net wrote:
> Anybody know of a good way to strip or catch and manipulate input to a web app
> that uses JS to do error checking AND specify the input target address? ...oh
> and the "submit button" is JS driven too... 
>
> Other than hand editing 30 screens of JS code?