WebApp Sec mailing list archives
Re: Testing app with heavy use of JS
From: Lluis Mora <llmora () sentryware com>
Date: Mon, 13 Sep 2004 15:41:02 +0200
Hi,What about using a HTTP "modification" proxy - it allows you to manipulate the raw HTTP request after the browser has generated it (via JS or whatever) and sent it.
They usually allow replay - you just have to submit the form once with the values the application is expecting - so that you do not trigger the client-side input validation - then intercept the request and do as many modifications to the parameters as you want.
A search for "pentest http proxy" should bring a few nice tools, I personally like burp_proxy.
Cheers, Lluis . tblinux () covad net wrote:
Anybody know of a good way to strip or catch and manipulate input to a web app that uses JS to do error checking AND specify the input target address? ...ohand the "submit button" is JS driven too...Other than hand editing 30 screens of JS code?
Current thread:
- Testing app with heavy use of JS tblinux (Sep 11)
- Re: Testing app with heavy use of JS Peter Conrad (Sep 13)
- Re: Testing app with heavy use of JS Lluis Mora (Sep 14)
- <Possible follow-ups>
- RE: Testing app with heavy use of JS Matt Fisher (Sep 15)