I want to be able to see things like HTTP headers that are being recieved / sent from the browser.
Also, the ability to manipulate data thats being sent over POST with ease.
Any other handy things wouldnt go amiss either.
Thanks.
I'm not aware of one Agent, if you wanted to do that sort of thing with one site you could write an asp page that loads another page and outputs things like headers etc.
I've got a bit of code that does a Soap request to a web server and deals with stuff like the header, if you can't find someone that works except that let me know and i'll see what i can do about getting this code into a position where you can use it for that purpose...
TiG
-- Hexus Meets Rock! --
Tried Achilles?
http://www2.packetstormsecurity.org/...Bsearch%5D.y=7
Meant more as a security testing tool, but should let you do what you want I think - you can intercept the POST data and alter it on the fly, and either passively monitor the header info or step through it for testing.
Not used it myself, just remember this tool being used by a penetration testing company looking at a web app we were running at my old place.
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
Firefox has plugins that allow you to see headers. There's a similar toolbar for IE as well
Try these
http://www.nils.org.au/ais/web/resources/toolbar/
http://www.diodia.com/
If you want the Firefox links let me know but you can find them easily in the extensions section
^^^^ Az beat me to th firefox extentions. I have the header info one. not sure if there is an edit the header extention
Im not upto date on SOAP, although another friend of mine speaks highly of it.Originally Posted by TiG
The header info im looking for is to do with resuming files over HTTP. Seems to be a lack of information on it via googling. Only usfull info i could find was that it will be assigned a enviromental variable, $_ENV['HTTP_RANGE'].
Infact, finding that out was bad enough. There seems to be a real lack of what PHP's enviromental variables are and when/how they are assigned.
I couldnt even find $_ENV['HTTP_RANGE'] on php.net (or im just looking in the wrong place), the only way i got that was via random googling.
Next thing im looking for is whats the exact header information thats sent when a file is requested to be resumed ?
If i can find that info, then hopfully its just a matter of getting the script to look for it, and send the byte range thats needed.
If you cant guess what im doing, its just a basic anti-leech PHP script; which is working pretty well apart from no resume.
Not yet, but it looks pretty cool. Should be handy for testing my scripts out and making sure the output is what im expecting. May be doing some XSS soon too, so that should provide usfull in attacking the scripts.Originally Posted by Paul Adams
CheersOriginally Posted by Az
Im using Opera at the moment, but ill probably grab firefox later, even if its only used for site testing and this
thanks for the input everyone
I am not quite sure what you are on about
But a good grounding in standard http sessions is always good, since http is stateless I was under the impression that a "resume" as such was handled at a higher level i.e. by the application.
Everything you ever need to know about http.. but were afraid to ask.
http://www.w3.org/Protocols/rfc2616/rfc2616.html
Lot of reading sorry dude.
Resume, as in a file download.
As i understand it, if you request a file you already have parcialy downloaded (Flashget, get-right ect..), the headers will contain the information thats required to know which byte range to send.
If this information isnt there, the file will start from scratch.
I hope that makes sence / is correct
A quick example of what im talking about...
If you goto http://www.clan-omega.com/ut2004-winpatch3236.exe
You will download one of the patchs for UT04.
I have a script that basicly does the same, but masks the file location.
http://www.clan-omega.com/leech.php
Im also going to add other fancy things in it, such as making sure they have permission to access the file (its tied into the PHPbb forum, so if they are logged into that, they can download ect...)
But pause the file when its downloading from the PHP script.... then try and resume
You will start the file over again. You wont when downloading the file "Directly" from the server.
What im trying to do, is grab the info thats being sent to the server that tells it where to resume from, and modify the script to take this info, and resume the download
Hope that makes sence
I think that is a function of the server... so yeah u are responsible for adding it into your script somehow..
Flashget and all that manage things locally. U could force your users to use a download manager
For HTTP download resuming, have you checked out WGET?
Under the GNU licence so the source is easily obtainable:
http://wget.sunsite.dk/
Yes, the web server has to support resumes, but as IIS 5.0 supports it I would have thought any web server since 1999 does?Wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, including:
* Can resume aborted downloads, using REST and RANGE
* Can use filename wild cards and recursively mirror directories
* NLS-based message files for many different languages
* Optionally converts absolute links in downloaded documents to relative, so that downloaded documents may link to each other locally
* Runs on most UNIX-like operating systems as well as Microsoft Windows
* Supports HTTP and SOCKS proxies
* Supports HTTP cookies
* Supports persistent HTTP connections
* Unattended / background operation
* Uses local file timestamps to determine whether documents need to be re-downloaded when mirroring
* GNU wget is distributed under the GNU General Public License.
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
There are currently 1 users browsing this thread. (0 members and 1 guests)