Results 1 to 11 of 11

Thread: Developers browser...

  1. #1
    HEXUS.social member Agent's Avatar
    Join Date
    Jul 2003
    Location
    Internet
    Posts
    19,185
    Thanks
    739
    Thanked
    1,614 times in 1,050 posts

    Developers browser...

    I want to be able to see things like HTTP headers that are being recieved / sent from the browser.
    Also, the ability to manipulate data thats being sent over POST with ease.
    Any other handy things wouldnt go amiss either.

    Thanks.
    Quote Originally Posted by Saracen View Post
    And by trying to force me to like small pants, they've alienated me.

  2. #2
    TiG
    TiG is offline
    Walk a mile in other peoples shoes...
    Join Date
    Jul 2003
    Location
    Questioning it all
    Posts
    6,213
    Thanks
    45
    Thanked
    48 times in 43 posts
    I'm not aware of one Agent, if you wanted to do that sort of thing with one site you could write an asp page that loads another page and outputs things like headers etc.

    I've got a bit of code that does a Soap request to a web server and deals with stuff like the header, if you can't find someone that works except that let me know and i'll see what i can do about getting this code into a position where you can use it for that purpose...

    TiG
    -- Hexus Meets Rock! --

  3. #3
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Tried Achilles?
    http://www2.packetstormsecurity.org/...Bsearch%5D.y=7

    Meant more as a security testing tool, but should let you do what you want I think - you can intercept the POST data and alter it on the fly, and either passively monitor the header info or step through it for testing.

    Not used it myself, just remember this tool being used by a penetration testing company looking at a web app we were running at my old place.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  4. #4
    HEXUS.net Webmaster
    Join Date
    Jul 2003
    Location
    UK
    Posts
    3,108
    Thanks
    1
    Thanked
    0 times in 0 posts
    Firefox has plugins that allow you to see headers. There's a similar toolbar for IE as well

    Try these
    http://www.nils.org.au/ais/web/resources/toolbar/
    http://www.diodia.com/

    If you want the Firefox links let me know but you can find them easily in the extensions section

  5. #5
    Commander Keen
    Join Date
    Nov 2003
    Location
    217.27.240.214
    Posts
    624
    Thanks
    0
    Thanked
    0 times in 0 posts
    ^^^^ Az beat me to th firefox extentions. I have the header info one. not sure if there is an edit the header extention

  6. #6
    HEXUS.social member Agent's Avatar
    Join Date
    Jul 2003
    Location
    Internet
    Posts
    19,185
    Thanks
    739
    Thanked
    1,614 times in 1,050 posts
    Quote Originally Posted by TiG
    I'm not aware of one Agent, if you wanted to do that sort of thing with one site you could write an asp page that loads another page and outputs things like headers etc.

    I've got a bit of code that does a Soap request to a web server and deals with stuff like the header, if you can't find someone that works except that let me know and i'll see what i can do about getting this code into a position where you can use it for that purpose...

    TiG
    Im not upto date on SOAP, although another friend of mine speaks highly of it.
    The header info im looking for is to do with resuming files over HTTP. Seems to be a lack of information on it via googling. Only usfull info i could find was that it will be assigned a enviromental variable, $_ENV['HTTP_RANGE'].
    Infact, finding that out was bad enough. There seems to be a real lack of what PHP's enviromental variables are and when/how they are assigned.
    I couldnt even find $_ENV['HTTP_RANGE'] on php.net (or im just looking in the wrong place), the only way i got that was via random googling.

    Next thing im looking for is whats the exact header information thats sent when a file is requested to be resumed ?
    If i can find that info, then hopfully its just a matter of getting the script to look for it, and send the byte range thats needed.
    If you cant guess what im doing, its just a basic anti-leech PHP script; which is working pretty well apart from no resume.

    Quote Originally Posted by Paul Adams
    Tried Achilles?
    http://www2.packetstormsecurity.org/...Bsearch%5D.y=7

    Meant more as a security testing tool, but should let you do what you want I think - you can intercept the POST data and alter it on the fly, and either passively monitor the header info or step through it for testing.

    Not used it myself, just remember this tool being used by a penetration testing company looking at a web app we were running at my old place.
    Not yet, but it looks pretty cool. Should be handy for testing my scripts out and making sure the output is what im expecting. May be doing some XSS soon too, so that should provide usfull in attacking the scripts.

    Quote Originally Posted by Az
    Firefox has plugins that allow you to see headers. There's a similar toolbar for IE as well

    Try these
    http://www.nils.org.au/ais/web/resources/toolbar/
    http://www.diodia.com/

    If you want the Firefox links let me know but you can find them easily in the extensions section
    Cheers
    Im using Opera at the moment, but ill probably grab firefox later, even if its only used for site testing and this

    thanks for the input everyone
    Quote Originally Posted by Saracen View Post
    And by trying to force me to like small pants, they've alienated me.

  7. #7
    Commander Keen
    Join Date
    Nov 2003
    Location
    217.27.240.214
    Posts
    624
    Thanks
    0
    Thanked
    0 times in 0 posts
    I am not quite sure what you are on about

    But a good grounding in standard http sessions is always good, since http is stateless I was under the impression that a "resume" as such was handled at a higher level i.e. by the application.

    Everything you ever need to know about http.. but were afraid to ask.
    http://www.w3.org/Protocols/rfc2616/rfc2616.html

    Lot of reading sorry dude.

  8. #8
    HEXUS.social member Agent's Avatar
    Join Date
    Jul 2003
    Location
    Internet
    Posts
    19,185
    Thanks
    739
    Thanked
    1,614 times in 1,050 posts
    Resume, as in a file download.
    As i understand it, if you request a file you already have parcialy downloaded (Flashget, get-right ect..), the headers will contain the information thats required to know which byte range to send.
    If this information isnt there, the file will start from scratch.

    I hope that makes sence / is correct

    A quick example of what im talking about...
    If you goto http://www.clan-omega.com/ut2004-winpatch3236.exe
    You will download one of the patchs for UT04.

    I have a script that basicly does the same, but masks the file location.
    http://www.clan-omega.com/leech.php
    Im also going to add other fancy things in it, such as making sure they have permission to access the file (its tied into the PHPbb forum, so if they are logged into that, they can download ect...)
    But pause the file when its downloading from the PHP script.... then try and resume
    You will start the file over again. You wont when downloading the file "Directly" from the server.
    What im trying to do, is grab the info thats being sent to the server that tells it where to resume from, and modify the script to take this info, and resume the download

    Hope that makes sence
    Quote Originally Posted by Saracen View Post
    And by trying to force me to like small pants, they've alienated me.

  9. #9
    Commander Keen
    Join Date
    Nov 2003
    Location
    217.27.240.214
    Posts
    624
    Thanks
    0
    Thanked
    0 times in 0 posts
    I think that is a function of the server... so yeah u are responsible for adding it into your script somehow..

    Flashget and all that manage things locally. U could force your users to use a download manager

  10. #10
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    For HTTP download resuming, have you checked out WGET?
    Under the GNU licence so the source is easily obtainable:
    http://wget.sunsite.dk/

    Wget has many features to make retrieving large files or mirroring entire web or FTP sites easy, including:

    * Can resume aborted downloads, using REST and RANGE
    * Can use filename wild cards and recursively mirror directories
    * NLS-based message files for many different languages
    * Optionally converts absolute links in downloaded documents to relative, so that downloaded documents may link to each other locally
    * Runs on most UNIX-like operating systems as well as Microsoft Windows
    * Supports HTTP and SOCKS proxies
    * Supports HTTP cookies
    * Supports persistent HTTP connections
    * Unattended / background operation
    * Uses local file timestamps to determine whether documents need to be re-downloaded when mirroring
    * GNU wget is distributed under the GNU General Public License.
    Yes, the web server has to support resumes, but as IIS 5.0 supports it I would have thought any web server since 1999 does?
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  11. #11
    HEXUS.social member Agent's Avatar
    Join Date
    Jul 2003
    Location
    Internet
    Posts
    19,185
    Thanks
    739
    Thanked
    1,614 times in 1,050 posts
    Quote Originally Posted by killgORE
    Flashget and all that manage things locally. U could force your users to use a download manager
    Sorry, but it seems you dont know what doing / asking....
    Quote Originally Posted by Saracen View Post
    And by trying to force me to like small pants, they've alienated me.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Best Browser, Anti-Virus and Email Client?
    By Stewart in forum Software
    Replies: 13
    Last Post: 14-02-2004, 04:20 PM
  2. Best browser for Mac OS 9?
    By joshwa in forum Apple Mac
    Replies: 1
    Last Post: 21-11-2003, 12:41 PM
  3. Correct placement of my PS title in browser
    By Dorza in forum Software
    Replies: 2
    Last Post: 26-08-2003, 05:33 PM
  4. Warning all developers!
    By DaBeeeenster in forum General Discussion
    Replies: 5
    Last Post: 06-08-2003, 12:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •