Information on removing hidden field tags in the Paros proxy.
7cb48451f4562612b6998e285237507618c6a04a8ecfa79eaebc9871834f6532
------=_Part_1037_12491745.1162019977364
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hi
For all those application testers out there that use PAROS Proxy who are as
lazy as me....
I thought I would share
a tip on how I set Paros to automatically remove hidden field tags in PAROS
(also usable on other proxies)
in tools, filter menu
set the http body response checkbox
and set the search pattern to be
type\s*=\s*["']?hidden["']?
no need to set the replace field
now browse a web page with hidden fields
I must admit I rely on the above so much that I am not sure if it misses
any hidden tags
I suppose I could compare it with a find all 'hidden' words and compare body
response....
My wish list for PAROS would be
- allow multiple filters per http section
- save the above filters so that I do not need to enter it every time
I use PAROS
- manually set user agent rather than use PAROS drop down (google bot
goes to places I can not) and it gets annoying setting the http request
header filters as well
Anybody have any other techniques they would like to share on PAROS or
other proxy??
I would definitely like a RELIABLE way to convert html
select statements to input statments - another regex along the lines of
this perl regex (probably useless on scripted select controls that many
pages create on the fly)
/<select[^>]*?(name\s*=\s*["']?([^"'\s]+)["']?\s+).*?<\/select>/$2<input $1>/ims
TIA & Rgds
Richard
------=_Part_1037_12491745.1162019977364
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hi<br>For all those application testers out there that use PAROS Proxy who are as lazy as me....<br><br>I thought I would share a tip on how I set Paros to automatically remove hidden field tags in PAROS<br>(also usable on other proxies)
<br><br>in tools, filter menu<br>set the http body response checkbox<br>and set the search pattern to be<br><br><br>type\s*=\s*["']?hidden["']?<br><br>no need to set the replace field<br><br>now browse a web page with hidden fields
<br><br>I must admit I rely on the above so much that I am not sure if it misses any hidden tags<br>I suppose I could compare it with a find all 'hidden' words and compare body response....<br><br>My wish list for PAROS would be
<br><ul><li>allow multiple filters per http section<br></li><li>save the above filters so that I do not need to enter it every time I use PAROS</li><li>manually set user agent rather than use PAROS drop down (google bot goes to places I can not) and it gets annoying setting the http request header filters as well
</li></ul>Anybody have any other techniques they would like to share on PAROS or other proxy??<br> <br>I would definitely like a RELIABLE way to convert html select statements to input statments - another regex along the lines of
<br>this perl regex (probably useless on scripted select controls that many pages create on the fly)<br><br>/<select[^>]*?(name\s*=\s*["']?([^"'\s]+)["']?\s+).*?<\/select>/$2<input $1>/ims
<br><br><br><br>TIA & Rgds<br>Richard<br><br><br>
------=_Part_1037_12491745.1162019977364--