Exploit the possiblities

proxy-hidden.txt

proxy-hidden.txt
Posted Nov 1, 2006
Authored by Richard Braganza

Information on removing hidden field tags in the Paros proxy.

tags | paper
MD5 | f952e07095881e7fe635a448797c0147

proxy-hidden.txt

Change Mirror Download
------=_Part_1037_12491745.1162019977364
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi
For all those application testers out there that use PAROS Proxy who are as
lazy as me....

I thought I would share
a tip on how I set Paros to automatically remove hidden field tags in PAROS
(also usable on other proxies)

in tools, filter menu
set the http body response checkbox
and set the search pattern to be


type\s*=\s*["']?hidden["']?

no need to set the replace field

now browse a web page with hidden fields

I must admit I rely on the above so much that I am not sure if it misses
any hidden tags
I suppose I could compare it with a find all 'hidden' words and compare body
response....

My wish list for PAROS would be

- allow multiple filters per http section
- save the above filters so that I do not need to enter it every time
I use PAROS
- manually set user agent rather than use PAROS drop down (google bot
goes to places I can not) and it gets annoying setting the http request
header filters as well

Anybody have any other techniques they would like to share on PAROS or
other proxy??

I would definitely like a RELIABLE way to convert html
select statements to input statments - another regex along the lines of
this perl regex (probably useless on scripted select controls that many
pages create on the fly)

/<select[^>]*?(name\s*=\s*["']?([^"'\s]+)["']?\s+).*?<\/select>/$2<input $1>/ims



TIA & Rgds
Richard

------=_Part_1037_12491745.1162019977364
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi<br>For all those application testers out there that use PAROS Proxy who are as lazy as me....<br><br>I thought I would share a&nbsp;tip&nbsp;on&nbsp;how&nbsp;I&nbsp;set&nbsp;Paros&nbsp;to&nbsp;automatically&nbsp;remove&nbsp;hidden&nbsp;field&nbsp;tags&nbsp;in&nbsp;PAROS<br>(also usable on other proxies)
<br><br>in tools, filter menu<br>set the http body response checkbox<br>and set the search pattern to be<br><br><br>type\s*=\s*["']?hidden["']?<br><br>no need to set the replace field<br><br>now browse a web page with hidden fields
<br><br>I must admit I rely on the above so much that I am not sure if it misses any&nbsp;hidden&nbsp;tags<br>I suppose I could compare it with a find all 'hidden' words and compare body response....<br><br>My wish list for PAROS would be
<br><ul><li>allow multiple filters per http section<br></li><li>save the above filters so that I do not need to enter it every time I use PAROS</li><li>manually set user agent rather than use PAROS drop down (google bot goes to places I can not) and it gets annoying setting the http request header filters as well
</li></ul>Anybody&nbsp;have&nbsp;any&nbsp;other&nbsp;techniques&nbsp;they&nbsp;would&nbsp;like&nbsp;to&nbsp;share&nbsp;on&nbsp;PAROS&nbsp;or&nbsp;other&nbsp;proxy??<br> <br>I would definitely like a RELIABLE way&nbsp;to&nbsp;convert&nbsp;html select&nbsp;statements&nbsp;to&nbsp;input&nbsp;statments&nbsp;-&nbsp;another&nbsp;regex&nbsp;along&nbsp;the&nbsp;lines&nbsp;of
<br>this&nbsp;perl regex (probably useless on scripted select controls that many pages create on the fly)<br><br>/<select[^>]*?(name\s*=\s*["']?([^"'\s]+)["']?\s+).*?<\/select>/$2<input&nbsp;$1>/ims
<br><br><br><br>TIA & Rgds<br>Richard<br><br><br>

------=_Part_1037_12491745.1162019977364--

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close