forum.defcon.org

entr0py replied

April 29, 2008, 09:59
Re: Edit HTTP on the fly?

Originally posted by jpeavy1 View Post

Hey all,

As you'll soon be able to tell I'm pretty new to this

I'm trying to alter an HTTP response from a server and I have set up a transparent bridge inline between the target and the server.

Currently, I'm halfway along a path of using libipq to edit the packet payload (props to I)ruid for the SteganRTP source). However, it is getting pretty messy and I'm starting to become convinced that their must be an easier way.

The target sends a POST, I just want to alter what information it receives back. There is no SSL or anything to worry about.

Ideas? Can I use squid + some kind of logic to somehow catch the particular POST I'm interested in and respond with my spoofed message?

TIA,
-jp

I use the BURP Proxy suite for all kinds of http based stuff. Its also java based to it runs everywhere
http://portswigger.net/proxy/
Leave a comment:
theprez98 replied

April 24, 2008, 15:10
Re: Edit HTTP on the fly?

Originally posted by noid View Post

Paros Proxy, that was the name of the one I couldnt remember. I kept wanting to call it Pharos and kept getting info on the GPS unit..

It's Java-based too, so it'll work on anything that supports that.
Leave a comment:
noid replied

April 24, 2008, 13:48
Re: Edit HTTP on the fly?

Paros Proxy, that was the name of the one I couldnt remember. I kept wanting to call it Pharos and kept getting info on the GPS unit..
Leave a comment:
jpeavy1 replied

April 24, 2008, 13:06
Re: Edit HTTP on the fly?

Originally posted by noid View Post

Grab yourself a copy of Firefox and the Tamper Data plugin, or check out Web Scarab and Fiddler.

That should be more than enough to catch and modify HTTP responses. I use them all the time for web-app pen-testing..

In fact, go spend a bunch of time savoring the tasty goodness that is www.owasp.org and you'll probably find more than you are looking for

Originally posted by theprez98 View Post

Paros Proxy will also do the same thing.

Thanks yall, I knew there had to be something better.

-jp
Leave a comment:
theprez98 replied

April 24, 2008, 11:46
Re: Edit HTTP on the fly?

Paros Proxy will also do the same thing.
Leave a comment:
noid replied

April 24, 2008, 09:13
Re: Edit HTTP on the fly?

Grab yourself a copy of Firefox and the Tamper Data plugin, or check out Web Scarab and Fiddler.

That should be more than enough to catch and modify HTTP responses. I use them all the time for web-app pen-testing..

In fact, go spend a bunch of time savoring the tasty goodness that is www.owasp.org and you'll probably find more than you are looking for
Leave a comment:
jpeavy1 started a topic Edit HTTP on the fly?

April 24, 2008, 07:24
Edit HTTP on the fly?

Hey all,

As you'll soon be able to tell I'm pretty new to this

I'm trying to alter an HTTP response from a server and I have set up a transparent bridge inline between the target and the server.

Currently, I'm halfway along a path of using libipq to edit the packet payload (props to I)ruid for the SteganRTP source). However, it is getting pretty messy and I'm starting to become convinced that their must be an easier way.

The target sends a POST, I just want to alter what information it receives back. There is no SSL or anything to worry about.

Ideas? Can I use squid + some kind of logic to somehow catch the particular POST I'm interested in and respond with my spoofed message?

TIA,
-jp
Tags: None

Announcement

Edit HTTP on the fly?

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Edit HTTP on the fly?