Login

mattkime · 09-29-2006, 04:40 AM

I'm trying to take apart a web app and figure out how it operates, particularly the flow of form information. Yes, this should be simple. Unfortunately there is a lot of javascript in the way. A LOT. I'd like to see what form values are being sent in the end.

Any ideas?

mikebw · 09-29-2006, 05:48 AM

are you dealing with PHP here? I don't know much about it, but some forms will store their value inside the URL / address bar as you navigate around.

mattkime · 09-29-2006, 05:59 AM

thats a "GET" for as opposed to a "POST" form. unfortunately its a POST

Tofer · 09-29-2006, 10:02 AM

Suggestion 1: You probably already have tried this, but search for the

TheTominator · 09-29-2006, 10:24 AM

Edit a copy of the page and make the form action a script that you control. In the new receiving script, print out the submitted values. How you do that depends on the language. Using PHP as the receiving language, print out all the values of $_POST[] using something like this:
echo "

$key = $value

\n";

Seacrest · 09-29-2006, 12:04 PM

In addition to what Tom says, FireFox->WebDevXT->Forms can be helpful.

mattkime · 09-29-2006, 01:08 PM

The Tamper Data extension is what I needed. Its quite nice, even lets you set cookies.

TheTominator · 09-29-2006, 01:14 PM

[quote mattkime]even lets you set cookies.
Mmmmm.... Cookies.

If it also comes with Java, that would go well with cookies.

comphernation · 10-01-2006, 12:42 AM

Matt,

A fine general purpose sniffer is the free utility "tcpflow" (http://www.circlemud.org/~jelson/software/tcpflow/) which breaks the flow of packets into human-readable form. I've found it invaluable for deciphering numerous back-and-forth exchanges. An HTML version of the manpage can be found at http://www.circlemud.org/~jelson/softwar...low.1.html.

This tutorial http://www.owlriver.com/tips/tcpflow-tutorial/ might be helpful to get you started.

Login
Username:
Password:	Lost Password?
	Remember me