Is it possible to provide HTTP header in browser's address bar?
e.g.
http://webpage.com/somepage.html [header1:value, header2:value]
My aim is testing different headers, but without scripting.
Why don't you simply use POSTMAN for it... It will allow you to send request of the type you want GET/POST/DELETE/PUT with whatever headers you expect to have.
For simple testing and checking of what content you get, you could select GET request and set the headers.
Here's a guide to using it
Related
I want to only see HTTP verbs GET and POST in the network pane.
What I have tried is
-method:GET -method:POST
I read that from stack over flow
I still do see all of js, json, and image gets.
Is there a better way to set the filters?
You can use "negative filter" in chrome dev tool to filter all .js, .json and image requests.
The syntax is: -.png -.jpg -.jpeg -.gif -.json -.js (separate each negative filter with whitespace). For example, 5 requests are filtered in following screenshot:
I'm not sure why you're using a negative filter here. If you want to only see POST requests, you can use method:POST. This will filter out GET, PUT, and so on.
You can filter according to types. For only Fetch/XHR (XMLHttpRequest), open developer tools and just select Fetch/XHR.
Then put method:GET or method:POST in filter area.
I am able to tamper post request parameter with Tamper Data in firefox i.e when i make
post request and i get the popup in firefox to change POST request parameters but in case
of GET request, i get the popup but there is no way to change the request parameter.
So question is Can't we change the request parameter thru Tamper Data/Fiddler?(Yes i agree
we can change it from browser address bar but that will be applicable once first request has been firect but i want to tamper some data in the very first Get Request. So i want to change GET request paramater with Tamer Data/Fiddler.Is it possible?)
You can't do that using Tamper-Data. You could use a more advanced standalone-tool, like Web Scarab which will let you intercept and edit all portions of your web-requests.
Using fiddler, in conjunction with FiddlerScript is also an alternative.
You can easily use Fiddler to tamper with any aspect of a request or response. You can do this using FiddlerScript or manually using breakpoints. To change traffic manually using breakpoints, watch this tutorial video: http://www.youtube.com/watch?v=8bo5kXMAcV0&list=PLvmaC-XMqeBbw72l2G7FG7CntDTErjbHc
You can also use: Live http header addon. Hope it help.
I am wondering how to make sure that I only ever show/render the content (send the code to the client) if the content is loaded in an iframe in a real browser, similar to the way Facebook checks when to display their like buttons and other social utilities.
There, when trying to simply load the content using curl, even when sending cookies, session details and user agent details, it still returns nothing. When trying to load the content outside an iframe, one receives nothing. How can that be achieved? I guess it is all but a simple process that involves multiple steps. I am especially interested in the first one, namely how to detect that it is really sent from a browser and not simply curled.
Thanks.
There is no way for your server to detect if it was sent using browser or curl, as the headers are easily forged.
Is there a HTTP header that makes sure that no content will be displayed?
Even if there is some content in the body?
edit:
I take the answers as a "no", and accept the fact that headers have no control over the content.
Send the status code 204 No Content.
Is there a HTTP header that makes sure that no content will be displayed?
The best way to make sure no content is displayed is not sending any content - you can never trust the client 100% to do what you want. That said, there is a status code that specifies exactly what you want:
10.2.5 204 No Content
The server has fulfilled the request but does not need to return an entity-body, and might want to return updated metainformation. The response MAY include new or updated metainformation in the form of entity-headers, which if present SHOULD be associated with the requested variant.
If the client is a user agent, it SHOULD NOT change its document view from that which caused the request to be sent. This response is primarily intended to allow input for actions to take place without causing a change to the user agent's active document view, although any new or updated metainformation SHOULD be applied to the document currently in the user agent's active view.
The 204 response MUST NOT include a message-body, and thus is always terminated by the first empty line after the header fields.
How do I send an HTTP GET request without a form? This request is performed on a web page.
For more details on what I'm trying to accomplish and why, see my question here: http get/post request and google geolocation api
Any link is a GET request, so, just make a link, add the extra info at the end, done.
http://someurl.net/somelink?value1=avalue&value2=anothervalue
A normal hyperlink does a GET request when the user clicks on it. Loading an image is also a GET request, as are most of the other ways of embedding things in a page. If you're trying to do it via JavaScript, you can use an XMLHttpRequest.
You can use Ajax and jQuery's get method:
$.get("someURL.php?variables=true");
Note, that you will only be able to make requests to the same domain OR the target domain must return JSON formatted results.
In plain HTML you can do that e.g. requesting an image:
<img src="http://example.com/?bla=bla">
< a href="www.google.com">google</a>
I agree with altCognito points out using jquery but I'd rather use
$.get("someurl.php", { variable: value });
I like this way better because it allows me to send objects instead of concatenate strings.
you can see a couple of samples here