im tasked to secure a web project. and the codes are messy. basically i need to focus on webpages that are using http GET and do proper validation or convert to http POST.
is there a free tool out there that runs on linux which search and generate a report?
A report of what http get requets are made by a web application?
Well, what about a simple network sniffer, like tcpdump or wireshark? lists you every request made. And you can process the dump using plain cli processing tools like grep and sed.
There is no tool in my knowledge which will generate a report like that.What you can do this , intercept the get & post requests using the tool called Fiddler ( windows only ) , It will list all the request & response which goes IN & OUT of a browser.
Install fiddler, start it.
Access the application
Go through the application and check the Fiddler interface.
It will list all the GET & POST data
You can generate report by examining this data.
Related
I have to record a load test for a successful login and further browsing in to the asp.net application.
After recording the script in jmeter, my samplers are 1) get request (login page) 2) post request (posting the credentials and click login) 3)and other samplers (after successful login).
My problem is it shows incorrect username password error(manually it is working) whenever i play the the script, i have parameterized the valid credentials, also did correlation(by seeing the post request i got to know the fields that were posted) with event state validation, viewstate genearator, viewstate and hdnkey from get response(sampler 1) to my post request(sampler 2) and tried again, but i am getting the same error everytime.
Please let me know, what should be done to login successfully. So i can perform the load test on this asp.net application.i have came accross lots of sites for this issue but nothing solved it. Please help!
You can try to debug your JMeter script. Look here and here. I would use Debug Sampler as the first step for seeing variables values.
You can use tool like Fiddler to record the requests that are made when you manually login into the site. Then you can compare them with your JMeter script.
Make sure to add HTTP Cookie Manager to your Test Plan
Make sure to correlate any dynamic parameters like View State, EventValidation, etc.
Run your test with 1 virtual user and 1 loop and inspect request and response details using View Results Tree listener. Compare requests you send with JMeter with what real browser sends (can be found in your browser Developer Tools "Network" tab") - requests should be the same (apart from dynamic parameters)
Check out ASP.NET Login Testing with JMeter article for example test plan building explained.
I am trying to login to a website and I need to see the HTTP transactions when I log in by browser then simulate procedure by my application in java using Apache Httpclient.
Are there any tools or software for this? If there are any, where can I download them?
If you're using Google Chrome as your browser, this is a feature in Chrome Developer Tools
Simple press F12 and switch to the Network tab. Here you can get headers and content of HTTP requests. You can also right click the HTTP request and get it as cURL (cmd or bash)
You can combine this with the Chrome extension Postman which can help you generate the code for a number of programming languages (including Java OK HTTP and Java Unirest).
So I have a webpage, ("http://data.terapeak.com/verify/") and I don't see any & tags in the URL so I am unaware how to post data to this. I need to do this via HTTPRequest rather than browser control. I am creating a double threaded batch searching program. I have already successfully made this using a single browser control but that wont allow for multi-threading, atleast with my current knowledge due to the fact that even when creating a new frmBrw that already exists it needs for me to set the threat apartment to single. If i set it to single, I am unable to have it send the data the the excel sheet I need both threads to access. I hope this is clear... The basic question is how can I log into this form via HTTP request.
This isn't going to be easy to answer without further details however I suspect you'll need to provide the variables via a HTTP POST request.
Can you successfully login to this page in your browser? If so, run a proxy tool such as fiddler and check the HTTP headers it makes to the server. You should see the form variables being passed over. You then need to mimic this in code.
How to: Send Data Using the WebRequest Class
Hope this gets you started
I want to look at the XML created in my HttpRequest but can't see how. I've tried looking at the request during runtime but no luck.
I'm working in a .NET 4.0 project (just for context here, not that it matters much starting with 2.0)
I'm making a call to a third party API via my project's service reference:
SomeResponseType response = _apiClient.AddUser(userToAdd);
So how do I capture what AddUser is creating in terms of the raw XML being sent to the host without having to go through the pain of creating an Intercept filter which is not the easiest thing to put together?
You should be able to use Fiddler on your machine to capture the underlying HTTP request.
Alternatively, if you're using WCF, you can enable tracing via your config file. To go this route, see Configuring Message Logging. Then you can use the Service Trace Viewer Tool (SvcTraceViewer.exe) to pretty print your logs.
You can use a network sniffing tool such as Fiddler (www.fiddler2.com). Simply fire up Fiddler and then run your app. Fiddler will capture all of the traffic that is going across the wire, and you can look at the XML that is being sent and received from the SOAP service.
I was wondering if anyone knew of a tool where I could send a fully formed HTTP body ( headers & content ) to a web server. So far the best I've got is putty but was hoping for something where I could look # and edit the payload then click a button and send it. ( I could probably write something like this in a couple minutes but was hoping there is an already finished and semi-polished app.
Context:
I'm testing out a multipart/related soap request and trying to come up with some idea's for editing one element of the payload that's getting eaten somewhere in its journey.
Fiddler has a request builder in it.
cURL is a convenient command-line tool (with Windows binaries available).
Something like netcat would be perfect. Apparently this is a windows version.