Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Tue Nov 27 2001 - 08:33:43 CST
I thought you might find this chunk of code handy. It allows you access to
the PostData when an HTTP Post is made. I got the code from Microsoft a few
months ago and it's come in pretty handy. I just added it to your
'* Start of code
Private Sub wb_BeforeNavigate2(ByVal pDisp As Object, url As Variant, Flags
As Variant, TargetFrameName As Variant, PostData As Variant, Headers As
Variant, Cancel As Boolean)
If mnuEditLink.Checked Then
If mnuBlockServers.Checked Then
For i = 0 To UBound(blockServers)
If LCase(blockServers(i)) Like LCase(url) Then Cancel =
True: Exit Sub
'this wont modify link browser requests though :(
url = frmAnalyze.AnlyzeUrlAndWait(url) & " "
If url = -1 Then Cancel = True
'* Code added by Dennis Hurst (dhurstspidynamics.com)
'url will contain the URL with parameters
'PostData has the PostData in a strange format
'the following will convert it to a string that
'contains the raw post data
Dim lLen As Long
Dim strPostData As String
lLen = LenB(PostData) ' Use LenB to get the byte count
If lLen > 0 Then ' If it's a post form, lLen will be > 0
For lCount = 1 To lLen - 1
strPostData = strPostData & Chr(AscB(MidB(PostData, lCount, 1))) '
Use MidB to get 1 byte at a time
'* End of code
God Bless & Have a great day,
From: auto125268hushmail.com [mailto:auto125268hushmail.com]
Sent: Tuesday, November 27, 2001 3:16 AM
To: Mark Curphey
Subject: Re: OWASP - WebSleuth - Cross Site Scripting
As you already capture the form, you could check for cross site scripting by
automatically sending in a payload to a form field target. How cool woukd
that be....oh yeah. And you could have a drop down maybe of the known
payload variants like <script> <img src> etc
That would be the best .....
On Sun, 25 Nov 2001 23:47:46 -0800, Mark Curphey <markcurphey.com> wrote:
>WebSleuth is an early release of a tool we hope will be part of a suite of
>tools including source code analyzers, that will support the Testing
>Framework being developed at OWASP (http://www.owasp.org) next year.
>WebSleuth allows you to edit HTTP and HTML requests on the fly in
>It is built to help a user manually understand various security issues of
>his / her system. It is not intended to replace or compete with commercial
>tools, and there is certainly no shiny red-button automating attacks.
>However it is an investigative learning tool that with some patience and
>knowledge, helps you to find and learn about issues you may have in your
>WebSleuth can be downloaded from http://www.owasp.org/resources/tools/.
>Please save us all the bandwidth and only download the installer package if
>you don't have the VB dll's.
>The first releases implements many features including the ability to test
>-Form Fields (including hidden)
>-URL Query Strings
>-HTTP Headers (referrer etc)
>-Cross Site Scripting
>WebSleuth is open source and is subject to the OWASP Software license. It
>was written in Visual Basic to take advantage of the MS Internet Explorer
>object avoiding the need for a reverse proxy. It currently only runs on
>Win32 and should be seen as proof of concept. The lead developer is David
>Zimmer who can be contacted at dzzieowasp.org.
>A new release this week will automate the testing for cross site scripting
>in any user input to a web application.
>As with any open source projects, we welcome your ideas, input and
>improvements. Suggestions for features or to participate in developing the
>tool, please email owaspowasp.org and dzzieowasp.org or better still the
>If you are interested in sponsoring the further development of this open
>source project, please contact owaspowasp.org
>"Building Blueprints to Secure Web Applications"