Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Testing app with heavy use of JS
From: Lluis Mora (llmorasentryware.com)
Date: Mon Sep 13 2004 - 08:41:02 CDT
What about using a HTTP "modification" proxy - it allows you to
manipulate the raw HTTP request after the browser has generated it (via
JS or whatever) and sent it.
They usually allow replay - you just have to submit the form once with
the values the application is expecting - so that you do not trigger the
client-side input validation - then intercept the request and do as many
modifications to the parameters as you want.
A search for "pentest http proxy" should bring a few nice tools, I
personally like burp_proxy.
> Anybody know of a good way to strip or catch and manipulate input to a web app
> that uses JS to do error checking AND specify the input target address? ...oh
> and the "submit button" is JS driven too...
> Other than hand editing 30 screens of JS code?