Tuesday, May 10, 2005

POST Interceptor user script

I wrote my biggest Greasemonkey user script yet after writing several small ones. This one I named as POST Interceptor. This is inspired by TamperIE Web Security tool, which works with IE only. I have had to use this quite bit recently for security testing of web applications.

I wanted something like it for Firefox and started working on extending the excellent LiveHTTPHeaders extension (it seemed a natural fit to add the interceptor functionality to LiveHTTPHeaders.) But it proved to be much more difficult than I thought (I still haven't groked the Observer Interface that Gecko provides.) Then I figured it could be done as a Greasemonkey script and it proved to be good choice. I still think that extending LiveHTTPHeaders would be a good idea and if ever I get some time, I might do just that.

As the name implies, the script intercepts POST requests before they are submitted by the browser. It displays all the parameters and their values. The user can modify the value of any parameter by clicking on the value column.

The script adds a tiny text "button" [PI] on the bottom-right corner of the page it is running on. Clicking on the button toggles the script on/off.

It is not done yet and has some shortcomings (fieldsets and radio buttons aren't handled properly yet, the transition between view and edit modes for the values is a bit jumpy and of course the color scheme could perhaps be done better.) But overall I am quite happy with the way it turned out.

POST Interceptor user script

1 Comments:

At 7/20/2005 10:20:00 PM, Anonymous Anonymous said...

You may want to look at
http://tamperdata.mozdev.org

Adam

 

Post a Comment

<< Home