Filtering POST data
|
Nov. 09, 2004, 04:02 PM
Post: #1
|
|||
|
|||
Is there a way to filter data sent by the browser but not in the headers (POST variables etc) ?
|
|||
Nov. 09, 2004, 10:49 PM
Post: #2
|
|||
|
|||
RE: Filtering POST data
Guest;
to our forum! Hope you like it well enough to register and join in. Quote:Is there a way to filter data sent by the browser but not in the headers (POST variables etc) ? Your question presents a conundrum. Browsers don't ordinarily send data, only requests that are part of the header. As you pointed out, even the POST mechanism (used to submit some kinds of form data) is buried in the Header. The only exception to this rule is where a form uses the GET method of submission - then there is a block of data that is not part of the request Header. This also explains why we can control the Incoming and Outgoing Header filters separately (toggle them on or off in the main Proxomitron window), but there's only one kind of Web filter to control. Your question asks "How can we make Proxo filter outgoing data?" My question in rejoinder is "what outgoing data?" Can you give us more details, please? However, it's also possible that I have mis-read your intent. (Which is par for the course, knowing me. ) If so, feel free to set me straight. :o B) Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
Nov. 10, 2004, 05:21 PM
Post: #3
|
|||
|
|||
Ok i hope that example will make it clear :
Code: POST /login.jsp HTTP/1.1 |
|||
Nov. 11, 2004, 11:07 AM
Post: #4
|
|||
|
|||
Guest;
Ah, now we're getting somewhere. What you're seeing is the result of a Java component/applet. It is obviously building a packet to hold the username and password, then shipping that packet behind the request header. Some observations: 1) This is normal behavior for ActiveX and Java applets. Other applications could also do this, but not many do, due to overhead. 2) As already described, Proxo can't see this separate packet of data. You can't change it on the way out. In fact, if you'll look in the HELP file, under Headers, you'll find that Proxo can modify these fields: If-Modified-Since: Referer: User-Agent: Host: Accept: Accept-Language: Accept-Charset: Cookie: Pragma: no-cache There are other fields, but I notice that they don't end with a colon, like the ones on this list. Therefore, I have to deduce that we (meaning you) can't even modify POST or GET data strings. At this point, I think you're stuck. Certainly, somebody else here might jump in, and point out my shortcomings, thereby fixing your problems. One can hope, can't they? Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
The following 1 user says Thank You to Oddysey for this post: cscat |
Nov. 15, 2004, 10:08 PM
(This post was last modified: Oct. 24, 2012 05:29 PM by JJoe.)
Post: #5
|
|||
|
|||
RE: Filtering POST data
No you can't filter the POST data. See this thread at Arne's forum, especially Scott's reply why it would be difficult.
Edit by JJoe: Link updated from http://asp.flaaten.dk/pforum/topic.asp?TOPIC_ID=655 to http://prxbx.com/oldforums/index.php?topic=655 |
|||
Nov. 16, 2004, 12:52 AM
Post: #6
|
|||
|
|||
pooms,
As usual, right on target, exactly when needed. Thanks. Hey, why not come around more often? We could use a few more of your caliber here, believe me! Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
Nov. 16, 2004, 01:05 AM
Post: #7
|
|||
|
|||
Guest;
As you've seen above, and hopefully in the referenced discussion on Arne's forum, it can't be done. If Scott said so, it's so. At least not with Proxo. Sorry 'bout that. There are other proggies out that can do what you want, but they aren't commonly found in the wild, if you get my drift. This is the kind of tool that can be used to spoof addresses right in the outgoing header, and thereby hangs the tale of how spam is disguised (and hidden from very upset retaliators). If you decide to hunt one down, rotsa ruck! <_< Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
Nov. 16, 2004, 05:15 PM
Post: #8
|
|||
|
|||
Many thanks to both of you.
|
|||
Nov. 17, 2004, 08:06 PM
Post: #9
|
|||
|
|||
RE: Filtering POST data
Quote:Hey, why not come around more often? We could use a few more of your caliber here, believe me!I pop in once in a while to check things out and see if there is anything I can answer, but I've been extremely busy this year so I haven't had much time. At least I can remember when some topics have been discussed previously and provide the link |
|||
Nov. 17, 2004, 08:40 PM
Post: #10
|
|||
|
|||
I thought I could clarify a bit about what parts of the HTTP messages Proxo can work on.
An HTTP Request (sent from browser to server) consists of a Request Line, followed by Headers, followed by an optional message body. An HTTP Response (sent from server to browser) consists of a Status Line, followed by Headers, followed by an optional message body. The Request Line includes a "Method" which has values such as POST or GET. A GET method normally passes all information in the URL and headers and there is no message body. A POST method normally passes information not only in the URL and headers, but also in the message body. A POST method can be sent by your browser when you submit a form, and all the information that you enter in the form is passed in the message body. For example, when I click the "Add Reply" button after typing in this message, a POST will be sent to the server, and this message will be in the message body. As Oddysey mentions, POSTs can also be done from scripts like Javascript or Java applets. HTTP Responses normally contain a message body, but in some cases they don't. Proxo filters generally cannot work on either the Request Line of the Request, or the Status Line of the Response. However, Scott realized that it was useful to be able to modify the Request URL, which is part of the Request Line. To do this, he invented a special header field called "URL:". "URL" is not a real HTTP Header, but it is Proxo's way of referring to the Request URL within the Request Line. Proxo Header Filters work on Headers in either the Request or Response. All headers can be filtered, Proxo does not hardcode which ones can or cannot be filtered. You just have to make sure you type the exact header name in the HTTP Header section of the Header Filter. Proxo Web Page Filters work only on the message body of the HTTP Response, not on the message body of the HTTP Request. |
|||
The following 1 user says Thank You to pooms for this post: cscat |
Nov. 17, 2004, 09:28 PM
Post: #11
|
|||
|
|||
This thread, and particularly pooms' most recent answer, should be made into a sticky! B) Most valuable information, indeed.
pooms, hope your life gets less busy next year! Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
Nov. 17, 2004, 09:32 PM
Post: #12
|
|||
|
|||
RE: Filtering POST data
Quote:This thread, and particularly pooms' most recent answer, should be made into a sticky! B) Most valuable information, indeed.Done Great topic guys |
|||
Nov. 17, 2004, 10:05 PM
Post: #13
|
|||
|
|||
Kye-U;
Muchas Gracias, Amigo! I'm sure others will come to appreciate this little tidbit, as we swell our ranks. Guest, have you registered yet? Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
Oct. 24, 2012, 04:30 PM
(This post was last modified: Oct. 24, 2012 04:31 PM by cscat.)
Post: #14
|
|||
|
|||
RE:
(Nov. 16, 2004 01:05 AM)Oddysey Wrote: There are other proggies out that can do what you want, but they aren't commonly found in the wild, if you get my drift. This is the kind of tool that can be used to spoof addresses right in the outgoing header, and thereby hangs the tale of how spam is disguised (and hidden from very upset retaliators). If you decide to hunt one down, rotsa ruck! <_< Hi Oddysey, I'm very interested to know about this program that you're talking about that can change POST data sent from client to server on the fly. Also, sorry for bumping a very old (but very informative) thread! Thanks |
|||
« Next Oldest | Next Newest »
|