Author Topic: Newbie Q : alter posted data.  (Read 2930 times)

Bes

  • Newbie
  • *
  • Posts: 29
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Newbie Q : alter posted data.
« on: June 19, 2002, 06:45:02 PM »
Hi, I have a rather dumb question, but how can I alter data that shows as posted in the proxomitron log window.

For example : I see there

bblablablabla
URL: www.website.com/blablablabla.asp

Posting 321 bytes
VideoResolution=1024x768
Colors=32bit
blablablabla


I don't know where to create a filter for altering this data, should this be a pattern-filter or a header filter ? And how can I then check & alter data ?

Thanks very much for your always positive responses.


P.S. The reason for this question is that I want some good laugh when some script is sending my systemstats at www.pcpitstop.com

Edited by - Bes on 19 Jun 2002  19:52:01
 

Jor

  • Sr. Member
  • ****
  • Posts: 421
    • ICQ Messenger - 10401286
    • AOL Instant Messenger - jor otf
    • Yahoo Instant Messenger - jor_otf
    • View Profile
    • http://members.outpost10f.com/~jor/
    • Email
Newbie Q : alter posted data.
« Reply #1 on: June 19, 2002, 07:10:04 PM »
You need to either block some Javascript functions from working, or insery an external Javascript file overriding these functions. I prefer the latter approach.

Download and merge this file, http://members.outpost10f.com/~jor/files/screeninfo.zip , to get a filter that does this.

Note: this file does not really block them, but generates bogus values.
I kinda like the idea of a 4523.6*1297.2 resolution with 862.1 bits colour depth

Check the .js file (opens in any text editor) for the variables blocked.

Keep in mind ActiveX and Java will still display your real info!

Edited by - Jor on 19 Jun 2002  20:12:10
 

Bes

  • Newbie
  • *
  • Posts: 29
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Newbie Q : alter posted data.
« Reply #2 on: June 19, 2002, 07:15:29 PM »
Thanks Jor, unfortunately this doesn't work on it.
the site (pcpitstop) runs some activeX system scanning tool, and then sends
the results, I can see what's send using the proxomitron logfile under "Posting xxx bytes....."

Some things that get posted are:

DiskC=8.2Gb
DiskCfree=1.7Gb
InstalledRam=256Mb

I would like to alter these so that I have more free space on C than the max size, and have 28Gb of memory for example

So, there is no option to "check for" and "replace" those things that get posted ?


Edited by - Bes on 19 Jun 2002  20:20:38
 

Jor

  • Sr. Member
  • ****
  • Posts: 421
    • ICQ Messenger - 10401286
    • AOL Instant Messenger - jor otf
    • Yahoo Instant Messenger - jor_otf
    • View Profile
    • http://members.outpost10f.com/~jor/
    • Email
Newbie Q : alter posted data.
« Reply #3 on: June 19, 2002, 07:17:56 PM »
ActiveX offers little to no security, I recommend disabling it except for very select sites.

Maybe if you can give me an actual example URL I could check the code, see if it can be bypassed, but since I don't use MSIE I'm not familiar with ActiveX.

 
 

Bes

  • Newbie
  • *
  • Posts: 29
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Newbie Q : alter posted data.
« Reply #4 on: June 19, 2002, 07:23:06 PM »
Jor,

here's the URL http://www.pcpitstop.com/pcpitstop/pitstop.asp

after pushing the 'Test Anonymously' button, and click "Let's Go" some window will pop up, and if you allow it, a full system diagnose will be done

During the tests, you can see it "posting" lots of details about your system. I just want to change some values that get send to the server


Edited by - Bes on 19 Jun 2002  20:26:29
 

pooms

  • Jr. Member
  • **
  • Posts: 75
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Newbie Q : alter posted data.
« Reply #5 on: June 19, 2002, 07:38:40 PM »
I don't think it is possible to apply a filter to the POST'ed data.
I also wanted to do that, in the case of SOAP XML documents being
POST'ed. Unlike the Header filters, which can be applied to either
the outgoing or incoming header values, the Web Page Filters only
apply to the incoming data. There doesn't appear to be any way
to have a filter that applies to the outgoing (POST'ed) data.

I didn't understand what Jor's answer had to do with your question at
first, but I think what he's saying is that you can try and modify the
code that generates the data to be POST'ed. In my case, that doesn't
work because the application that POST's the data is not Javascript.

There are several other applications that I've seen POST'ing data
that I thought would be nice to be able to filter: Windows Update,
Real Player, Virus Checker updates, etc.

 
 

Bes

  • Newbie
  • *
  • Posts: 29
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Newbie Q : alter posted data.
« Reply #6 on: June 19, 2002, 07:42:23 PM »
Damn, that's a pity !
Well, Scott should better make work of that function!


 
 

Jor

  • Sr. Member
  • ****
  • Posts: 421
    • ICQ Messenger - 10401286
    • AOL Instant Messenger - jor otf
    • Yahoo Instant Messenger - jor_otf
    • View Profile
    • http://members.outpost10f.com/~jor/
    • Email
Newbie Q : alter posted data.
« Reply #7 on: June 19, 2002, 08:08:18 PM »
You can alter POSTed data, if you have can alter or edit form fields used to post this data.

Example:
If a site uses <input type="hidden" name="user id" value"1000">, you can edit this form value, and once submitted a different user ID will be posted.

Of course this assumes that a) you have access to the form source, b) there is no form of checking for validation involved, and c) you can find out what values have to be altered.

 
 

sidki3003

  • Sr. Member
  • ****
  • Posts: 476
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Newbie Q : alter posted data.
« Reply #8 on: June 19, 2002, 10:11:52 PM »
That's a really nice system test.
Thanks for the link

 
 

Scott Lemmon

  • Full Member
  • ***
  • Posts: 103
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://proxomitron.cjb.net/
    • Email
Newbie Q : alter posted data.
« Reply #9 on: June 19, 2002, 11:09:46 PM »
The main reason you can't modify posted data is you have to include the length up-front in the content-length header. Filters change the length in ways that can't be predicted beforehand. Although in theroy HTTP/1.1 servers should allow chunked encoding in POSTs, it's so little used many servers may not expect it or handle it correctly.  

In general it would offer no real protection for stuff like active-x anyway. These have no restrictions on what they can do and could even make non-http connections directly to the site that wouldn't go through the proxy at all.

 
 

pooms

  • Jr. Member
  • **
  • Posts: 75
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Newbie Q : alter posted data.
« Reply #10 on: June 19, 2002, 11:47:27 PM »
hmm, good point, that reminds me that I had some trouble related to
chunked encoding a while ago while writing Java code to POST XML
documents to my Apache server. My code didn't work, and when I
took a look at the HTTP that was being sent, I saw that it was
using chunked encoding. At the time I didn't really know what chunked
encoding was, but it was suspicious enough that I got rid of it and
then my code worked. I'd have to go back and test it again to be
definite that it was the chunked encoding that was the cause of my problem.