Re: Security tool for monitoring HTTP headers?

patrick@xxxxxxxxxxxxxxxxxxxxx wrote:
> Does anyone know of a security tool for modifying HTTP headers directly?
> For example if I wanted to verify that there was proper input validation
> against some of the data in a POST request, does a tool besides Telnet
> exist?  I was considering creating one but I don't want to duplicate someone
> else's work.

  Give cURL a try: http://curl.haxx.se/

  ...

  If you want something simpler, have a look at this Perl script:

http://cvs.sourceforge.net/viewcvs.py/*checkout*/mod-security/mod_security/tests/run-test.pl?rev=1.1.1.1

  You simply create a file with a request and tell the script where
  to send it. If you put comments on top of the file and include a
  three digits number the script will assume that's the status code
  you expect, and check the response for it. For example:

----------------------
# 18 Keyword in POST only (500)
#
POST /cgi-bin/modsec-test.pl HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 5

p=333
----------------------

--
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]