Post Reply 
Filtering POST data
Nov. 09, 2004, 04:02 PM
Post: #1
 
Is there a way to filter data sent by the browser but not in the headers (POST variables etc) ?
Quote this message in a reply
Nov. 09, 2004, 10:49 PM
Post: #2
RE: Filtering POST data
Guest;

Welcome to our forum! Hope you like it well enough to register and join in.

Quote:Is there a way to filter data sent by the browser but not in the headers (POST variables etc) ?

Your question presents a conundrum. Browsers don't ordinarily send data, only requests that are part of the header. As you pointed out, even the POST mechanism (used to submit some kinds of form data) is buried in the Header. The only exception to this rule is where a form uses the GET method of submission - then there is a block of data that is not part of the request Header. This also explains why we can control the Incoming and Outgoing Header filters separately (toggle them on or off in the main Proxomitron window), but there's only one kind of Web filter to control.

Your question asks "How can we make Proxo filter outgoing data?" My question in rejoinder is "what outgoing data?" Can you give us more details, please?

However, it's also possible that I have mis-read your intent. (Which is par for the course, knowing me. Sad ) If so, feel free to set me straight. :o B)


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Nov. 10, 2004, 05:21 PM
Post: #3
 
Ok i hope that example will make it clear :

Code:
POST /login.jsp HTTP/1.1
Host: www.mysite.com
User-Agent: Mozilla/4.0
Content-Length: 27
Content-Type: application/x-www-form-urlencoded

userid=joe&password=guessme
Given that request how to modify userid... ?
Quote this message in a reply
Nov. 11, 2004, 11:07 AM
Post: #4
 
Guest;

Ah, now we're getting somewhere. What you're seeing is the result of a Java component/applet. It is obviously building a packet to hold the username and password, then shipping that packet behind the request header.

Some observations:

1) This is normal behavior for ActiveX and Java applets. Other applications could also do this, but not many do, due to overhead.

2) As already described, Proxo can't see this separate packet of data. You can't change it on the way out.

In fact, if you'll look in the HELP file, under Headers, you'll find that Proxo can modify these fields:

If-Modified-Since:
Referer:
User-Agent:
Host:
Accept:
Accept-Language:
Accept-Charset:
Cookie:
Pragma: no-cache

There are other fields, but I notice that they don't end with a colon, like the ones on this list. Therefore, I have to deduce that we (meaning you) can't even modify POST or GET data strings.

At this point, I think you're stuck. Certainly, somebody else here might jump in, and point out my shortcomings, thereby fixing your problems. One can hope, can't they? Big Teeth


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to Oddysey for this post:
cscat
Nov. 15, 2004, 10:08 PM (This post was last modified: Oct. 24, 2012 05:29 PM by JJoe.)
Post: #5
RE: Filtering POST data
No you can't filter the POST data. See this thread at Arne's forum, especially Scott's reply why it would be difficult.


Edit by JJoe: Link updated from http://asp.flaaten.dk/pforum/topic.asp?TOPIC_ID=655 to http://prxbx.com/oldforums/index.php?topic=655
Add Thank You Quote this message in a reply
Nov. 16, 2004, 12:52 AM
Post: #6
 
pooms,

As usual, right on target, exactly when needed. Thanks. Hail

Hey, why not come around more often? We could use a few more of your caliber here, believe me! Big Teeth


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Nov. 16, 2004, 01:05 AM
Post: #7
 
Guest;

As you've seen above, and hopefully in the referenced discussion on Arne's forum, it can't be done. If Scott said so, it's so. At least not with Proxo. Sorry 'bout that. Cry

There are other proggies out that can do what you want, but they aren't commonly found in the wild, if you get my drift. This is the kind of tool that can be used to spoof addresses right in the outgoing header, and thereby hangs the tale of how spam is disguised (and hidden from very upset retaliators). If you decide to hunt one down, rotsa ruck! <_<


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Nov. 16, 2004, 05:15 PM
Post: #8
 
Many thanks to both of you.
Quote this message in a reply
Nov. 17, 2004, 08:06 PM
Post: #9
RE: Filtering POST data
Quote:Hey, why not come around more often? We could use a few more of your caliber here, believe me! Big Teeth
I pop in once in a while to check things out and see if there is anything I can answer, but I've been extremely busy this year so I haven't had much time.
At least I can remember when some topics have been discussed previously and
provide the link Big Teeth
Add Thank You Quote this message in a reply
Nov. 17, 2004, 08:40 PM
Post: #10
 
I thought I could clarify a bit about what parts of the HTTP messages Proxo can work on.

An HTTP Request (sent from browser to server) consists of a Request Line, followed by Headers, followed by an optional message body. An HTTP Response (sent from server to browser) consists of a Status Line, followed by Headers, followed by an optional message body. The Request Line includes a "Method" which has values such as POST or GET.
A GET method normally passes all information in the URL and headers and there is no message body. A POST method normally passes information not only in the URL and headers, but also in the message body. A POST method can be sent by your browser when you submit a form, and all the information that you enter in the form is passed in the message body. For example, when I click the "Add Reply" button after typing in this message, a POST will be sent to the server, and this message will be in the message body. As Oddysey mentions, POSTs can also be done from scripts like Javascript or Java applets.
HTTP Responses normally contain a message body, but in some cases they don't.

Proxo filters generally cannot work on either the Request Line of the Request, or the Status Line of the Response. However, Scott realized that it was useful to be able to modify the Request URL, which is part of the Request Line. To do this, he invented a special header field called "URL:". "URL" is not a real HTTP Header, but it is Proxo's way of referring to the Request URL within the Request Line.

Proxo Header Filters work on Headers in either the Request or Response. All headers can be filtered, Proxo does not hardcode which ones can or cannot be filtered. You just have to make sure you type the exact header name in the HTTP Header section of the Header Filter.

Proxo Web Page Filters work only on the message body of the HTTP Response, not on the message body of the HTTP Request.
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to pooms for this post:
cscat
Nov. 17, 2004, 09:28 PM
Post: #11
 
This thread, and particularly pooms' most recent answer, should be made into a sticky! B) Most valuable information, indeed.

pooms, hope your life gets less busy next year! Big Teeth


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Nov. 17, 2004, 09:32 PM
Post: #12
RE: Filtering POST data
Quote:This thread, and particularly pooms' most recent answer, should be made into a sticky! B) Most valuable information, indeed.
Done Cheers

Great topic guys Smile!
Visit this user's website
Add Thank You Quote this message in a reply
Nov. 17, 2004, 10:05 PM
Post: #13
 
Kye-U;

Muchas Gracias, Amigo! I'm sure others will come to appreciate this little tidbit, as we swell our ranks.

Guest, have you registered yet? Big Teeth


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Oct. 24, 2012, 04:30 PM (This post was last modified: Oct. 24, 2012 04:31 PM by cscat.)
Post: #14
RE:
(Nov. 16, 2004 01:05 AM)Oddysey Wrote:  There are other proggies out that can do what you want, but they aren't commonly found in the wild, if you get my drift. This is the kind of tool that can be used to spoof addresses right in the outgoing header, and thereby hangs the tale of how spam is disguised (and hidden from very upset retaliators). If you decide to hunt one down, rotsa ruck! <_<

Oddysey

Hi Oddysey,
I'm very interested to know about this program that you're talking about that can change POST data sent from client to server on the fly.
Also, sorry for bumping a very old (but very informative) thread!
Thanks
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: