I want to test my website for certain vulnerabilities.
I'd like to read the HTTP requests send to the browser over a session and send them to another program in real time.
This way I can modify them and/or send my own malicious requests to the server.
Is there a way to do this?
I assume I could set up an SSL MITM locally, filter and sniff traffic with TCPDUMP, then feed the requests to my program as parameters, and then use cURL to reply, but this sounds like too much work.
Is there an easier way?
Related
It is easy to create an AJAX request to obtain resources from an HTTP server. But I am trying to find a way to create a TCP connection to a server to obtain certain resources, in the browser.
HTTP works over TCP, so I think that the way AJAX creates an HTTP request, the modules they use can be used to do the same, since a TCP connection has to be established before creating an HTTP request.
So, I want to know how does the AJAX library create an HTTP request and what does it use so that I can do the same in my code.
Your browser will probably refuse to do this, for good security reasons.
When you visit a web page that contains javascript, that code gets pulled down and starts to run inside your browser (assuming you have allowed javascript). That's handy, because it allows the website to be dynamic and do useful things for you. But do you want to allow that javascript to read your hard drive? I can assure you, you do NOT want that. Do you want to allow it to make arbitrary TCP connections? I can assure you that you don't want that either. The browser WILL allow the code to go back to the same server and push and pull data - that's what the AJAX library is doing. Nowadays browsers also allow javascript to initiate WebSocket connections, which is a little risky, but perhaps not as wide open as arbitrary TCP connections.
I hope this question is adapted.
Suppose I have a current session, that I take some form's input and that through a same javascript call, I send the data to 2 separate servers available through REST apis, does it induce any problem ? I was told this could induce a security browser alert. Is it right ?
As long as both the servers you're sending your requests to are able to serve them, there should be no issues. A browser would give you an error only if the servers are not able to serve you request due to a multitude of reasons including Bad Requests, CORS disabled or not configured for the domain making the request to server, etc.
I have a C# server side web service. but I don't want user can to see my requests like request tab from client's browsers.
now, I haven't been find any solution on SO.
what is the best solution to do this?
I think I can use a node.js server-side and render my reactjs inside it and my node.js send my requests to C# server side. like this:
React.js<--(render)--Node.js--(Send/Receive api's)-->C#
I don't know if I use a node.js server, my requests will be hidden from clients?
I don't want to use reactjs.net.
If you're making a HTTP request to node server, and making the stealth request from NodeJS to another server, that request will not be visible to the client.
Alternatively, you can make an encrypted request. Although URL and some part of encryption algorithm will still be exposed at client's end.
I'm working on a JavaScript library and I would like anybody using it can make request to my server.
Because this I have added the access-control-allow-origin,method headers to my server responses.
Thigs works fine but my is question is: Is that secure for my server? there is any other implication I can take into account?
Thanks a lot.
It's as secure as the code on your server is. If you allow people to send an AJAX request that can drop a table, then no it's not secure. But if you follow best practices for website/scripting security it should be as safe as handling any other request your server normally would.
Can anonymous users make changes to your server (e.g. incrementing a vote counter, post a comment, delete a post, etc)? If so, does it matter if a website you don't control makes some or all of their users make use of this feature of your site? Do the access control headers allow remote XHR to make those requests? If so, you have a problem.
Can known users make changes to your server? If so, does it matter if a website you don't control makes some or all of their users who are also your users make use of this feature of your site? Do the access control headers allow remote XHR to make those requests? Do the access control headers allow authentication methods (such as cookies) through? If so, you have a problem.
In short:
Can a user do something potentially undesirable on your site?
Do your access-control headers prevent third party websites from making users do those undesirable things?
This question is for my curiosity only:
Is it possible to make a HTTP request from a backend server to a web browser, that is to say I have a HTTP server ON the web browser to listen for incoming HTTP requests?
Cause I want to use frontend <-> couchdb directly thus dumping the backend server .. but then i wondered how i would do normal processing when the database javascript is not sufficient.
That thought made me think of this question.
Generally speaking — no.
There are some exceptions, Opera has a feature called "Unite" which allows it to run a web server (this is not turned on by default!) as well as acting as a user agent. That wouldn't allow you to send a response to a request that hadn't been made though.
Most web browsers don't have a web server and they are unable to accept HTTP requests. Maybe there is an extension for Firefox, but that's not a typical use case.
Depending on what you are trying to achieve, using Comet or long polling could work for you.