Security DevCenter
oreilly.comSafari Books Online.Conferences.


Assessing Web App Security with Mozilla
Pages: 1, 2, 3, 4, 5

HTTP protocol sniffing and analysis with LiveHTTPHeaders

Assume that you have a web store at and you want to carry out HTTP analysis on this web application. Consider what happens when you browse to the URL This is the HTTP request that elicits an HTTP response from the web server. Figure 2 shows this HTTP request and response in LiveHTTPHeaders.

Calling the HTTP GET method
Figure 2. Calling the HTTP GET method

The browser makes an HTTP GET request of the web server, which responds with an HTTP response. Scrutinize the response, and you'll see that it includes key information such as the web server that is running and the session cookie provided to the client. These directives expose this information:

Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET

The application also has an HTML form where you can select quantities for products. To see what kind of HTTP request goes across, you could place an order. Figure 3 shows an example of product presentation.

Product presentation for an iPod
Figure 3. Product presentation for an iPod

When you fill in the required quantity on the form and click on the "Add to cart" button, the browser processes the form:

<form method="post" action="cart.asp">
   <input name="id" value="1" type="hidden">
   <input name="quantity" value="1" size="2" type="text">
   <input value="Add to cart" type="submit">

After processing this request, the form browser sends the HTTP request. Figure 4 illustrates the HTTP POST request as it travels over the wire.

POSTing a form to the server
Figure 4. POSTing to the server

The browser takes the quantity value of the form and generates a POST request on the wire with HTTP headers and Content-Length=15. As far as POSTed bytes in the HTTP headers go, the browser has sent 15 characters. In this example, that data is id=1&quantity=1.

Pages: 1, 2, 3, 4, 5

Next Pagearrow

Sponsored by: