Solo Technology

Yesterday we had a bit of a security “incident” at the day job. The fix was relatively straight-forward (I wasn’t the fixer), and when completed I was tasked with determining if the fix was sufficient and if there was anything else obviously insecure.

It had been a long day, it was late, and my testing was just not as good as it could’ve been. It seemed OK and I signed it off.

This morning, however, I was challenged to spend some time really “hacking” at this particular web app. I went nuts! A few hours later I had identified a handful of new vulnerabilities. A mixed blessing to be sure. I’m always happy when I do a good job, but this is a job I would’ve preferred to have failed at…

Know what made some of that almost pleasant though? A slick little Firefox extension called UrlParams. Want to flip POST to GET? Want to edit hidden form fields on the fly? One of my particular favorites: Add new fields (great for locating debug options). Messing with the referrer can be fun too.

In general, our stuff did quite well, but there were a few scenarios where I managed to get it to cough up the goods.

More testing tomorrow, and UrlParams will definitely still be in the toolbox.

2 Responses to “Firefox Extension of the Week: UrlParams”

1. rcmullins on March 15th, 2007 1:19 pm
   

   Just wanted to drop a quick note and to just say thanks for all the work you do.

   I subscribe via email and get everyone of your posts, in addition I enjoy your handysolo help at the Wordpress.org site.

   THANKS A TON!!! You have helped me out of more than one jam!!

   -rc

2. Chris on March 15th, 2007 3:38 pm
   

   Thanks for the kind words, and glad to have been of assistance.

Leave a Reply