Yesterday we had a bit of a security “incident” at the day job. The fix was relatively straight-forward (I wasn’t the fixer), and when completed I was tasked with determining if the fix was sufficient and if there was anything else obviously insecure.
It had been a long day, it was late, and my testing was just not as good as it could’ve been. It seemed OK and I signed it off.
This morning, however, I was challenged to spend some time really “hacking” at this particular web app. I went nuts! A few hours later I had identified a handful of new vulnerabilities. A mixed blessing to be sure. I’m always happy when I do a good job, but this is a job I would’ve preferred to have failed at…
Know what made some of that almost pleasant though? A slick little Firefox extension called UrlParams. Want to flip POST to GET? Want to edit hidden form fields on the fly? One of my particular favorites: Add new fields (great for locating debug options). Messing with the referrer can be fun too.
In general, our stuff did quite well, but there were a few scenarios where I managed to get it to cough up the goods.
More testing tomorrow, and UrlParams will definitely still be in the toolbox.
Possibly Related posts:
Loading tweets...
3 comments
rcmullins
March 15, 2007 at 1:19 pm (UTC -7)
Just wanted to drop a quick note and to just say thanks for all the work you do.
I subscribe via email and get everyone of your posts, in addition I enjoy your handysolo help at the WordPress.org site.
THANKS A TON!!! You have helped me out of more than one jam!!
-rc
Chris
March 15, 2007 at 3:38 pm (UTC -7)
Thanks for the kind words, and glad to have been of assistance.
URL Parser
July 5, 2010 at 4:53 am (UTC -7)
Thanks for the post. I was looking for something similar. Too bad it doesn’t seem to be available for Firefox 3.6.6.
You might want to consider another useful add-on that allows you to parse and edit the query parameters passed into a site via the URL: URL Parser @
https://addons.mozilla.org/en-US/firefox/addon/176748/