The Sapience Society The advice of a self-proclaimed technological ninjician

4Jun/100

Form Request Hijacker Javascript Bookmarklet

The idea: Lets say you want to use some service hosted at another site, but there isn't an API or anything.. just a user-accessible form. Well, in order to use that form, you're going to have to use something like cURL to submit some POST variables or something to the form handler.

Here's the problem: What information is actually getting submitted with the form?

The only way to form your curl request is if you know every single bit of data that's getting sent to the form. You could do this with a tool like the "Web Developer" add-on for Firefox, but then if there's some onsubmit javascript that affects the form in any way, you don't get those changes.

My solution: Using javascript, hijack the form and have it submit to a custom URL which will then tell you any variables sent through the headers.

Tagged as: , , , , Continue reading
   

Donate to this blog!

Help me pay for server costs, or just show your appreciation!
USD

Categories

Archives

Tags

.TSI 4-Deck AT&T beta Blog Bookmarklet connect default dotfile download dual boot essential files file sharing Firefox hidden iphone jailbreak javascript jdownloader Launchpad LED Leopard linux M-Audio Mac Mapping MIDI mime Native Instruments OS X PHP police problems rapidshare Samba Share SMB software SSH stumbleupon Traktor tunnel ubuntu unix