Http header plug-ins

Discussion in 'other security issues & news' started by Lorelei, Jun 19, 2006.

Thread Status:
Not open for further replies.
  1. Lorelei

    Lorelei Registered Member

    Joined:
    Jun 19, 2006
    Posts:
    2
    Location:
    Winnipeg, MB
    for several yrs I've been a novice tester, just simple things like proof-reading the Help files and user guides, ensuring the GUI conforms to standards, etc. But now I've been asked to work on a website that requires me to have a solid understanding of web security and my boss wants me to "think like a hacker" so I'm having to learn real quick.
    I've been told to install "http header reader plug-ins" (or something like that) for every browser I'll be using. Apparently with these things installed, I can learn more about the web site I'm testing than what is normally accessible just through View > Source.
    I ran a variety of searches and found so much conflicting info my head spun. I downloaded a few plug-ins, but none appeared to work the way I imagined they should. So I asked my boss for more details and was told "just Google 'Hacker's toolbox' and you'll find some." No, I haven't yet, but I did find this site, so I'm throwing the question out to all you readers.
    He needs to ensure that his code is locked down as tightly as possible, that very little is accessible to others out there who may choose to rip apart the web site's underlying code. Apparently, if I install these plug-ins, I'll be able to better see what the hackers see, and can then report back.
    Can somebody point me in the right direction please??
     
  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Here's a free online service that you can view HTTP Requests and Response Headers etc

    http://web-sniffer.net/

    Also don't forget to use view source in IE.

    Something which might be useful as well, is the free rgjtool which plugs into IE, that i posted about before

    https://www.wilderssecurity.com/archive/index.php/t-120143.html

    Note that you may get an error upon startup. This is a result of Microsoft trying to patch all kinds of security issues. You can safely ignore the message and continue. If applicable, answer 'No' to the debug question.

    http://www.virtualconspiracy.com/index.php?page=/rgjtool/index

    I did a quick google for "http header plug in" and found quite a lot to choose from, including ones for FF too, so all in all you should be able to find what you need.


    StevieO
     
  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    I discovered this today which could also prove very useful.
    http://www.paessler.com/psi/


    StevieO
     
    Last edited by a moderator: Jun 20, 2006
Loading...
Thread Status:
Not open for further replies.