Http header plug-ins

Lorelei · Jun 19, 2006

for several yrs I've been a novice tester, just simple things like proof-reading the Help files and user guides, ensuring the GUI conforms to standards, etc. But now I've been asked to work on a website that requires me to have a solid understanding of web security and my boss wants me to "think like a hacker" so I'm having to learn real quick.
I've been told to install "http header reader plug-ins" (or something like that) for every browser I'll be using. Apparently with these things installed, I can learn more about the web site I'm testing than what is normally accessible just through View > Source.
I ran a variety of searches and found so much conflicting info my head spun. I downloaded a few plug-ins, but none appeared to work the way I imagined they should. So I asked my boss for more details and was told "just Google 'Hacker's toolbox' and you'll find some." No, I haven't yet, but I did find this site, so I'm throwing the question out to all you readers.
He needs to ensure that his code is locked down as tightly as possible, that very little is accessible to others out there who may choose to rip apart the web site's underlying code. Apparently, if I install these plug-ins, I'll be able to better see what the hackers see, and can then report back.
Can somebody point me in the right direction please??

StevieO · Jun 19, 2006

Here's a free online service that you can view HTTP Requests and Response Headers etc

http://web-sniffer.net/

Also don't forget to use view source in IE.

Something which might be useful as well, is the free rgjtool which plugs into IE, that i posted about before

https://www.wilderssecurity.com/archive/index.php/t-120143.html

Note that you may get an error upon startup. This is a result of Microsoft trying to patch all kinds of security issues. You can safely ignore the message and continue. If applicable, answer 'No' to the debug question.

http://www.virtualconspiracy.com/index.php?page=/rgjtool/index

I did a quick google for "http header plug in" and found quite a lot to choose from, including ones for FF too, so all in all you should be able to find what you need.

StevieO

StevieO · Jun 20, 2006

I discovered this today which could also prove very useful.

______________

Site Inspector

Paessler Site Inspector works like an x-ray device, allowing you to peer into the working of website pages and expose their secrets.

With Site Inspector’s very own browser, the Analyzing Browser, users can switch between the two browser engines with just one mouse click, e.g., to compare the rendering of a page in both browsers. The sophisticated web page analysis functions - which also integrate into Internet Explorer and Firefox - make analyzing and debugging web sites easy.

Features

Whenever you access a web page using Internet Explorer, Firefox, or Site Inspector's browser you will find a wealth of analysis functions in the toolbars and menus. For example:

For any given URL, users can access lists of the images, forms, links, frames, metatags, or the scripts of a web page as well as the HTML source and HTTP headers.

Using the Highlight function, users can mark any HTML tag with a colored border inside the rendered web page (e.g., to show all TD tags in a page). An invaluable tool for web designers.

A pixel grid as well as guide lines can be shown in a web page.
All image tags and link URLs can be shown right inside a web page.
HTML sources and Javascript files are shown using syntax highlighting.
You can copy the page URL, page title, page source, list of URLs, and even the page as a bitmap to the clipboard.

The browser window can be resized to various standard screen sizes (e.g. 800x600) and you can zoom into a web page.
A fine selection of tools that are available online (e.g. "CSS/HTML validation", "link checking", "ping the server", "traceroute the server", "show domain owner", "W3C markup validation") is already included and can be customized.

Download and use Site Inspector for free!
Click to expand...

http://www.paessler.com/psi/

StevieO

Log in or Sign up

Http header plug-ins

Lorelei Registered Member

StevieO Registered Member

StevieO Registered Member

Log in or Sign up

Http header plug-ins

Lorelei Registered Member

StevieO Registered Member

StevieO Registered Member

Useful Searches