Hi everyone,

There is a plugin for Firefox, called "Live HTTP Headers", it allows you to capture header information including "form" information, change it and replay.

Sometimes you rely on an array of $POST to change settings in rows, however, if one can easily change the $POST data and replay it, it could be a disaster!

How easy is it to use the "replay" function in "Live HTTP Headers"? My apache server seems to stop this action, and does not allow it, can I depend on it as a security measure?

Regards,
Titan

    Any hacker with a little knowledge can totally bypass your web page forms, sending whatever counterfeit HTTP headers and form POST/GET data he wants. In fact, it would be quite simple to do so running PHP on your PC and using the built-in [man]cURL[/man] functions. Therefore, for any non-trivial web site that processes form inputs, it is incumbent upon you to assume that all incoming user-supplied data may be hacked and must therefore be validated/filtered by your server-side programs. Do not assume that anything on the browser side will protect you from malicious data.

      Thank you very much for the reply, I will then continue to work according to this strategy and will not assume to be protected by apache.

      Regards!

        Write a Reply...