It is helpful to see what each side, in a client/Server communication, sends or receives. There are two Unix tools that could be usefull in such situations:
WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. It is able to intercept both HTTP and HTTPS communication.
Paros features request and response editing and automated scanning of Cross Site Scripting and SQL injection vulnerabilities
– NETCAT Listen all TCP/UDP connections on a specific port
– cURL send ‘fake’ requests to a server.
We start a listening server with
1
nc -lk $ip $port
- -l: listen
- -k: forces nc to stay listening for another connection after its current connection is completed.
- $ip: the IP/interface you want to bind to. Use 0.0.0.0 to bind to all interfaces and IPs.
- $port: the port you want to bind to. Doesn’t really matter which one you use, as long as the client uses the same one to connect to.
1
nc -lk 0.0.0.0 8080
Sending “fake” requests to a server
With CURL it is as simply as that:
1
curl -v -i -X POST -d $data $uri
- –v: verbose
- -i: include HTTP headers in the output
- -X: HTTP request type. Defaults to GET if none given
- -d: data
1
curl -v -i -X POST -d '{"id":1,"action":"getRecord","params":{"clientVersion":"1.0.0.230","user":"kat"}}'