#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2011
    Posts
    13
    Rep Power
    0

    Modify HTTP response on the fly NOT using Fiddler2


    Hi

    Let`s assume that program 'xyz' use pretty simple authentication via HTTP/1.1 GET method. What i want to do is modify response header, exactly from "Content: 1; Bad User Name or Password" to "Content: 0; Pass".

    To be more specific:

    0) Im using win 7 x86, program 'xyz' was written in VB. Fiddler is not capturing packets, btw don t know why ;-( => i wanted to use AutoResponder. Wireshark captures nicely ;-)

    1) I run 'xyz' and fill credentials: User Name = 'fake_foo' and Password = 'fake_bar' than press login

    2) In wireshark i see HTTP request packet to 111.222.223.224:80:

    Code:
    GET /result?u=fake_foo&p=fake_bar HTTP/1.1
        User-Agent: CheckL
        TimeStamp: 1234567890
        Host: 111.222.223.224:80
    3) Next packet is response from that server:

    Code:
      HTTP/1.1 200 OK
        Date: 05:00:00 AM
        Content-Type: text/html
        Content: 1;Bad User Name or Password
    Now when i put reliable credentialas than response is:
    Code:
        HTTP/1.1 200 OK
        Date: 05:00:00 AM
        Content-Type: text/html
        Content: 0; Pass
    and program starts.

    How to, what software can use to modify on the fly this response to be 'pass' after sending request with fake data?

    thx

    btw.
    From time to time "Preview Post" throw an error:
    PHP Code:
    Warningfsockopen() [function.fsockopen]: unable to connect to 67bca3793d80.rest.akismet.com:80 (Connection timed outin /includes/Akismet.class.php on line 343 
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,993
    Rep Power
    9397
    Why not just put in the right credentials to start?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2011
    Posts
    13
    Rep Power
    0
    cos i want to know(get knowledge) how to bypass this kind of auth.

    i m just curious.

IMN logo majestic logo threadwatch logo seochat tools logo