Sniffing submitted webpage form

TheMSsForum.com: The Microsoft Software Forum

I am trying to find out what a web browser sends in a post request to a web
site. I have used a few packet sniffers but all the packets that display
comprehensible text are packets coming from the website. If I search in the
packets just before the one showing 'HTTP/1.0 200 OK...', I can't find out
what the url and post arguments the browser used. Is this info encoded? The
connection is not using SSL.
Anyone can recommend a sniffer that shows packets from my computer to a web
server in *text*. Or my basic question is how to sniff the contents of a
web page form submitted to a web server?


--
Karim
Recommended host: http://www.cheapesthosting.com - Affordable hosting since
1998
Top

Sniffing submitted webpage form by mike

mike
Wed Aug 27 01:00:21 CDT 2003

First "'HTTP/1.0 200 OK..." is the server response you
looking for what the CLIENT sends. Search for "POST "
or "GET " thats where a client side header begins.

As for a good tool i would suggest iris. It sorts them in
raw hex, ascii, or client server text(what you want)


Mike
>-----Original Message-----
>
>I am trying to find out what a web browser sends in a
post request to a web
>site. I have used a few packet sniffers but all the
packets that display
>comprehensible text are packets coming from the website.
If I search in the
>packets just before the one showing 'HTTP/1.0 200
OK...', I can't find out
>what the url and post arguments the browser used. Is this
info encoded? The
>connection is not using SSL.
>Anyone can recommend a sniffer that shows packets from my
computer to a web
>server in *text*. Or my basic question is how to sniff
the contents of a
>web page form submitted to a web server?
>
>
>--
>Karim
>Recommended host: http://www.cheapesthosting.com -
Affordable hosting since
>1998
>.
>
Top

Re: Sniffing submitted webpage form by Karl

Karl
Wed Aug 27 06:18:27 CDT 2003

Any of them.

You might want to search www.google.com for the Windows port of dsniff which
contains urlsnarf and another utility which lets you watch HTTP sessions
[though not sure if all of the utilities included in dsniff show the post or
not]

Windump, TCPdump and ethereal all should let you decode into text.

http://securityadmin.info/faq.htm#sniffer


"Karim" <karim3411@!!yahoo!!.com> wrote in message
news:183sm0apr1p69.erq3yve8prcl$.dlg@40tude.net...
>
> I am trying to find out what a web browser sends in a post request to a
web
> site. I have used a few packet sniffers but all the packets that display
> comprehensible text are packets coming from the website. If I search in
the
> packets just before the one showing 'HTTP/1.0 200 OK...', I can't find
out
> what the url and post arguments the browser used. Is this info encoded?
The
> connection is not using SSL.
> Anyone can recommend a sniffer that shows packets from my computer to a
web
> server in *text*. Or my basic question is how to sniff the contents of a
> web page form submitted to a web server?
>
>
> --
> Karim
> Recommended host: http://www.cheapesthosting.com - Affordable hosting
since
> 1998


Top

Re: Sniffing submitted webpage form by Karim

Karim
Wed Aug 27 10:36:03 CDT 2003

On Tue, 26 Aug 2003 23:00:21 -0700, mike wrote:

> First "'HTTP/1.0 200 OK..." is the server response you
> looking for what the CLIENT sends. Search for "POST "
> or "GET " thats where a client side header begins.
>
> As for a good tool i would suggest iris. It sorts them in
> raw hex, ascii, or client server text(what you want)

I know what 'HTTP/1.0 200 OK.' is. That's why I said I am looking in the
packets before the 'HTTP/1.0 200 OK.' packet. I can't find the packet that
has POST.

Karim



>
>
> Mike
>>-----Original Message-----
>>
>>I am trying to find out what a web browser sends in a
> post request to a web
>>site. I have used a few packet sniffers but all the
> packets that display
>>comprehensible text are packets coming from the website.
> If I search in the
>>packets just before the one showing 'HTTP/1.0 200
> OK...', I can't find out
>>what the url and post arguments the browser used. Is this
> info encoded? The
>>connection is not using SSL.
>>Anyone can recommend a sniffer that shows packets from my
> computer to a web
>>server in *text*. Or my basic question is how to sniff
> the contents of a
>>web page form submitted to a web server?
>>
>>
>>--
>>Karim
>>Recommended host: http://www.cheapesthosting.com -
> Affordable hosting since
>>1998
>>.
>>
Top