Computer Security - HttpCatcher

07-21-2004, 09:17 PM

Hi,
I had some time to kill so I developped a little tool
very useful for testing the security of a web site. I called it HttpCatcher.

"HttpCatcher is a free tool that will let you see the way your browser
communicates with the server. HttpCatcher will behave as a local proxy, and
will let you interfere in the communication process. HttpCatcher is the tool
you need to understand the http protocol. You will see full http headers and
you will be able to change them on the fly."

Any of the parameters or the headers can be spoofed..

You can dowload it freely from http://www.httpcatcher.com

At the moment, I only made a release for Windows XP.

Did you like it ? please add a link on your webpage..

zebulon

07-22-2004, 01:15 AM

"zebulon" <>
wrote in news:40fecf82$0$4969$:
> Hi,
> I had some time to kill so I developped a little tool
> very useful for testing the security of a web site. I called it
> HttpCatcher.
>
> "HttpCatcher is a free tool that will let you see the way your browser
> communicates with the server. HttpCatcher will behave as a local
> proxy, and will let you interfere in the communication process.
> HttpCatcher is the tool you need to understand the http protocol. You
> will see full http headers and you will be able to change them on the
> fly."
>
> Any of the parameters or the headers can be spoofed..
>
> You can dowload it freely from http://www.httpcatcher.com
>
> At the moment, I only made a release for Windows XP.
>
>
> Did you like it ? please add a link on your webpage..

HTTP Tracer seems to do more regarding monitoring. Don't remember that
it could replace strings in the datastream, though. From what I can
tell, the author/owner of HTTP Tracer disappeared so I don't know if
HTTP Tracer is in the public domain. I recall that it expired after a
trial period.

--
__________________________________________________
*** Post replies to newsgroup. Share with others.
(E-mail: domain = ".com", add "=NEWS=" to Subject)
__________________________________________________

*Vanguard*

07-22-2004, 01:39 AM

"zebulon" <> wrote in message
news:40fecf82$0$4969$...
> Hi,
> I had some time to kill so I developped a little tool
> very useful for testing the security of a web site. I called it
HttpCatcher.
>
> "HttpCatcher is a free tool that will let you see the way your browser
> communicates with the server. HttpCatcher will behave as a local proxy,
and
> will let you interfere in the communication process. HttpCatcher is the
tool
> you need to understand the http protocol. You will see full http headers
and
> you will be able to change them on the fly."
>
> Any of the parameters or the headers can be spoofed..
>
> You can dowload it freely from http://www.httpcatcher.com

http://tinyurl.com/45y9d for Borland-based alternatives; SocketSpy is Open
Source - never did get around to doing that with my own SocketProxy.. if you
really want it (why!?!) then shout ;o)

Neither allow the request to be modified, but.. then again, neither are
protocol-specific

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Hairy One Kenobi

07-22-2004, 01:49 AM

zebulon wrote:
> Hi,
> I had some time to kill so I developped a little tool
> very useful for testing the security of a web site. I called it HttpCatcher.
>

Which language did you use and would you mind to show the source code?

DarkSamurai

07-22-2004, 01:19 PM

zebulon wrote:

> Hi,
> I had some time to kill so I developped a little tool
> very useful for testing the security of a web site. I called it HttpCatcher.
>
> "HttpCatcher is a free tool that will let you see the way your browser
> communicates with the server. HttpCatcher will behave as a local proxy, and
> will let you interfere in the communication process. HttpCatcher is the tool
> you need to understand the http protocol. You will see full http headers and
> you will be able to change them on the fly."
>
> Any of the parameters or the headers can be spoofed..
>
> You can dowload it freely from http://www.httpcatcher.com
>
> At the moment, I only made a release for Windows XP.
>
>
> Did you like it ? please add a link on your webpage..
>
>
>

Theres a FireFox extension that shows you all the headers in real time
which is nice.

--
Mimic

"When life hands you lemons, ask for tequila and salt."
ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
"Without knowledge you have fear. With fear you create your own nightmares."
"He who controls Google, controls the world".

Mimic

07-23-2004, 08:49 PM

it is similar but catch as well file operations, for example
cookies and internet tmp files
http://www.smike.ru

Socket

07-22-2004, 01:15 AM	#2
Vanguard Posts: n/a	Re: HttpCatcher "zebulon" <> wrote in news:40fecf82$0$4969$: > Hi, > I had some time to kill so I developped a little tool > very useful for testing the security of a web site. I called it > HttpCatcher. > > "HttpCatcher is a free tool that will let you see the way your browser > communicates with the server. HttpCatcher will behave as a local > proxy, and will let you interfere in the communication process. > HttpCatcher is the tool you need to understand the http protocol. You > will see full http headers and you will be able to change them on the > fly." > > Any of the parameters or the headers can be spoofed.. > > You can dowload it freely from http://www.httpcatcher.com > > At the moment, I only made a release for Windows XP. > > > Did you like it ? please add a link on your webpage.. HTTP Tracer seems to do more regarding monitoring. Don't remember that it could replace strings in the datastream, though. From what I can tell, the author/owner of HTTP Tracer disappeared so I don't know if HTTP Tracer is in the public domain. I recall that it expired after a trial period. -- __________________________________________________ *** Post replies to newsgroup. Share with others. (E-mail: domain = ".com", add "=NEWS=" to Subject) __________________________________________________ Vanguard

07-22-2004, 01:39 AM	#3
Hairy One Kenobi Posts: n/a	Re: HttpCatcher "zebulon" <> wrote in message news:40fecf82$0$4969$... > Hi, > I had some time to kill so I developped a little tool > very useful for testing the security of a web site. I called it HttpCatcher. > > "HttpCatcher is a free tool that will let you see the way your browser > communicates with the server. HttpCatcher will behave as a local proxy, and > will let you interfere in the communication process. HttpCatcher is the tool > you need to understand the http protocol. You will see full http headers and > you will be able to change them on the fly." > > Any of the parameters or the headers can be spoofed.. > > You can dowload it freely from http://www.httpcatcher.com http://tinyurl.com/45y9d for Borland-based alternatives; SocketSpy is Open Source - never did get around to doing that with my own SocketProxy.. if you really want it (why!?!) then shout ;o) Neither allow the request to be modified, but.. then again, neither are protocol-specific -- Hairy One Kenobi Disclaimer: the opinions expressed in this opinion do not necessarily reflect the opinions of the highly-opinionated person expressing the opinion in the first place. So there! Hairy One Kenobi

07-22-2004, 01:49 AM	#4
DarkSamurai Posts: n/a	Re: HttpCatcher zebulon wrote: > Hi, > I had some time to kill so I developped a little tool > very useful for testing the security of a web site. I called it HttpCatcher. > Which language did you use and would you mind to show the source code? DarkSamurai

07-22-2004, 01:19 PM	#5
Mimic Posts: n/a	Re: HttpCatcher zebulon wrote: > Hi, > I had some time to kill so I developped a little tool > very useful for testing the security of a web site. I called it HttpCatcher. > > "HttpCatcher is a free tool that will let you see the way your browser > communicates with the server. HttpCatcher will behave as a local proxy, and > will let you interfere in the communication process. HttpCatcher is the tool > you need to understand the http protocol. You will see full http headers and > you will be able to change them on the fly." > > Any of the parameters or the headers can be spoofed.. > > You can dowload it freely from http://www.httpcatcher.com > > At the moment, I only made a release for Windows XP. > > > Did you like it ? please add a link on your webpage.. > > > Theres a FireFox extension that shows you all the headers in real time which is nice. -- Mimic "When life hands you lemons, ask for tequila and salt." ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net ) "Without knowledge you have fear. With fear you create your own nightmares." "He who controls Google, controls the world". Mimic

07-23-2004, 08:49 PM	#6
Socket Posts: n/a	Re: HttpCatcher it is similar but catch as well file operations, for example cookies and internet tmp files http://www.smike.ru Socket

07-21-2004, 09:17 PM	#1
	HttpCatcher Hi, I had some time to kill so I developped a little tool very useful for testing the security of a web site. I called it HttpCatcher. "HttpCatcher is a free tool that will let you see the way your browser communicates with the server. HttpCatcher will behave as a local proxy, and will let you interfere in the communication process. HttpCatcher is the tool you need to understand the http protocol. You will see full http headers and you will be able to change them on the fly." Any of the parameters or the headers can be spoofed.. You can dowload it freely from http://www.httpcatcher.com At the moment, I only made a release for Windows XP. Did you like it ? please add a link on your webpage.. zebulon

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search