Grey bar Blue bar
Share this:

Fri, 1 Feb 2008

HTTP Mangling, Redirection etc.

So - here's the scenario.

Lohan is busy testing an application which uses remote web-services on a server called (example) www.target.com, but the program bypasses all proxy servers etc, making it impossible to trap and mangle requests.

So, we do the following:

1 - We make a note of the IP address of www.target.com (in this case, we'll assume it is 196.310.150.126 )

2 - Add a host entry in hosts, mapping www.target.com to 127.0.0.1

3 - Fire up a quick C# app written by yours truly which listens on 127.0.0.1:80

4 - Fire up a proxy server

5 - Configure the C# app to use proxy server 127.0.0.1:port of proxy
Now, the C# app does the following:

1 - Intercepts the HTTP request addressed to www.target.com

2 - Mangles the HTTP request to convert it into a proxied request (ie: Request "GET / HTTP/1.0" now becomes "GET http://196.31.150.216/ HTTP/1.0")

3 - Writes the request to the proxy server

4 - Writes the response back to the application

So, we're now able to intercept, fuzz, mangle etc all the requests and responses between the application and the web service. Not really rocket science, but rather handy...

The screenshot shows something similar, but using a web browser in place of the application here. I am using paros in this example because I am still doing large chunks of work on Suru...

HTTP Mangling

/ian