Acunetix WVS 8 Released Candidate Now Available!
Acunetix WVS 8 Released Candidate Now Available!
January 25, 2012 – 10:47 pm | No Comment
Read the full story »
releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » docs & FAQs

HTTP Editor Tool

Submitted by on August 9, 2010 – 10:33 pmNo Comment

The HTTP Editor tool allows you to create, analyze and edit client HTTP requests and server responses. This allows you to further fine tune attacks and check if vulnerabilities were solved.
You can start the HTTP Editor from the ‘Tools’ node within the Tools Explorer window pane.
The Top pane in the HTTP editor displays the HTTP request data and headers.  The bottom pane displays the HTTP response headers data.

Editing a HTTP Request


1. From a Scan or crawl, right click a file and select ‘Edit with HTTP Editor’.

2. From the HTTP Editor Toolbar, the following options can be edited:

  • Method – Select one of the standard HTTP methods such as GET, POST and HEAD.  You can also specify a custom method by typing it in the ‘Method’ input field, such as OPTIONS, TRACE or DELETE.
  • Protocol – Select the HTTP Protocol (HTTP/1.0 or HTTP/1.1) version to be used for the request.
  • URL – Specify the URL, including the hostname of target object that you want to request (e.g. http://192.168.0.28/). You can specify a relative URL without hostname and request the hostname via the request headers.

3. The Request tab shows the headers of the HTTP request. You can edit any of the headers by specifying the Header name e.g. Cookie or User-Agent and assigning the header value associated to it, e.g. ID=1.

4. To craft a HTTP request with request data apart from the headers (e.g. a POST request with variables), enter the data in the ‘Request Data’ window. Variables’ data can also be edited by the Variable Editor.

Variable Editor

The Variable Editor can be launched by clicking on the ‘Edit query Variables’ button. Query variables are separated from the URL by a “?” and are encoded in the URL-Encode standard. With the variable editor you can edit query variables, cookies and other request data. You can add, remove, URL-encode and URL-decode variables using the buttons in the small toolbar at the bottom of the variable editor window. Click ‘OK’ to store the changes and close the Variable Editor.

You can supply data other than the URL encoded variables, such as XML documents for PROPFIND request. Specify the content length and the content type through the appropriate (‘content length’ and ‘content type’) headers. In the case that no content length or type is specified, the HTTP Editor will use “application/x-www-form-urlencoded” as the default content type, whilst the content length is automatically calculated.

5. Use the toolbar at the top of the request page to add and remove request headers, add cookie variables, open the encoder-decoder tool and to toggle between HTTP and HTTPS.

6. Click the ‘Encoder Tool’ button   to encode-decode any text data that you want to send with a HTTP request or that you got back in response. This tool makes use of Base64 and URL-encoding techniques to convert plain text data to send in a request. Click ‘Start’ to request to URL.

Note: For websites with AcuSensor Technology enabled, you can manually add AcuSensor Technology headers to the HTTP request. To do this, right click the ‘Request Headers’ window pane and select ‘Add AcuSensor headers’.  If AcuSensor Technology is enabled, you can view specific AcuSensor Technology related data in the response tab ‘AcuSensor Data’.

Text Only Tab

This tab displays the request in plain text. You can make changes to the request by editing the text directly on display.

Analyzing HTTP Responses

After the HTTP request is sent to the web server, the server response in the bottom pane of the HTTP Editor can be analyzed. The server response is shown in the tabs ‘Response headers’, ‘Response data’, ‘View Page’, and ‘HTML structure analysis’.

Response Tabs

Once a HTTP response is received from the target server, you can analyze the request details using the response tabs below:

  • Response Headers – Displays HTTP response headers.
  • Response Data – Displays the HTTP response data received from the web server (similar to web browsers’ option view source).
  • View Page – Displays the web page without relevant images or CSS.  Clicking on any of the links will display the request of that link in the ‘Request Headers’ tab and will update the URL in the HTTP Editor toolbar.
  • HTML Structure Analyses – Displays a list of links, commencts, client scripts, web forms and META tages found in the HTTP response.
  • AcuSensor Data – Displays a list of AcuSensor Technology parameters if AcuSensor headers are added in the HTTP request and AcuSensor is Enabled.
Be Sociable, Share!

Leave a comment!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.