Re: Webbrowser data

Giganews Newsgroups
Subject: Re: Webbrowser data
Posted by:  Remy Lebeau \(Indy Team\) (
Date: Wed, 31 Oct 2007

"Mark Williams" <mark@{removethis}> wrote in message

> If I try to skip these pages and get straight to the meat, I flunk
> security tests. I am trying to do this by way of a get on the main
> page (which is a servlet)  passing in the url and required security
> details as urlencoded variables, but this does not work.

Then you are likely not doing it correctly.  What do the HTML forms on each
page actually look like?  What does your code look like?

> Any idea how the previous page is passing in the security details

There are several ways to do that.  It depends on what the webserver exactly
has decided to use.  It could be passing values from page to another via
hidden HTML form fields.  It could be passing values in the URL of each
successive page.  It could be sending values back and forth using cookies.
It could be storing values in a session state on the server side.

I suggest you use Ethereal/Wireshark or other packet sniffer to see what the
web browser is actually transmitting at each step of the process.  However,
if the connection is using SSL, then you won't be able to do that.

> is it perhaps held as session data.

That is an option.

> Presumably, if the latter I am stuck.

Yup, you would be.  You will have to go through each page individually in
order to build up the proper session state.



In response to

Webbrowser data posted by Mark Williams on Wed, 31 Oct 2007