jeudi 29 janvier 2015

intercepting AJAX request and response using BURP



I would like to intercept an AJAX request using BURP. I have used BURP for web applications testing before. This, however, appears to be a weird case. I am not certain what am I missing here.


The situation is :


I have a web page, lets say : http://ift.tt/15RKr5a.


Amongst the other fields on the REGISTRATION form on this page, there is an emailID text field. Due to some weird logic of the application, and I do not really care what, as and when i type out characters in this text filed it pulls up a drop down box with all the matching suggestions for that character.



Example : Say i type in the character 'a', then some of the suggestions that get pulled up are like abc@yahoo.com, ana@gmail.com, aka@yahoo.com etc.



Note: This is not an autocomplete enabled field/form that is leading to these suggestions being pulled up, just in case you were wondering on those lines.


I checked the request in BURP and there is an ajax request being made, as suspected, for each character typed in the emailID text field.


So from BURP the request is of the form :



GET /abcd/register.php?mod=ajax&inajax=yes&infloat=register&ajaxmenu=1&action=email_verify&email=allTheCharactersIEntered HTTP/1.1


Host: www.example.com



Now although INTERCEPT is ON in BURP and I can see that the above GET Request is paused (intercepted) for me to modify and forward the request, actually the response has already been received and the suggestion box has already been populated with the respective suggestions as I can see that in the browser and also in the HTTP History tab in BURP. (Hope what I am trying to say makes sense !)


What I want to achieve is that every time I type in a single character in the emailId text box (that's when the ajax call is being made, from my understanding), before the response (the suggestion drop down box) is generated I should be able to intercept and make changes to the typed in character on the fly.


What is it that I am missing here ? How do I achieve the above ? Please feel free to ask something that does not make sense in the above scenario.





Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)