0

enter image description hereTamper Data gives all the cookie context i wish to automate that. Session-Id and Login Credentials. WGET or Wapiti kinda stuff.. but these are cmnd line based .. i wish a web-based one ! the Tamper data values i need to pass are under the red box of screenshot.

Shashank Bajpai
  • 5
  • 1
  • 9
  • I suppose you want to get the values of the `request-headers`? If not can you provide a screen-shot of the tamper-data to show exactly what you want? Thanks – Prakash K Sep 17 '12 at 11:27
  • yes, I want to fetch the values of request handlers to by-pass the actual login page by using one created by me. – Shashank Bajpai Sep 21 '12 at 07:05

1 Answers1

1

Relying on the request-header's values is dicey and it is flawed since the request-header values can be easily manipulated (one example is what you yourself are showing).

If you want to login automatically into another web-application using the credentials you have provided in some other web-application then you can use Single Sign-on (SSO). More info can be found in this answer.

If you have some other requirement, then you can included that in the question so that it can be seen & answered accordingly.

Here is how you can get the request-header in a JSP:

  1. request.getHeader("cookie") or request.getHeader("user-agent").

  2. Or can use: request.getHeaderNames() to get all the headers and then loop through the names and get each header value by using point#1 like this:

    Enumeration hNames = request.getHeaderNames();
while(hNames.hasMoreElements()) {
    String hName = (String) hNames.nextElement();      
    System.out.println(hName + " = " + request.getHeader(hName);
}

  3. This link might be helpful: Reading HTTP Request Headers

Here is how you can get the request headers in PHP:

  1. Nice answer to the question: How do I read any request header in PHP,
Community
  • 1
  • 1
Prakash K
  • 11,669
  • 6
  • 51
  • 109