What's New

RequestPoison is an extension for Mozilla Firefox intended to help test the security of HTTP server side programs against malicious user input.

Because it's possible for clients to submit arbitrary requests to web servers, server side programs must be able to appropriately handle any client input. Unfortunately testing the response of server side programs to inputs not generatable using the forms and links provided on a web site is time consuming and in some cases requires a familiarity with socket level programming and HTTP not possessed by all authors of server side programs.

RequestPoison simplifies the testing of server side programs by providing a graphical user interface for altering the inputs submitted to a such a program. It currently supports altering get and post data as well as the referring URI. In the future, I hope to extend it to support altering cookies and user-agent information.

Usage: After installing RequestPoison, to test a server side program, browse to that page generated by that program then open RequestPoison using its entry under the Tools menu. The inputs submitted to the program are displayed in a dialog and can be edited. Get and post data is displayed without URL escaping with c style escape sequences used to denote unprintable characters. After making changes, click the submit button to submit the new inputs in the active browser window.

The requestpoison project can be contacted through the mailing list or the member list.
Copyright © 2000-2019. All rights reserved. Terms of Use & Privacy Policy.