#13 Forms parser for Spider

open
5
2005-04-13
2005-04-13
Rogan Dawes
No

It would be great if the spider could identify forms,
and make them visible in some fashion to the reviewer.

Possibly even allowing the operator to populate the
form fields and submit the forms manually. Ideally, if
any of the form fields are prefilled (e.g a hidden
field) these values should be saved and presented to
the operator.

Present a table of forms according to the conversation
in which they were seen, the method (GET/POST), the
URL, and a "signature" of the INPUT elements that make
up the form.

When a row in the table is selected, populate a
secondary table with the parameters and any known
values, and allow the operator to edit the fields and
supply values, before submitting the form.

It would be useful, but probably quite difficult, to
mark forms as submitted and remove them from the table
if we observe a "compatible" request. e.g. the method
and dst URL are the same, where values are pre-filled
in, the values are the same, etc.

It might not be all that difficult, simply iterate over
the list of conversations, and compare them.

Discussion


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks