XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Cracking AJAX? Done yet?

  • From: Tei <oscar.vives@g...>
  • To: xml-dev@l...
  • Date: Wed, 8 Nov 2006 09:58:35 +0100
capture ajax calls
Play the video
OFF-TOPIC

On 11/8/06, Peter Hunsberger <peter.hunsberger@g...> wrote:
> Not sure what you want to do, but you can mostly reverse engineer the
> Ajax calls.  Sometimes the underlying libraries are obscured, but at
> some level, every Ajax call begins with a Javascript invocation (plain
> text) from a web page.
>
> In our case, this makes it easier to get at the underlying data, once
> you dig down far enough to figure out the calls you can invoke them
> directly and get the relevant XML (or sometimes other wise encoded)
> data directly.
>
> There are tools to track the underlying HTML calls that work at the
> browser level -- you shouldn't have to resort to proxies -- but so far
> I've never had the need for them...

On firefox you can use LiveHTTPHeaders extension to capture all the
HTTP trafick on a readable way. Very usefull to analize & debug AJAX.
For other browser you can always use a cheapo proxy and activate all
the logging. As example SpoonProxy able that. So you can capture
everything the browser send or receive.
If the browser is embeded on other program, you have not acces to
proxy configurations, theres network tools like Ethereal to capture
trafick.
With ajax you always have the client side code, and communication
samples, only the server side code is unknom on non-FOSS software.

About the original subject. Imho, yes. A ajax call need to validate
the call, as a normal web page do. On PHP you can track a $_SESSION
var, and takes 1 line of code. Hee!, you reuse the auth method you use
on all other pages.

if (!$_SESSION["userLogued"]) {  echo 0; exit() }

A number of ajax apps will ignore or forget to add that line, and will
be posible to break into applications trough ajax.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.