Page form data missing in developer tools - asp.net-mvc

I using the "Network" tab of the developer tools to view the submitted form data in my application.
I've tested using Chrome, FireFox quantum, and Edge. I can only view them in the Chrome browser.
Can anyone tell me why?
Note that the application works well with all browsers.
Here is the screenshot

In Edge (Microsoft Edge 44.18362.449.0)
Press F12
Under Network. Select your POSTed page.
Select the Body tab and click Request Body.
(There are two links under the Body tab: Response body and Request body.)
One thing I've noticed (and this might be your problem) is that you
should have the debug screen up first (press F12). Do this before you
POST.
Page will look something like this:

In Edge, Body > Request Body have the data that you are looking for. Please refer Edge Help
And for Firefox, please refer MDN webdocs

I was trying to login to a website using a Python script for which I needed to find the form-data header but couldn't find that for long until I came across this YouTube vid: https://www.youtube.com/watch?v=SvUqk683mSA where they say that you need to make sure to check Preserve log on the Network tab of the developer console because apparently the Network tab clears requests activity on every page refresh and therefore the user-login POST request would never be visible.
And once you do get the login request you were looking for, in order to get the username and password or any other form data, head to the Payload tab and you'll find your "form-data" under Request Payload. Hope this helps!

Related

WaitForInputIdle not waiting for website to fully display

I looked high and low and could not find a satisfactory answer to my problem, which is:
I want to open a website and send it my user id and my password to enter it. I am using a procedure found on StackOverflow that uses CreateProcess and WaitForInputIdle. The problem is that the procedure returns without waiting for the website to fully display, therefore my Id and password end up in the wrong place. Inserting a Sleep(5000) will most of the time work but is not reliable. Can anybody point me in the right direction.
That will never work because WaitForInputIdle returns as soon as the application is waiting for input, but the web browser will not load the web site before that.
You'd have to find another way to do what you want. For example you could create a html form that will post your user id and password to the desired website as soon as it is opened:
How do you force a web browser to use POST when getting a url?
Or host the webbrowser in your application. Then it's in your control and you can send the post by code or be notified when the website has finished loading.

How to add domain for Oauth2 to Google Dev Console

Last year I implemented Oauth2 for users of our app to sign in via Google, obtaining the client ID and configuring multiple permitted URLs via the Google Dev Console at https://console.developers.google.com/project/<our-project-id>/apiui/credential?authuser=0.
I now need to add another URL to the list, but the UI for the Google Dev Console has changed. Using the new UI, I don't understand how to view the URLs I already configured, and I don't understand how to add another. The documentation I've found describes adding stuff such as credentials and domains, but I don't want to click anything until I understand it better because I can't risk breaking the production app, which relies on the existing setup I established with the old Google Dev Console. In particular, I don't think I should add or change anything until I can at least see the configuration data I previously created.
I'd appreciate info on how to view my existing configuration data, either by somehow accessing the old UI or by clicking the appropriate controls in the new one. From there I'll hopefully be able to figure out how to add another URL.
By the way, the URL I want to add is a proxy server for using "ionic serve" (http://10.0.0.15:8100/app/oauth_redirect) if that's relevant to your answer.
you can click on Credentials link in the left side menu and then click on you app. shown as hyperlink. and you will get options to add more URL to redirect uri list or to authorized uri list and you will be able to see your old configured url as well. See below screen shots to understand more.

How to modify a request in Fiddler?

I'm looking for a simple way to intercept a web request and modify the contents of the request (mainly POSTs) using Fiddler.
This is to test server-side validation.
I have to use Fiddler, however I haven't found a good simple way to do so.
There have been several documented ways to write scripts to intercept traffic and change headers, but I would like to do it without writing a script - this tool needs to be used by the testers and writing/modifying scripts all the time by different testers may be annoying.
Example:
Simple POST with 2 parameters:
field1=foo,
field2=bar
I would like to intercept the request, modify the value of field2 to be something like bañ (note the ñ, in my case is invalid and that is what I want to test).
Ok, posting the answer that I put together from piecing it together from the following youtube video:
Tampering Client Requests and Server Responses with Fiddler
Start fiddler (I'm using Fiddler 4)
You will notice that it intercepts all traffic through all browsers and other applications
Set a filter - this will enable you to view only the data you are interested in
On the right hand side, click on the filters tab
Check 'Use Filters'
On Hosts, use 'Show only the following Hosts'
In the text box below that, put the host you are testing for. In our case for the test environment, put the following: testing.internalsite.com;
In the section called 'Breakpoints', check 'Break request on POST'
Intercept the request
In your browser, navigate to the page which you are testing. In our case, it is the welcome page where we will be doing our testing of the server-side validation: https://testing.internalsite.com/yourapp/welcome.do
Clear all the existing logged requests by hitting the 'X' in the tool ribbon and choosing 'Remove all'.
In your browser, put the data into the form you are interested in testing and hit submit. This is valid data (passes client side validation) which you will be changing with fiddler.
In Fiddler, you will see the request with the red icon. Click on the request to load the details on the right side.
On the Inspectors tab, followed by the WebForms tab, you can modify the parameters of the form which was submitted. Change the data as appropriate for the test.
Hit the 'Run to completion' button
Validate that your response is correct - usually some sort of error message if you are testing the server-side validations
I use fiddler 4.6.3. You can try this if you are submitting a web form.
Note the post request when you submit a form. Let that request remain in fiddler. Lets modify the request in Fiddler.
1 - Right click request > check "unlock for editing".
2 - Inspector tab > Modify form fields such as username, password etc. in Body section.
3 - Right click request > Replay > Reissue request.
Done ! The only problem with this approach is that you modify the old request. In Charles proxy, this is done in 2-3 clicks vs the many clicks in Fiddler. Plus, you don't have to mess the old request.

Changing the interface of a webservice witout having access to it

I have awebsite, lets just call it search, in one of my browserpages open. search has a form, which when submitted runs queries on a database to which I don't have direct access. The problem with search is that the interface is rather horrible (one cannot save the aforementioned queries etc.)
I've analyzed the request (with a proxy) which is send to the server via search and I am able to replicate it. The server even sends back the correct result, but the browser is not able to open it. (Same origin policy). Do you have any ideas on how I could tackle this problem?
The answer to your question is: you can't. At least not without using a proxy as suggested in the answer by Walter, and that would mean your web site visitors would have to knowingly login to your web site using their other web site's credentials (hmm doesn't sound good...)
The reason you can't do this is related to security, if you could run a script on the tab next to the one with the site open (which is what I'm guessing you want to do), you would be able to do a CSRF attack and get any data you wish and send it to hack.com
This is, of course, assuming that there has to be a login somewhere in the process, otherwise there's no reason for you to not be able to create a simple form which posts the required query and gets the info.
If you did have access to the mentioned website, you would be able to support cross domain xml using JSONP.
It is not possible to bypass the same origin policy in javascript (assuming that you want to do it with that considering your question). You need to set up a proxy server side that is doing the request for you and returns the html.
A simple way of doing this in PHP would be like this:
<?php
echo file_get_contents("http://searchdomainname.com" . "?" . http_build_query($_GET, '', '&'));
?>

With firebug stop loading so can see requests

I am trying to analyze a POST request using firebug. Using the net panel I can see the request, however when the POST has success the page then reloads and I only have a couple of seconds to actually look at the request and see what is going on. Is there a way I can pause it much like when analyzing scripts using this tool?
There is a "Persist" button on some of the tabs in Firebug. Just make sure to click it before doing your post.
[edit] Second row, third button from the left, on the Console and Net tabs.
Even better, if you're on Windows you can use Fiddler - an amazing and free HTTP debugger developed by some important guy on the Microsoft IE team.
With it you can conditionally intercept GET or POST requests, inspect and change parameters, break on responses, change responses (headers or body), reissue old requests and generally screw with your application during development.
Simply one of the most useful web development tools. Ever.
May require a little tweaking for localhost - see here
One solution would be to remove the refresh of the page from your code.
Then run your code to see the results.
You can use web developer tools plugin for Mozilla firefox, and disable meta redirects

Resources