TesterHQ - The Evil Tester Blog Aggregator

Oct 26, 2018 - 2 minute read - Evil Tester Testing

Amending HTTP Traffic within a Browser - Chrome, Safari, Firefox, and Edge

Original Blog Posting on [blog.eviltester.com]

TLDR: Firefox now lets us Edit and Amend requests in the network tab, for other browsers we can convert to cURL or fetch (or use a proxy)

Did you know you can amend and resend HTTP Traffic from within a browser? You can and In this post we’ll do a quick comparative feature review of Chrome, Safari, Edge and Firefox to see how each of these browsers best supports us in doing that.

Amending and Resending traffic is useful for testing or security testing because you take a request that was already sent and authenticated, amend some details on it - a header or the verb or some of the payload and you can trigger new functionality, or bypass validation. Good manipulative testing.

Normally I use a proxy for that, but the browsers can now support me.

Let’s see how.

Chrome

  • get traffic in network, right click - can “block” but can’t resend
  • but can “copy as fetch” to use from console
  • or “copy as curl” to use from CLI or terminal

Firefox

  • right click Edit and Resend
  • or copy as curl

Safari

  • copy as curl

edge

  • can copy parts of the request but not full repeatable request

Big win for Firefox here. And of course with all browsers you can send them through a proxy which is still my preferred way of observing, interrogating and manipulating HTTP traffic.

Having the functionality in browsers now is a useful fallback for testing. And a good reminder that this level of manipulation is now available to everyone using the browser and if we aren’t testing at an HTTP traffic level for our applications then we have a coverage gap that a home user might be able to exploit.

Watch the video on YouTube