Login or Register to Ask a Question and Join Our Community


UNIX and Linux RSS News

Three ways to test Web form input with a CAPTCHA

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements UNIX and Linux RSS News Three ways to test Web form input with a CAPTCHA
# 1  
Old 04-14-2008
Three ways to test Web form input with a CAPTCHA
Mon, 14 Apr 2008 15:00:00 GMT
Many Web forms these days feature a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) as an effort to stop people from setting up computers to automatically fill in Web forms. A typical CAPTCHA is an image with some numbers and letters in it with distortion and/or background noise, and a Web form input field where you are to enter the numbers and letters from the image. This article investigates three CAPTCHA applications that you can use on a PHP Web site.


Source...
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Trying to submit web form content to a shell script

Hi I was hoping some one could help me with a problem I have. I am trying to collect some information from a web form and save it to a text file. I found an example on this site that is sort of what I am trying to accomplish, the shell script bellow should echo the input back to the browser... (0 Replies)
Discussion started by: Paul Walker
0 Replies

2. Shell Programming and Scripting

Pass values from web form to shell script

Hi, is it possible to pass more values from web form like textbox to shell script and if yes,how to do that.:confused::confused::confused: (2 Replies)
Discussion started by: tdev457
2 Replies

3. Programming

Creating a web based id request form

Please pardon my ignorance, but I need to create a web-based form which can be used to request access to the unix servers in our environment. It just needs to have input fields for basic info (name, dept., etc.), and perhaps a drop-down box with the names of the servers. The form will be submitted... (2 Replies)
Discussion started by: wjssj
2 Replies

4. Shell Programming and Scripting

Filling out Web Form from Script

I am trying to fill out a web form from within a script I am writing. I think that I should be using curl to do this, but I'm not really sure. The form has username and password fields and a submit button. I want to be able to log in from the command line. Html from the site: <h5... (2 Replies)
Discussion started by: vockleya
2 Replies

5. Shell Programming and Scripting

Transfer files with web based form by date

Not sure how I should approach this one. I have server X and Server Y. X is a collector. All files are seperated by hour. Y is used strictly for analysis. I do not always need all files from X. Sometimes other people use Y for analysis and do not always know how to transfer the files from... (3 Replies)
Discussion started by: mrlayance
3 Replies

6. UNIX for Dummies Questions & Answers

Ways to Access Files on Unix Server via Web

Hi all! I'm a web developer with a question. We have a contractor that is working on a project that requires the user to access a ton of files on the clients Unix server. He has plans to built a VB interface for on site windows users to access those files and wants us to develop a web based... (4 Replies)
Discussion started by: Imhotep1963
4 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

spikeproxy

SPIKEPROXY(1)						      General Commands Manual						     SPIKEPROXY(1)

NAME

       spikeproxy - web application auditing tool

SYNOPSIS

       spkproxy [-s SSLproxyhost] [-p port] [-U NTLMUser] [-D NTLMDomain] [-P NTLMPassword] [-l ListenHost] [-c cache_directory]

DESCRIPTION

       This  manual  page documents briefly the spikeproxy command.  This manual page was written for the Debian distribution because the original
       program does not have a manual page.

       SPIKE proXY functions as an HTTP and HTTPS proxy, and allows web developers or web application auditors low level access to the entire  web
       application  interface,	while  also providing a number	of automated tools and techniques for discovering common problems. These automated
       tools include:

       1.Automated SQL Injection Detection

       2.Web Site Crawling (guaranteed not to crawl sites other than the one being tested)

       3.Login form brute forcing

       4.Automated overflow detection

       5.Automated directory traversal detection

       In addition to automated analysis, SPIKE proXy allows the user to penetrate into the internals of the web application by viewing and chang-
       ing  all  variables,  cookies,  headers,  or  other  parts of the request and resubmit them. SPIKE proXy maintains a careful record of each
       request made - saving both each request, and the entire response. The user can later go back and replace any request or view any response.

OPTIONS

       This program can be configured with the options listed below.  The options may be given in any order.

       -c cache directory
	      The directory that will be used to cache all the requests. This directory is created if it does not exist. The default  location	is
	      /var/cache/spikeproxy  but it can only be used by the root user.	-l listenhost The IP address the proxy will listen on (it defaults
	      to 127.0.0.1 so it is not available from external hosts).

       -p port
	      This option sets the port the proxy will listen on (it defaults to 8080 if not provided).

       -h proxyHost
	      Sets a proxy host to use in the proxy chain.  Spike will forward all requests to this proxy.

       -H proxyPort
	      Sets the port for the proxy host.

       -s proxySSLHost
	      Sets a proxy host for SSL connections. Spike will forward all SSL requests to this proxy.

       -S proxySSLPort
	      Sets the port for the SSL proxy host.

       -U NTLM Username
	      Defines the NTLM username it will use when authenticating to the proxy host.

       -P NTLM Password
	      Sets the password it will use when authenticating to the proxy host.

       -D NTLM Domain
	      Sets the NTLM domain it will use when providing credentials to the proxy host.

SEE ALSO

       The program provides inline documentation in the user interface when connected to it through a web client. If you are trying to audit a web
       application you might want to read OWASP Guide to Building Secure Web Applications and Web Services, Application Security Attack Components
       project, Application Security Testing Framework, and the OWASP Web Application Security TopTen available at  http://www.owasp.org  and  the
       World Wide Web Security FAQ available at http://www.w3.org/Security/Faq/

AUTHOR

       This  manual  page  was	written by Javier Fernandez-Sanguino Pen~a <jfs@computer.org>, for the Debian GNU/Linux system (but may be used by
       others).

								 October  2, 2006						     SPIKEPROXY(1)