Reputation: 2501
Trying to Read Live HTTP Headers Report from Firefox
I am trying to reverse engineer an existing registration and payment system for a website. The system is a 2 step process. The first step is where the user submits their registration information. Here is the output from Live HTTP Headers for the first form submission:
https://drive.google.com/file/d/0By2lFlhEzILjR0V4WkJNSWMzWU0/edit?usp=sharing
In reviewing this step, I see that the user is being directed to a page that contains these http variables in the browser address:
plugin=cbpaidsubscriptions
&cbpgacctno=1
&cbppdtback=33d54252b823f27833aa451238663f83
&cbpbasket=178
&cbpshopuser=99fe7e456230069467dd397360ad951f
&result=payform
I need to understand exactly how these values are being passed through the form. I am new to Live HTTP Headers so I am unclear as to how to read the output.
Ultimately, there must be some type of redirect script that is creating the hidden variables and then passing them through to the next form. Here is the script code from the header of the form:
https://docs.google.com/document/d/1Ney0XWUikFaOsRzywREWSP8LJNc7oi6VxikAgatuAcI/edit?usp=sharing
To sum up the question, my hope is to learn:
1) What scripting is taking place to redirect the user?
2) What do I need to do to recreate the unique variables to pass through my form?
3) Is there a tutorial on how to better understand live http headers?
Upvotes: 0
Views: 421
Answers (1)
Reputation: 335
The extension generating the headers is called CBSUbs - Community Builder Paid Subscriptions - available from https://www.joomlapolis.com/cb-solutions/cbsubs
That extensions specifically manages subscriptions on websites, and is performing all the permissions management to say whether or not someone is subscribing, subscribed and allowed to access the content, subscribed but expired so can no longer access the content etc.
So those variables are all encoded in relation to the component. eg cbpshopuser is a key that identifies the user that is subscribing.
Unfortunately, I think the code behind CBSubs is encoded, so you won't be able to reverse engineer it directly as you would with other open source software.
I don't know much about live headers enough to assist you further, and can't tell exactly what it is you're trying to do - reverse engineering CBSubs is probably not the easiest option to look at. In this case, the functionality is provided by a Joomla Extension, and so looking at what the extension does rather than reinventing the wheel, is probably your best starting point.
Upvotes: 3
Related Questions
- How to read Referer and User-Agent HTTP request headers in client-side JavaScript?
- Accessing the web page's HTTP Headers in JavaScript
- In Firefox, how do I see HTTP request headers? (where in web console?)
- How can access the headers of an incoming request in tritium?
- Http headers in Javascript?
- Header injection through browser
- Trying to get HTTP POST request in Firefox extension
- Getting header information inside JavaScript
- Get Response Header/Body
- capture details from external web page