POST method example
POST method example Example of monitoring a webform with POST method.

For example you have such simple form:
form action="some-site.com/some-script.cgi" method=post
input type=text name=login value=''
input type=password name=password value=''
input type=submit name='Submit' value='Login'
/form
User fill this form with value login: Peter and password: 1234 and click submit. If everything is Ok, script prints "LoginOk" on the result page.
For making a monitoring task to control this script, create task with next fields:

URL: some-site.com/some-script.cgi
Http Method: choose POST
In "POST parameters" field you should add three strings:
login=Peter
password=1234
Submit=Login
In "Content check" field: LoginOk
Results: HostTracker with every check will fill this form and assume that it is OK if the set keyword LoginOk is returned.

  • CM.Glossary.WebsiteMonitoring
  • CM.Glossary.HTTPMethods
more glossary
"Great service. Improving constantly."
- Ray
Shellshock vulnerability online check
Considering the recently discovered Shellshock vulnerability, HostTracker has created a tool for testing it.
Check your server for vulnerability

How does it work?

It is developed for a Linux server with a web server installed on it. The algorithm is very simple. We consequently generate 4 http requests:

  • 1. Ordinary request
  • 2. The request tries, using vulneratility, post a "harmful" cookie which causes 2-seconds delay in respond to our special http request.
  • 3. The request tries, using vulneratility, post a "harmful" cookie which causes 4-seconds delay in respond to our special http request.
  • 4. Same as #3

Results of the test

How to understand the result?

We compare response time for all 4 requests. Three situation are possible:

  • 1. Vulnerability found. We may affirm that if the difference in responses is about 2 seconds for requests without cookie and with 2-second-delay cookie, as well as for requests with 2 and 4-second delay cookie. It means that our request was able to use the vulnerability and set these cookies.
  • 2. Vulnerability not found. All the requests have about the same response time. The cookies, likely, were not installed because there is no vulnerability.
  • 3. Uncertain situation. If the response time differs widely, without coincidence with preset by cookies delay, we can not say for sure. It could be if the server is under high load. To check this, we use two requests with same cookies (#3 and #4). If the response time for two same checks varies, we make a conclusion that the response time is not affected by cookies. At least, not only by them. So in this case our method can not detect vulnerability

Safety of checks

Our test can not damage your server. The risk consists of appearance of one extra-cookie, which is used only for our requests and can not affect normal work-flow of your site.

more blog
 
Feedback
Sign In
Sign Up
Prices & packages
Our monitoring network
Home > Feedback
 
Share:
Send to Twitter Send to Facebook Send to LinkedIn Share on Google+
Blogs:
HostTracker blog HostTracker page on Facebook