cancel
Showing results for 
Search instead for 
Did you mean: 
apellepa
Level 8

Retrieve information from request to https://site

Jump to solution

I need to retrieve user login from request to https://site.int and write to log file

MWG 7.4.2.3, SSL decryption rules exists

Connection tracing show like this:

POST /online/postlogin.cfm HTTP/1.1

Host: site.int

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: https://site.int/online/login.cfm?error_code=9&name=dsfds%3Blk

Cookie: JSESSIONID=13127734ae9c45a85283632a7065746f2872

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 48

username=dsfdf&passwd=dsfsdf&x=0&y=0&ccode=12345]]]

18:16:55.760: Send 258 bytes; offset = 0

[[[

HTTP/1.1 302 Moved Temporarily

Date: Mon, 27 Apr 2015 15:16:55 GMT

Pragma: no-cache

Server: Apache

location: login.cfm?error_code=2&name=dsfdf

Connection: Keep-Alive

Content-Type: text/html; charset=UTF-8

Cache-Control: no-cache

Content-Length: 0

How to retrieve "username=dsfdf&passwd=dsfsdf&x=0&y=0&ccode=12345" from request to User-Defined variable (or retrieve only "username" value) ?

0 Kudos
1 Solution

Accepted Solutions
amart
Level 9

Re: Retrieve information from request to https://site

Jump to solution

You want to get access to the request body of content type application/x-www-form-urlencoded. In MWG 7.4 you can enable openers and parse body.tostring property yourself, in MWG 7.5 you can use property Request.POSTForm.Get(parameter).

Andrej.

0 Kudos
3 Replies
asabban
Level 17

Re: Retrieve information from request to https://site

Jump to solution

Hello,

I think connection traces are the most convenient way to capture the credentials for example for password recovery.

Why do you want to store the data into a user-defined property or write them to a log file? That does not sound like something you want to do in regards to privacy concerns.

Best,

Andre

0 Kudos
apellepa
Level 8

Re: Retrieve information from request to https://site

Jump to solution

We want to check that users does not exchange credentials between ones (in MWG log we have domain login and corresponding site.int login - so we can pass this information to SIEM and alert when another user use the existing site.int login).

0 Kudos
amart
Level 9

Re: Retrieve information from request to https://site

Jump to solution

You want to get access to the request body of content type application/x-www-form-urlencoded. In MWG 7.4 you can enable openers and parse body.tostring property yourself, in MWG 7.5 you can use property Request.POSTForm.Get(parameter).

Andrej.

0 Kudos