Re: iChain Form Fill Dynamic Input Tag Names
rrawson wrote:
>
> I have a client using a commerical application (Oracle) which in it's
> latest incarnation is trying to foil some sort of attack by randomly
> salting the names of input tags. So a static form fill policy cannot
> match the form fields.
>
> The question I have is:
>
>
> - Is there any way to specify a wild card in the name of the input
> tag in the form fill policy?
Nope
> - Is there any way to specify the input tag by an enumeration
> (input[first()], input[2], input[last()], etc.)
Nope
> - Is there any way to inject some sort of javascript content that
> could be used to look at the form and do a more customized fill?
Not sure
Maybe you can use the authentication header instead ? OLAC allows you
to inject the credentials into the authentication header and send it to
the backend webserver.
--
Cheers,
Edward
|
Threaded Mode
