Tool for generating html post page to bypass JS validation and test sql injection

I would like a tool (or firefox) that enumerates all , elements on an target HTML page and generates a new HTML开发者_运维问答 page which I can use to post to the original page.

I want to use this for security / sql injection testing, to circumvent any JavaScript validations.

The Web Developer firefox plugin is close, but it doesn't let me change the values of radiobutton elements.

If you're doing SQL injection testing, you should be sending the POST requests directly, not using a web form. It's easier to automate testing and covers a greater range of attack vectors... Plus, that's what the crackers will be doing, anyway.

Edit: a great compromise between the two ways is Fiddler: http://www.fiddler2.com/fiddler2/ ... You can submit via the web form (with JS disabled) and then edit the outgoing traffic to try to break your SQL injection.

You shouldn't be using Javascript as a form of security. Validations via JS should only be used to improve the user's experience. Therefore, SQL injection protection should be occurring server-side with parameterized queries. To edit values, you could use FireBug to test any Javascript/input.

EDIT: You could also use Tamper Data. Easy to use add-on which lets you change any of the POST parameters quickly.

Selenium is great for this kind of web UI testing.

The easiest way to do this is to use Firebug to edit the DOM.

You can use the Web Dev Toolbar to disable Javascript, and you can use Firebug's HTML view to edit attribute values in real time.

In general, Firebug is an excellent tool for web developers and designers and I (and many other people) highly recommend it.

I think the simplest way to do this is not to use forms at all. You can run Fiddler during a normal request and you will see your POST request occur.

You can then replay and modify that request using Fiddler's 'Request Builder' (drag the actual request onto the 'Request Builder' tab and it will clone the request.) This allows you to create whatever bad inputs you wish without worrying about generating new forms to handle this.

Tamper Data https://addons.mozilla.org/en-US/firefox/addon/966 - does HTTP header modification too.