What the Browsers Don t Show You

What the Browsers Don't Show You

Browsers translate HTML source code into visual, interactive elements that display pieces of information on a screen and allow the user to interact with them. At the heart of every browser is an HTML interpreter engine. Like any other computer language, HTML has a formal grammar specification and rendering guidelines. The HTML interpreter within the browser breaks the HTML into various elements and renders them on the screen. Not all HTML elements get rendered visually. Some elements, such as HTML comments, are meant mainly for documentation and clarity, whereas others are meant for behind-the-scenes operations, such as passing parameters between forms or setting cookies by client-side scripts. For a thorough understanding of HTML elements, refer to the HTML 4.0 specification at http://www.w3.org/TR/html4/.

As Web sleuths, we would fail in our duty if we left these stones unturned in the quest for clues. Popular browsers such as Netscape Navigator, Internet Explorer, and Opera have the functionality to display the HTML code in its raw format if desired. Figure 7-1 shows a Web page displaying various HTML elements.

Figure 7-1. HTML elements displayed by a browser

graphics/07fig01.gif

The page shows only some HTML headings and a form with one text field. Let's now find the elements not rendered by the browsers.

Netscape Navigator View | Page Source

To view a displayed page's HTML source code in Netscape Navigator, you can use the View | Page Source menu option, press Ctrl+U, or alternatively, right-click on the page and select View Source or View Frame Source, depending on whether the area is by itself or within an HTML frame. Netscape Navigator will open another window showing the HTML source code of the page. Figure 7-2 shows the example page's HTML code as viewed by Netscape.

Figure 7-2. Netscape's View Source

graphics/07fig02.gif

Voila! We see quite a few things that weren't displayed in the browser window. First is an HTML comment showing when the Web page was last modified and the e-mail address of the developer who wrote the page. Next are some keywords in the form of <META> tags within the HTML header that describe briefly what the page contains. Going farther into the body of the HTML code, we find a small JavaScript routine that sets a cookie on the user's browser whenever this page is visited. Finally, we find a hidden input field in the HTML form, which carries the value "cant see me." Without reviewing the HTML source code, we missed all these clues.

Internet Explorer View | Source

Internet Explorer (IE) lets you view a page's HTML source code by the View | Source option from the main menu or from the View Source option from the right-click pop-up menu.

IE copies the HTML code in a temporary file and opens it in Windows' Notepad instead of its own window. Figure 7-3 shows the same source code displayed by IE in Notepad. Having source code displayed in Notepad makes it easier to save a copy as a regular text file for later analysis.

Figure 7-3. Internet Explorer View Source

graphics/07fig03.gif

Other browsers, including Opera, have features that display the underlying HTML source code of the current page. For us, viewing HTML source code whenever we begin analysis of a Web application is a reflex action!

 



Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net