Reverse-Engineering HTTP Attacks

David Ross over in the Windows Security group has written a good paper about using tools like Fiddler and others to take apart HTTP based exploits.

Good reading.

http://blogs.msdn.com/dross/archive/2005/06/13/428590.aspx