Re: Web Application Penetration Testing Tools

From: Smaxdot (smaxdot@rootshell.be)
Date: Mon Oct 13 2003 - 13:41:52 EDT


Continuing in the same vein of plugins for IE, Konstantin Boukreev's
Cookie Spy will allow you to view and manipulate cookies on the fly
directly from the browser. A useful tool indeed!

Get it here: http://www.codeproject.com/shell/cookiespy.asp

-sMax.

>
>
> ---------- Forwarded message ----------
> Date: 10 Oct 2003 20:29:13 -0000
> From: balinsky@cisco.com
> To: pen-test@securityfocus.com
> Subject: Re: Web Application Penetration Testing Tools
>
> In-Reply-To: <20031008012450.29598.qmail@sf-www3-symnsj.securityfocus.com>
>
> Try Richard van den Berg's modifications to HtmlBar. It's a DLL for IExplore that allows you to view and manipulate forms variables (including hidden ones). Not sure about cookies, but it looks pretty cool.
> http://www.vdberg.org/~richard/htmlbar.html
>
>
> Andy
>
> >This simple application allows me to browse a web application and easily see links, form elements, cookies, a log of actual commands being sent back and forth and more. The ability to manipulate cookies and form elements makes it very useful.
> >
> >Unfortunately, it's support as a web browser is limited so I can't test all web applications (such as embeded scripts and frames).
> >
> >Does anyone know of some other good tools for auditing web applications with the ability to manipulate form data and cookies before being sent to the server?
> >
> >Preferably, I'm looking for something based on Windows that is browser based (as opposed to proxy based) but am still open to all platforms and methods.
>
> ---------------------------------------------------------------------------
> Tired of constantly searching the web for the latest exploits?
> Tired of using 300 different tools to do one job?
> Get CORE IMPACT and get some rest.
> www.coresecurity.com/promos/sf_ept2
> ----------------------------------------------------------------------------
>
>

---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT