RE: Web Application Penetration Testing Tools

From: Gary Everekyan (geverekyan_at_univision.net)
Date: 10/08/03

  • Next message: GMHoward: "RE: Web Application Penetration Testing Tools"
    Date: Wed, 8 Oct 2003 12:28:17 -0400
    To: "Brian E" <brian_anon@hotmail.com>, <pen-test@securityfocus.com>
    
    

    Have you looked at spidynamics?
    http://www.spidynamics.com/

    You may find it useful.

    Regards,
     
    Gary Everekyan
    CISSP, CISM, MCSE, MCT
    Information Security Manager
    Security and Audit
     

    -----Original Message-----
    From: Brian E [mailto:brian_anon@hotmail.com]
    Sent: Tuesday, October 07, 2003 9:25 PM
    To: pen-test@securityfocus.com
    Subject: Web Application Penetration Testing Tools

    When performing penetration testing of web applications I have used a
    minibrowser from www.aignes.com for a very long time.

    This simple application allows me to browse a web application and easily
    see links, form elements, cookies, a log of actual commands being sent
    back and forth and more. The ability to manipulate cookies and form
    elements makes it very useful.

    Unfortunately, it's support as a web browser is limited so I can't test
    all web applications (such as embeded scripts and frames).

    Does anyone know of some other good tools for auditing web applications
    with the ability to manipulate form data and cookies before being sent
    to the server?

    Preferably, I'm looking for something based on Windows that is browser
    based (as opposed to proxy based) but am still open to all platforms and
    methods.

    ------------------------------------------------------------------------

    ---
    Tired of constantly searching the web for the latest exploits? Tired of
    using 300 different tools to do one job? Get CORE IMPACT and get some
    rest. www.coresecurity.com/promos/sf_ept2
    ------------------------------------------------------------------------
    ----
    The information contained in this e-mail and any attached documents 
    may be privileged, confidential and protected from disclosure.  If you 
    are not the intended recipient you may not read, copy, distribute or 
    use this information.  If you have received this communication in 
    error, please notify the sender immediately by replying to this 
    message and then delete it from your system.
    ---------------------------------------------------------------------------
    Tired of constantly searching the web for the latest exploits?
    Tired of using 300 different tools to do one job?
    Get CORE IMPACT and get some rest.
    www.coresecurity.com/promos/sf_ept2
    ----------------------------------------------------------------------------
    

  • Next message: GMHoward: "RE: Web Application Penetration Testing Tools"

    Relevant Pages

    • Re: Web Application Penetration Testing Tools
      ... The ability to manipulate cookies and form elements makes it ... Tired of constantly searching the web for the latest exploits? ... Get CORE IMPACT and get some rest. ...
      (Pen-Test)
    • RE: Web Application Penetration Testing Tools
      ... The ability to manipulate cookies and form elements makes it ... Tired of constantly searching the web for the latest exploits? ... Get CORE IMPACT and get some rest. ...
      (Pen-Test)
    • Re: Web Application Penetration Testing Tools
      ... It's a DLL for IExplore that allows you to view and manipulate forms variables. ... Not sure about cookies, ... > Tired of constantly searching the web for the latest exploits? ... > Get CORE IMPACT and get some rest. ...
      (Pen-Test)
    • RE: Web Application Penetration Testing Tools
      ... Web Application Penetration Testing Tools ... The ability to manipulate cookies and form elements makes it ... Tired of constantly searching the web for the latest exploits? ... Get CORE IMPACT and get some rest. ...
      (Pen-Test)