RE: Web Application Penetration Testing Tools

From: Perrymon, Josh L. (PerrymonJ_at_bek.com)
Date: 10/08/03

  • Next message: Christophe, Pascal: "RE: Web Application Penetration Testing Tools"
    To: 'GMHoward' <gmhoward@pancanal.com>, Brian E <brian_anon@hotmail.com>, pen-test@securityfocus.com
    Date: Wed, 8 Oct 2003 15:32:04 -0500 
    
    

    I think it's already mentioned..

    But I find Achilles to be of the best MITM proxies.

    -JP

    -----Original Message-----
    From: GMHoward [mailto:gmhoward@pancanal.com]
    Sent: Wednesday, October 08, 2003 12:15 PM
    To: Brian E; pen-test@securityfocus.com
    Subject: RE: Web Application Penetration Testing Tools

    Take a look at Paros (http://www.proofsecure.com)

    -----Original Message-----
    From: Brian E [mailto:brian_anon@hotmail.com]
    Sent: Tuesday, October 07, 2003 8:25 PM
    To: pen-test@securityfocus.com
    Subject: Web Application Penetration Testing Tools

    When performing penetration testing of web applications I have used a
    minibrowser from www.aignes.com for a very long time.

    This simple application allows me to browse a web application and easily see
    links, form elements, cookies, a log of actual commands being sent back and
    forth and more. The ability to manipulate cookies and form elements makes it
    very useful.

    Unfortunately, it's support as a web browser is limited so I can't test all
    web applications (such as embeded scripts and frames).

    Does anyone know of some other good tools for auditing web applications with
    the ability to manipulate form data and cookies before being sent to the
    server?

    Preferably, I'm looking for something based on Windows that is browser based
    (as opposed to proxy based) but am still open to all platforms and methods.

    ---------------------------------------------------------------------------
    Tired of constantly searching the web for the latest exploits?
    Tired of using 300 different tools to do one job?
    Get CORE IMPACT and get some rest.
    www.coresecurity.com/promos/sf_ept2
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Tired of constantly searching the web for the latest exploits?
    Tired of using 300 different tools to do one job?
    Get CORE IMPACT and get some rest.
    www.coresecurity.com/promos/sf_ept2
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Tired of constantly searching the web for the latest exploits?
    Tired of using 300 different tools to do one job?
    Get CORE IMPACT and get some rest.
    www.coresecurity.com/promos/sf_ept2
    ----------------------------------------------------------------------------


  • Next message: Christophe, Pascal: "RE: Web Application Penetration Testing Tools"

    Relevant Pages

    • RE: Web Application Penetration Testing Tools
      ... Take a look at Paros ... Web Application Penetration Testing Tools ... Tired of constantly searching the web for the latest exploits? ... Get CORE IMPACT and get some rest. ...
      (Pen-Test)
    • Re: Web Application Penetration Testing Tools
      ... The ability to manipulate cookies and form elements makes it ... Tired of constantly searching the web for the latest exploits? ... Get CORE IMPACT and get some rest. ...
      (Pen-Test)
    • RE: Web Application Penetration Testing Tools
      ... The ability to manipulate cookies and form elements makes it ... Tired of constantly searching the web for the latest exploits? ... Get CORE IMPACT and get some rest. ...
      (Pen-Test)
    • RE: Web Application Penetration Testing Tools
      ... Information Security Manager ... The ability to manipulate cookies and form ... Tired of constantly searching the web for the latest exploits? ... Get CORE IMPACT and get some rest. ...
      (Pen-Test)
    • Re: Web Application Penetration Testing Tools
      ... It's a DLL for IExplore that allows you to view and manipulate forms variables. ... Not sure about cookies, ... > Tired of constantly searching the web for the latest exploits? ... > Get CORE IMPACT and get some rest. ...
      (Pen-Test)