Re: Web Application Penetration Testing Tools
From: Smaxdot (smaxdot_at_rootshell.be)
Date: 10/13/03
- Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: Web Application Penetration Testing Tools"
- Maybe in reply to: Brian E: "Web Application Penetration Testing Tools"
- Next in thread: Robert J. Brown: "Re: Web Application Penetration Testing Tools"
- Reply: Robert J. Brown: "Re: Web Application Penetration Testing Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Oct 2003 19:41:52 +0200 (CEST) To: pen-test@securityfocus.com
Continuing in the same vein of plugins for IE, Konstantin Boukreev's
Cookie Spy will allow you to view and manipulate cookies on the fly
directly from the browser. A useful tool indeed!
Get it here: http://www.codeproject.com/shell/cookiespy.asp
-sMax.
>
>
> ---------- Forwarded message ----------
> Date: 10 Oct 2003 20:29:13 -0000
> From: balinsky@cisco.com
> To: pen-test@securityfocus.com
> Subject: Re: Web Application Penetration Testing Tools
>
> In-Reply-To: <20031008012450.29598.qmail@sf-www3-symnsj.securityfocus.com>
>
> Try Richard van den Berg's modifications to HtmlBar. It's a DLL for IExplore that allows you to view and manipulate forms variables (including hidden ones). Not sure about cookies, but it looks pretty cool.
> http://www.vdberg.org/~richard/htmlbar.html
>
>
> Andy
>
> >This simple application allows me to browse a web application and easily see links, form elements, cookies, a log of actual commands being sent back and forth and more. The ability to manipulate cookies and form elements makes it very useful.
> >
> >Unfortunately, it's support as a web browser is limited so I can't test all web applications (such as embeded scripts and frames).
> >
> >Does anyone know of some other good tools for auditing web applications with the ability to manipulate form data and cookies before being sent to the server?
> >
> >Preferably, I'm looking for something based on Windows that is browser based (as opposed to proxy based) but am still open to all platforms and methods.
>
> ---------------------------------------------------------------------------
> Tired of constantly searching the web for the latest exploits?
> Tired of using 300 different tools to do one job?
> Get CORE IMPACT and get some rest.
> www.coresecurity.com/promos/sf_ept2
> ----------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------
- Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: Web Application Penetration Testing Tools"
- Maybe in reply to: Brian E: "Web Application Penetration Testing Tools"
- Next in thread: Robert J. Brown: "Re: Web Application Penetration Testing Tools"
- Reply: Robert J. Brown: "Re: Web Application Penetration Testing Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
