Webstretch - open source web penetration toolkit

From: Simon Shanks (javawebexam_at_hotmail.com)
Date: 07/15/04

  • Next message: Strcpy: "need help on pen-test .( exploiting IMail 7.0.7 flaw )" 
    Date: 15 Jul 2004 15:10:41 -0000
To: pen-test@securityfocus.com
    ('binary' encoding is not supported, stored as-is)

    Enables a user to view & alter all aspects of http comunication with a
    web site via a proxy. Primarily used for security based penetration
    testing of web sites, it can also be used for debugging during
    development. Basically, its main feature is that it allows you to
    access the web, and shows you the information its about to pass to the
    web server, so that you can view & alter any info (all while still in
    your browser).

    Available from

    http://sourceforge.net/projects/webstretch

    (written in Java)

    New features appearing all the time. e.g.

    * request alteration
    * request viewing
    * html comment detection
    * browser impersonation
    * hidden area detection
    * proxy chaining

    Please add any problems, feature requests, comments, etc to the page
    linked above.

  • Next message: Strcpy: "need help on pen-test .( exploiting IMail 7.0.7 flaw )"

    Relevant Pages

    • [tool] webstretch 0.1.6 http inspection proxy
      ... web site via a personal web proxy. ... access the web, and shows you the information the proxy is about to pass to the web server, so that you can view & alter any info before finally accessing the page ... * request alteration ... Please add any problems, feature requests, comments, etc to the page ...
      (Bugtraq)
    • Re: Slow web sites
      ... when you create the destination set and the ... >'use a proxy server'. ... If you accesses the specific web site by using the IP address, ...
      (microsoft.public.backoffice.smallbiz2000)
    • RE: Possible ZoneAlarm 3 Problem???
      ... proxy problem on the server. ... http 1.0 connection when it is active. ... > been to for a while had some weird characters around the web site. ... > I disabled the Privacy system in ZA and notice that the web site worked ...
      (Security-Basics)
    • Re: ISA and TS Authentication Problems
      ... or phone number listed on the Web site home page. ... Access to the Web Proxy service ... > what credentials your clients are presenting to ISA ... >>details it keeps prompting for username and password. ...
      (microsoft.public.isa)
    • Re: help with proxy please
      ... So can the proxy provider. ... A web site could automatically exploit security holes in the proxy. ... Knowing your IP address does not make you ... number of vulnerabilities to check for. ...
      (comp.security.firewalls)