Dailydave mailing list archives
Thought of the day: graphing web applications
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 11 Jul 2006 10:02:27 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So I use CANVAS as an attack platform for Web Application Assessments quite often. There are probably better specialized tools, but I like having everything in Python because each assessment is different and it's easy to add to CANVAS for me. In today's case, I'm looking at another large JSP application. Typical three tier stuff. What I want to do is browse the whole site, and then have another script go through my SPIKE Proxy saved request-and-response files and graph them. Pages with lots of forms on them or interesting text or variables could get graphed larger, and links can be drawn between forms that share the same data or lead to each other. And it'd be nice to cull and color the graph and say "I checked this variable - it's safe" or even tie it into the fuzzing mechanism. "Fuzz from this page to that page" Essentially I want WebAppNavi. Does anyone have anything similar ? - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEs69ytehAhL0gheoRAsZNAJ4/fU8bDlPCGr3FUvWBFDr2TzunEgCbBIIV cMJkjbT/cOmdW9QD0Q3jJ1E= =D7o0 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Thought of the day: graphing web applications Dave Aitel (Jul 11)
- Re: Thought of the day: graphing web applications Jan Münther (Jul 11)
- Re: Thought of the day: graphing web applications Pedram Amini (Jul 11)
- Re: Thought of the day: graphing web applications list (Jul 11)