Penetration Testing mailing list archives
Re: [PEN-TEST] Web application testing tools
From: Bennett Todd <bet () RAHUL NET>
Date: Wed, 11 Oct 2000 16:39:59 -0400
2000-10-11-13:55:09 Yonatan Bokovza:
[ re Web Application hacking, ELZA from <URL:http://www.einet.bg/~philip/> ]
Thanks for the ptr, I'll check that out!
Besides that, NetCat is your pal.
Between the two I'd include curl <URL:http://curl.haxx.se/>, which can talk https as well as http, do form uploads and cookies and http basic auth, and generally automate the heck out of interacting with web-based apps when driven from a shell script. It doesn't have its own scripting language, but if you're more comfortable scripting in a shell language than in perl it's definitely worth a look; the functionality it offers over netcat is an enormous help for scripting web-app interactions. Of course it's more specialized than netcat, its special magic doesn't help interacting with anything except ftp, http, and https. For folks who are facile in perl, besides ELZA it might be worth mentioning libwww-perl, AKA LWP, available from CPAN <URL:http://www.cpan.org/>, which provides both simple (and so less flexible) and powerful (and so more complex) facilities for performing web-client style interaction from perl. Where it really can rule is if you combine the LWP stuff for network interaction, with available HTML parsing modules (I like HTML-Tree, which uses HTML-Parser). -Bennett
Attachment:
_bin
Description:
Current thread:
- Re: [PEN-TEST] Web application testing tools, (continued)
- Re: [PEN-TEST] Web application testing tools Jan Muenther (Oct 11)
- Re: [PEN-TEST] Web application testing tools Chris Foster (Oct 11)
- Re: [PEN-TEST] Web application testing tools Jan Muenther (Oct 11)
- Re: [PEN-TEST] Web application testing tools Loschiavo, Dave (Oct 10)
- Re: [PEN-TEST] Web application testing tools Jensenne Roculan (Oct 10)
- Re: [PEN-TEST] Web application testing tools Butters, Kevin (Oct 10)
- Re: [PEN-TEST] Web application testing tools Quinn Kroll (Oct 10)
- Re: [PEN-TEST] Web application testing tools John Yang (Oct 10)
- Re: [PEN-TEST] Web application testing tools Tim J Smith (Oct 11)
- Re: [PEN-TEST] Web application testing tools Curphey, Mark (ISS Atlanta) (Oct 11)
- Re: [PEN-TEST] Web application testing tools Yonatan Bokovza (Oct 11)
- Re: [PEN-TEST] Web application testing tools Bennett Todd (Oct 11)
- [PEN-TEST] Web Application Testing Tools DigiZen Security Group (Oct 13)
- Re: [PEN-TEST] Web Application Testing Tools Eric Lauzon (Oct 13)
- Re: [PEN-TEST] Web Application Testing Tools DigiZen Security Group (Oct 16)
- [PEN-TEST] Forensic analisys and related training Erick Arturo Perez Huemer (Oct 16)
- Re: [PEN-TEST] Forensic analisys and related training anindya (Oct 16)
- Re: [PEN-TEST] Forensic analisys and related training Jensenne Roculan (Oct 16)
- Re: [PEN-TEST] Web Application Testing Tools DigiZen Security Group (Oct 16)
- Re: [PEN-TEST] Web application testing tools sixth sense (Oct 19)