Re: [PEN-TEST] Web application testing tools

[Bennett Todd <bet () RAHUL NET>]

2000-10-11-13:55:09 Yonatan Bokovza:
> [ re Web Application hacking, ELZA from
>   <URL:http://www.einet.bg/~philip/> ]

Thanks for the ptr, I'll check that out!

> Besides that, NetCat is your pal.

Between the two I'd include curl <URL:http://curl.haxx.se/>, which
can talk https as well as http, do form uploads and cookies and http
basic auth, and generally automate the heck out of interacting with
web-based apps when driven from a shell script. It doesn't have its
own scripting language, but if you're more comfortable scripting in
a shell language than in perl it's definitely worth a look; the
functionality it offers over netcat is an enormous help for
scripting web-app interactions. Of course it's more specialized than
netcat, its special magic doesn't help interacting with anything
except ftp, http, and https.

For folks who are facile in perl, besides ELZA it might be worth
mentioning libwww-perl, AKA LWP, available from CPAN
<URL:http://www.cpan.org/>, which provides both simple (and so less
flexible) and powerful (and so more complex) facilities for
performing web-client style interaction from perl. Where it really
can rule is if you combine the LWP stuff for network interaction,
with available HTML parsing modules (I like HTML-Tree, which uses
HTML-Parser).

-Bennett

Attachment: _bin
Description: