Penetration Testing mailing list archives
RE: Proof of Concept Tool on Web Application Security
From: "Einecker, Leah" <Leah_Einecker () Intuit com>
Date: Thu, 10 Apr 2003 14:56:43 -0700
David Endler and Michael Sutton did a presentation on bruteforcing session IDs at DEFCON last year. Links to the presentation, the "iDefense Session Auditor tool", and a video of the talk are all available at: http://www.defcon.org/html/links/defcon-media-archives.html Cheers, -L
-----Original Message----- From: Indian Tiger [mailto:indiantiger () mailandnews com] Sent: Tuesday, April 15, 2003 11:06 AM To: pen test Subject: Proof of Concept Tool on Web Application Security Hi all, I have tried a lot to find any Proof of Concept Tool on Web Application Security but still I am not able to find a single one. Let me give some specific details. Session ID Generally session ID is big enough and act as authentication token. Most of the time it only changes last few digits, lets say only three digits from the end. Even its doing this only its very tuff to guess these last three digits. I have made a testing site and tried but was not able to do that. I knew session ID is not the only authentication parameter. It can contain cookie, session tokens etc as well. I have tried Achilles, Web Sleuth, Web Inspect, Spike Proxy etc. I think at least they don't do such brute force. Is there any tool which does brute force on this and give session ID. Cookie Manipulation Several Articles talk about Cookie Manipulation. How to get cookies of others even in a LAN seems very tuff or not possible as per my study on Web. If a Attacker is able to redirect other person's traffic to any Proxy like Achilles, Web Sleuth than he can perform attacks. Now nobody is allowing to change his proxy setting and sending his output through Attacker (Proxy). Is there any tool which can give access/manipulate the cookie remotely? This manipulation can also be achieved if an Attacker can put his Proxy (Web Sleuth) on intermediate Router/Proxy. One Example is I am accessing Hotmail and on my ISP Router/Proxy, An attacker installs tool like Web Sleuth. But again question comes Router works on OSI layer 3 so attacker can't put tool like Web Sleuth. If intermediate hop is Proxy which is on Application level, there should be some tool which can be placed here. XSS Cross Site Scripting has to use Client site scripting only. What could be the maximum impact of this? Can Attacker format a machine or steal data by this? If yes how? Please also tell any other Proof of Concept Tool on Web Application Security. I read OWASP guides, WebGoat and some more to understand three things deeply and develop Proof of Concept Tool but no successes accept Hidden field manipulation. Please recommend some good guides on this. Any help on this would be highly appreciated. Thanking You. Sincerely, Indian Tiger, CISSP -------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. --------------------------------------------------------------
-------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. --------------------------------------------------------------
Current thread:
- Proof of Concept Tool on Web Application Security Indian Tiger (Apr 10)
- Re: Proof of Concept Tool on Web Application Security Jörg Schütter (Apr 27)
- <Possible follow-ups>
- RE: Proof of Concept Tool on Web Application Security Einecker, Leah (Apr 11)
- RE: Proof of Concept Tool on Web Application Security Dawes, Rogan (ZA - Johannesburg) (Apr 11)
- RE: Proof of Concept Tool on Web Application Security Indian Tiger (Apr 14)
- RE: Proof of Concept Tool on Web Application Security Nicolas Gregoire (Apr 14)
- RE: Proof of Concept Tool on Web Application Security Robert Auger (Apr 14)
- Re: Proof of Concept Tool on Web Application Security Jon Pastore (Apr 16)
- RE: Proof of Concept Tool on Web Application Security Dawes, Rogan (ZA - Johannesburg) (Apr 14)
- RE: Proof of Concept Tool on Web Application Security Dawes, Rogan (ZA - Johannesburg) (Apr 16)
- RE: Proof of Concept Tool on Web Application Security Indian Tiger (Apr 24)
- For Indian Tiger - Pen test lab Sam (Apr 27)