Penetration Testing mailing list archives

RE: Web Application Penetration Testing Tools

From: "Gary Everekyan" <geverekyan () univision net>
Date: Wed, 8 Oct 2003 12:28:17 -0400

Have you looked at spidynamics?
http://www.spidynamics.com/

You may find it useful.

Regards,
 
Gary Everekyan 
CISSP, CISM, MCSE, MCT
Information Security Manager 
Security and Audit
 


-----Original Message-----
From: Brian E [mailto:brian_anon () hotmail com] 
Sent: Tuesday, October 07, 2003 9:25 PM
To: pen-test () securityfocus com
Subject: Web Application Penetration Testing Tools




When performing penetration testing of web applications I have used a
minibrowser from www.aignes.com for a very long time. 

This simple application allows me to browse a web application and easily
see links, form elements, cookies, a log of actual commands being sent
back and forth and more. The ability to manipulate cookies and form
elements makes it very useful. 

Unfortunately, it's support as a web browser is limited so I can't test
all web applications (such as embeded scripts and frames). 

Does anyone know of some other good tools for auditing web applications
with the ability to manipulate form data and cookies before being sent
to the server? 

Preferably, I'm looking for something based on Windows that is browser
based (as opposed to proxy based) but am still open to all platforms and
methods.

------------------------------------------------------------------------
---
Tired of constantly searching the web for the latest exploits? Tired of
using 300 different tools to do one job? Get CORE IMPACT and get some
rest. www.coresecurity.com/promos/sf_ept2
------------------------------------------------------------------------
----


The information contained in this e-mail and any attached documents
may be privileged, confidential and protected from disclosure.  If you
are not the intended recipient you may not read, copy, distribute or
use this information.  If you have received this communication in
error, please notify the sender immediately by replying to this
message and then delete it from your system.



---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------

Current thread:

Web Application Penetration Testing Tools Brian E (Oct 08)
- Re: Web Application Penetration Testing Tools Bill Pennington (Oct 08)
  - Re: Web Application Penetration Testing Tools Martin Eiszner (Oct 08)
  - Re: Web Application Penetration Testing Tools Daniel Nylander (Oct 08)
- Re: Web Application Penetration Testing Tools Alexandre Hautequest (Oct 08)
- Re: Web Application Penetration Testing Tools pak (Oct 08)
- Re: Web Application Penetration Testing Tools Philipp Buehler (Oct 09)
- Re: Web Application Penetration Testing Tools Cesar (Oct 09)
- RE: Web Application Penetration Testing Tools Faiz Ahmad Shuja (Oct 12)
- <Possible follow-ups>
- RE: Web Application Penetration Testing Tools Elsner, Donald, ALABS (Oct 08)
- RE: Web Application Penetration Testing Tools Gary Everekyan (Oct 08)
- RE: Web Application Penetration Testing Tools GMHoward (Oct 08)
- RE: Web Application Penetration Testing Tools Perrymon, Josh L. (Oct 09)
- RE: Web Application Penetration Testing Tools Christophe, Pascal (Oct 09)
- Re: Web Application Penetration Testing Tools balinsky (Oct 10)
- RE: Web Application Penetration Testing Tools Dawes, Rogan (ZA - Johannesburg) (Oct 13)
- Re: Web Application Penetration Testing Tools Smaxdot (Oct 13)
  - Re: Web Application Penetration Testing Tools Robert J. Brown (Oct 13)