Penetration Testing mailing list archives
Re: Testing web based forms.
From: Ben Timby <asp () webexc com>
Date: Mon, 23 Aug 2004 15:30:44 -0500
I use a custom tool that works like Achilles. It allows me to modify the form/cookie/header values directly by running as an HTTP proxy. This in my opinion is the best method, as I can control all input to webserver, not just forms fields. Think about referred-by headers, cookies etc, alot of apps record those to db, as well as browser agent etc.
Good luck. [Arcangel] wrote:
Hi, Im looking the manner to test web based forms written in .asp and .php, in order to check for sql injections bugs. (maybe an aplication to automatizate the test, like a sql injection brute force). Do You know any? Thanks - Gracias. Arc. ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817 -------------------------------------------------------------------------------
Current thread:
- Testing web based forms. [Arcangel] (Aug 21)
- Re: Testing web based forms. A. Ramos (Aug 21)
- Re: Testing web based forms. Martin Eiszner (Aug 21)
- Re: Testing web based forms. Ben Timby (Aug 24)