Penetration Testing mailing list archives

Re: Testing web based forms.

From: Ben Timby <asp () webexc com>
Date: Mon, 23 Aug 2004 15:30:44 -0500

I use a custom tool that works like Achilles. It allows me to modify theform/cookie/header values directly by running as an HTTP proxy. This inmy opinion is the best method, as I can control all input to webserver,not just forms fields. Think about referred-by headers, cookies etc,alot of apps record those to db, as well as browser agent etc.


Good luck.

[Arcangel] wrote:

Hi,

    Im looking the manner to test web based forms written in .asp and .php,
in order to check for sql injections bugs. (maybe an aplication to
automatizate the test, like a sql injection brute force). Do You know any?

Thanks - Gracias.

Arc.


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------

Current thread:

Testing web based forms. [Arcangel] (Aug 21)
- Re: Testing web based forms. A. Ramos (Aug 21)
- Re: Testing web based forms. Martin Eiszner (Aug 21)
- Re: Testing web based forms. Ben Timby (Aug 24)