Penetration Testing mailing list archives
Re: brute force http post session with cookies
From: Christian Martorella <laramies2k () yahoo com ar>
Date: Tue, 14 Aug 2007 16:34:57 +0200
Hi Christian, for anything related to bruteforcing web applications you can use Wfuzz, the new version supports multiple parameter bruterforcing, so you could use one dictionary for usernames and other for passwords, the tool will make all the combinations. It's very fast, and very easy to analyze the results.
You can check it here: http://www.edge-security.com/wfuzz.php Soon we are releasing Wzuffer, the GUI version with more features... Any idea or request is welcome, Regards, Christian Martorella http://laramies.blogspot.com Christian Perst wrote:
Hi, is there a tool like hydra, but which can be used for http post sessions? It should be a brute force tool, where cookie handling is implemented. Thanks for the hint, Chris
__________________________________________________ Preguntá. Respondé. Descubrí. Todo lo que querías saber, y lo que ni imaginabas, está en Yahoo! Respuestas (Beta). ¡Probalo ya! http://www.yahoo.com.ar/respuestas
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- brute force http post session with cookies Christian Perst (Aug 14)
- Re: brute force http post session with cookies Jerome Athias (Aug 14)
- Re: brute force http post session with cookies Fyodor (Aug 14)
- Re: brute force http post session with cookies Serg B. (Aug 14)
- Re: brute force http post session with cookies Christian Martorella (Aug 14)
- RE: brute force http post session with cookies Adi Sharabani (Aug 15)