Penetration Testing mailing list archives

RE: Web Application Penetration Testing Tools

From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Mon, 13 Oct 2003 09:38:13 +0200

Hi Folks,

As Bill mentioned, WebScarab (http://www.owasp.org/development/webscarab and
http://sourceforge.net/projects/owasp) is under heavy development, and will,
I hope, become the tool of choice for reviewing web applications, or even
debugging web application.

Currently it has a pretty full-featured intercepting proxy, a spider, and an
interface for manually crafting requests.

Please take a look at it, and give me feedback on how to make it better.

Rogan

-----Original Message-----
From: Brian E [mailto:brian_anon () hotmail com] 
Sent: 08 October 2003 03:25 AM
To: pen-test () securityfocus com
Subject: Web Application Penetration Testing Tools

When performing penetration testing of web applications I 
have used a minibrowser from www.aignes.com for a very long time. 

This simple application allows me to browse a web application 
and easily see links, form elements, cookies, a log of actual 
commands being sent back and forth and more. The ability to 
manipulate cookies and form elements makes it very useful. 

Unfortunately, it's support as a web browser is limited so I 
can't test all web applications (such as embeded scripts and frames). 

Does anyone know of some other good tools for auditing web 
applications with the ability to manipulate form data and 
cookies before being sent to the server? 

Preferably, I'm looking for something based on Windows that 
is browser based (as opposed to proxy based) but am still 
open to all platforms and methods.

--------------------------------------------------------------
-------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
--------------------------------------------------------------
--------------


Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") 
that must be accessed and read by clicking here or by copying and pasting the following address into your Internet 
browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this 
email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access 
the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za.

---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------

Current thread:

Re: Web Application Penetration Testing Tools, (continued)
- Re: Web Application Penetration Testing Tools pak (Oct 08)
- Re: Web Application Penetration Testing Tools Philipp Buehler (Oct 09)
- Re: Web Application Penetration Testing Tools Cesar (Oct 09)
- RE: Web Application Penetration Testing Tools Faiz Ahmad Shuja (Oct 12)
- RE: Web Application Penetration Testing Tools Elsner, Donald, ALABS (Oct 08)
- RE: Web Application Penetration Testing Tools Gary Everekyan (Oct 08)
- RE: Web Application Penetration Testing Tools GMHoward (Oct 08)
- RE: Web Application Penetration Testing Tools Perrymon, Josh L. (Oct 09)
- RE: Web Application Penetration Testing Tools Christophe, Pascal (Oct 09)
- Re: Web Application Penetration Testing Tools balinsky (Oct 10)
- RE: Web Application Penetration Testing Tools Dawes, Rogan (ZA - Johannesburg) (Oct 13)
- Re: Web Application Penetration Testing Tools Smaxdot (Oct 13)
  - Re: Web Application Penetration Testing Tools Robert J. Brown (Oct 13)