Penetration Testing mailing list archives
Re: Web Application Penetration Testing Tools
From: Smaxdot <smaxdot () rootshell be>
Date: Mon, 13 Oct 2003 19:41:52 +0200 (CEST)
Continuing in the same vein of plugins for IE, Konstantin Boukreev's Cookie Spy will allow you to view and manipulate cookies on the fly directly from the browser. A useful tool indeed! Get it here: http://www.codeproject.com/shell/cookiespy.asp -sMax.
---------- Forwarded message ---------- Date: 10 Oct 2003 20:29:13 -0000 From: balinsky () cisco com To: pen-test () securityfocus com Subject: Re: Web Application Penetration Testing Tools In-Reply-To: <20031008012450.29598.qmail () sf-www3-symnsj securityfocus com> Try Richard van den Berg's modifications to HtmlBar. It's a DLL for IExplore that allows you to view and manipulate forms variables (including hidden ones). Not sure about cookies, but it looks pretty cool. http://www.vdberg.org/~richard/htmlbar.html AndyThis simple application allows me to browse a web application and easily see links, form elements, cookies, a log of actual commands being sent back and forth and more. The ability to manipulate cookies and form elements makes it very useful. Unfortunately, it's support as a web browser is limited so I can't test all web applications (such as embeded scripts and frames). Does anyone know of some other good tools for auditing web applications with the ability to manipulate form data and cookies before being sent to the server? Preferably, I'm looking for something based on Windows that is browser based (as opposed to proxy based) but am still open to all platforms and methods.--------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- Re: Web Application Penetration Testing Tools, (continued)
- Re: Web Application Penetration Testing Tools Philipp Buehler (Oct 09)
- Re: Web Application Penetration Testing Tools Cesar (Oct 09)
- RE: Web Application Penetration Testing Tools Faiz Ahmad Shuja (Oct 12)
- RE: Web Application Penetration Testing Tools Elsner, Donald, ALABS (Oct 08)
- RE: Web Application Penetration Testing Tools Gary Everekyan (Oct 08)
- RE: Web Application Penetration Testing Tools GMHoward (Oct 08)
- RE: Web Application Penetration Testing Tools Perrymon, Josh L. (Oct 09)
- RE: Web Application Penetration Testing Tools Christophe, Pascal (Oct 09)
- Re: Web Application Penetration Testing Tools balinsky (Oct 10)
- RE: Web Application Penetration Testing Tools Dawes, Rogan (ZA - Johannesburg) (Oct 13)
- Re: Web Application Penetration Testing Tools Smaxdot (Oct 13)
- Re: Web Application Penetration Testing Tools Robert J. Brown (Oct 13)