Penetration Testing mailing list archives
Re: brute force http post session with cookies
From: "Serg B." <sergicles () gmail com>
Date: Wed, 15 Aug 2007 00:56:58 +1000
As interesting as it sounds and possibly I am missing something but it seems to me that you guys are reinventing the wheel. Selenium RC + a test case involving a dictionary iterator of some sort would achieve the same result in much shorter time frame (instead of writing a tool from scratch). A combination of wget and sed command parsing would do the same too. And finally, OpenSTA, designed for HTTP load/stress testing but has an embedded scripting language, so yeah... Cheers, Serg On 14/08/07, Fyodor <fygrave () gmail com> wrote:
On 8/14/07, Christian Perst <chris_perst () gmx de> wrote:Hi, is there a tool like hydra, but which can be used for http post sessions? It should be a brute force tool, where cookie handling is implemented.we are working here on the scriptable http bruteforcing tool where you can script out whatever you'd want to bruteforce. The release candidate code is available here: http://o0o.nu/httpbee/ - we are working towards the first release (the final tool implementation will include yawatt protocol support. we are testing it on the moment). feel free to throw your feedback or feature requests back. you can also take a look on webscarab, as another option ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Serg ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- brute force http post session with cookies Christian Perst (Aug 14)
- Re: brute force http post session with cookies Jerome Athias (Aug 14)
- Re: brute force http post session with cookies Fyodor (Aug 14)
- Re: brute force http post session with cookies Serg B. (Aug 14)
- Re: brute force http post session with cookies Christian Martorella (Aug 14)
- RE: brute force http post session with cookies Adi Sharabani (Aug 15)