Penetration Testing mailing list archives
RE: brute force http post session with cookies
From: "Adi Sharabani" <asharabani () watchfire com>
Date: Wed, 15 Aug 2007 11:37:22 +0300
Hi Chris, You can also use the Authentication Tester which has a simple but strong GUI interface. It allows you to record a login request, and then gives you different abilities to enumerate both username and password. For example, you can configure it to enumerate all passwords that contains two words (found in a dictionary) separated by a number. The tool can be used for free and bundled with AppScan's Trail version: http://www.watchfire.com/products/appscan/powertools.aspx Good luck, /AdiSh Christian Perst wrote:
Hi, is there a tool like hydra, but which can be used for http post sessions? It should be a brute force tool, where cookie handling is implemented. Thanks for the hint, Chris
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- brute force http post session with cookies Christian Perst (Aug 14)
- Re: brute force http post session with cookies Jerome Athias (Aug 14)
- Re: brute force http post session with cookies Fyodor (Aug 14)
- Re: brute force http post session with cookies Serg B. (Aug 14)
- Re: brute force http post session with cookies Christian Martorella (Aug 14)
- RE: brute force http post session with cookies Adi Sharabani (Aug 15)