WebApp Sec mailing list archives

Re: Web Application Analysis Tools?

From: Martin Eiszner <martin () websec org>
Date: Thu, 12 Dec 2002 19:20:31 +0100



hi David,others,

On Thu, 12 Dec 2002 12:50:27 -0500
"David Simcik" <dave () simcik com> wrote:

there (especially free/inexpensive ones) that will help with this? I suspect
there aren't any "one size fits all" type solutions out there for this, but
I have to try.


"desperado" is a small and highly configurable script for testing 
webapps for security-vulnerabilities .. 

the script compares webserver-responses to a so called "good request" 
with responses to "bad" requests (taken from a config-file).

it is able to check for request-params,request-extra-path,request-headers
,request-method,request-content and request-querys

by defining loops in config-files it is also possible to test for buffer-overflows 

Script:
http://www.websec.at/tools/desperado_pl.html

Demo-configfile:
http://www.websec.at/tools/params-get.cfg


nice day,

mei


-- 
mei () websec org
http://www.websec.org
tel: 0043 699 121772 37

Current thread:

RE: Web Application Analysis Tools? Lars Troen (Dec 12)
- <Possible follow-ups>
- Web Application Analysis Tools? David Simcik (Dec 12)
  - Re: Web Application Analysis Tools? Kevin Spett (Dec 12)
    - Re: Web Application Analysis Tools? Jeff Williams @ Aspect (Dec 12)
    - Re: Web Application Analysis Tools? Kevin Spett (Dec 12)
  - Re: Web Application Analysis Tools? Martin Eiszner (Dec 12)