Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Tool for manual web application testing

from [P K] Network Security [Permanent Link]
Subject: Tool for manual web application testing
Date: Thu, 15 Dec 2005 23:18:15 -0800 (PST) 
Hi,

I have built a few tools for manual web application
testing and if anyone is interested in trying them
out, I have just released one of those tools.
http://www.securityfocus.com/tools/3744
or
http://myweb.tiscali.co.uk/pak76tools/ThorDemo/ThorDemo.zip

This tool is for Windows and .NET Framework 2.0 (I
have version also for 1.1, if anyone is interested).

There are two things I want to point out:
1. If you want to change POST body, add headers or
modify cookies (if you want to ovewrite cookie this
one is not perfect - you need to put valid domain/path
as the orignal cookie) - you can do it on the
right-hand side and then just re-submit the request
2. You can easiely switch to lower level tool - Odin,
which is built around HttpWebRequest/Response class.
Just create new Odin tabpage - set values on the right
hand side - including cookies and HTTP verb if you
want to, and click Submit. I'm not testing HTTP
implementation of the server, so this tool doesn't
allow you to create improper HTTP requests - as I said
it is for testing web applications only.

I didn't have time to build a web site and/or a proper
manual, but give me a shout if you have any
comments/problems.

Hope you will find it useful.

Best regards,

Pak76



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Tool for manual web application testing, P K <=
Previous by Date:  Re: enumerating nfs shares from a windows shell, mozilla
Next by Date:  RE: Cracking WEP and WPA keys, Rapaille Maxime
Previous by Thread:  SQL Injection - SQL query comments, suntzu123
Next by Thread:  RE: [NEWSENDER] - database scanning tools - Message is from an unknown sender, Neil Barlow
Indexes:  [Date] [Thread] [Top] [All Lists]