Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Owasp SiteGenerator v0.70 (public beta release)

from [Dinis Cruz] Network Security [Permanent Link]
Subject: Owasp SiteGenerator v0.70 (public beta release)
Date: Wed, 29 Mar 2006 02:34:51 +0100 
After much development and hard work here is the first stable (beta)
release of the new Owasp SiteGenerator tool (whose Open Source
development has been sponsored by Foundstone)

Owasp SiteGenerator allows the creating of dynamic websites based on XML
files and predefined vulnerabilities (some simple to detect/exploit,
some harder) covering multiple .Net languages and web development
architectures (for example, navigation: Html, Javascript, Flash, Java,
etc...).

SiteGenerator can be used on the following projects:

    - Evaluation of Web Application Security Scanners
    - Evaluation of Web Application Firewalls
    - Developer Training
    - Web Honeypots
    - Web Application hacking contests (or evaluations)

You can read an introduction to this tool here
(http://sourceforge.net/mailarchive/message.php?msg_id=14547158), and
download the latest version from here:

    * Website installer:
      
http://www.ddplus.net/projects/FoundStone/21-March-2006/SiteGenerator_IIS_Website_Setup
      v0.70.msi
    * Gui Installer:
      http://www.ddplus.net/projects/FoundStone/21-March-2006/Owasp
      SiteGenerator v0.70.msi

Some installation and configuration notes (which you only need to do once):

    * Before you install the website do this (assuming a windows 2003 image)
          o Create a new Application pool, call it
            SiteGeneratorSystemAppPool), and configure it to run under
            System
          o Create a new website and point it to a local directory (the
            website installation files will be copied here)
          o Configure the new website to run Asp.Net 2.0
          o Create a new Application in that website and set the
            application pool to SiteGeneratorSystemAppPool
          o Add a IIS wildcard Application Mapping (accessible via Home
            Directory -> Configuration) to 
            C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
            and untick the 'Verify that file exists'
          o Make sure Default.htm is one of the files included in the
            default document list (in the 'Documents' tab)
          o Configure the Website's IP Address to be 127.0.0.1, and
            click on the Advanced button to add a new host header mapping
                + IPAddress: 127.0.0.1
                + TCP Port: 80
                + Host Header Value: SiteGenerator
    * Install the WebSite (selecting as the target the website created
      in the previous step)
    * Install the GUI
    * Add this line to your hosts file (located in
      C:\window\system32\drivers\etc\hosts)
          o SiteGenerator        127.0.0.1
    * Click on the SiteGenerator link that was placed on your desktop

If all goes well you now can browse to http://SiteGenerator or
http://127.0.0.1 (depending if you did the mappings or not) and see the
default SiteGenerator's website. If you see a blank page, try
http://127.0.0.1/Default.htm (you might be getting a cached version of
http://127.0.0.1)

Note that the SQL Injection vulnerabilities expect that you have the
latest version of HacmeBank (v2.0) installed in your box.

I am in the process of creating several videos (covering the
installation and GUI) which I am sure will be very useful and practical.
Also if you are interested in helping in the development of
SiteGenerator or in its vulnerabilities database, then contact me directly.

Best regards

Dinis Cruz
Owasp .Net Project
www.owasp.net
   




-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Owasp SiteGenerator v0.70 (public beta release), Dinis Cruz <=
Previous by Date:  Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code, michaelslists
Next by Date:  Re: [WEB SECURITY] SSL does not = a secure website, Brian Eaton
Previous by Thread:  Writing to a local file without a warning, Frank Heyne
Next by Thread:  Request for licence to help in Owasp's SiteGenerator Development, Dinis Cruz
Indexes:  [Date] [Thread] [Top] [All Lists]