Re: brute force http post session with cookies

From: Serg B. (sergicles@gmail.com)
Date: Tue Aug 14 2007 - 10:56:58 EDT

• Next message: lists: "Re: Astalavista?"
• Previous message: Lars: "Re: Astalavista?"
• In reply to: Fyodor: "Re: brute force http post session with cookies"
• Next in thread: Christian Martorella: "Re: brute force http post session with cookies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As interesting as it sounds and possibly I am missing something but it
seems to me that you guys are reinventing the wheel.

Selenium RC + a test case involving a dictionary iterator of some sort
would achieve the same result in much shorter time frame (instead of
writing a tool from scratch).

A combination of wget and sed command parsing would do the same too.

And finally, OpenSTA, designed for HTTP load/stress testing but has an
embedded scripting language, so yeah...

Cheers,
   Serg

On 14/08/07, Fyodor <fygrave@gmail.com> wrote:
> On 8/14/07, Christian Perst <chris_perst@gmx.de> wrote:
> > Hi,
> >
> > is there a tool like hydra, but which can be used for http post
> > sessions? It should be a brute force tool, where cookie handling
> > is implemented.
>
> we are working here on the scriptable http bruteforcing tool where you
> can script out whatever you'd want to bruteforce. The release
> candidate code is available here:
> http://o0o.nu/httpbee/ - we are working towards the first release (the
> final tool implementation will include yawatt protocol support. we are
> testing it on the moment). feel free to throw your feedback or feature
> requests back.
>
> you can also take a look on webscarab, as another option
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
Serg
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: lists: "Re: Astalavista?"
• Previous message: Lars: "Re: Astalavista?"
• In reply to: Fyodor: "Re: brute force http post session with cookies"
• Next in thread: Christian Martorella: "Re: brute force http post session with cookies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:01 EDT