Re: Testing web based forms.

From: Ben Timby (asp@webexc.com)
Date: Mon Aug 23 2004 - 16:30:44 EDT

• Next message: ÃÖÈ¿½Ä: "RE: interesting wireless card and linux issue"
• Previous message: Bénoni MARTIN: "RE: worksations automatic updates"
• In reply to: [Arcangel]: "Testing web based forms."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I use a custom tool that works like Achilles. It allows me to modify the
form/cookie/header values directly by running as an HTTP proxy. This in
my opinion is the best method, as I can control all input to webserver,
not just forms fields. Think about referred-by headers, cookies etc,
alot of apps record those to db, as well as browser agent etc.

Good luck.

[Arcangel] wrote:

> Hi,
>
> Im looking the manner to test web based forms written in .asp and .php,
> in order to check for sql injections bugs. (maybe an aplication to
> automatizate the test, like a sql injection brute force). Do You know any?
>
> Thanks - Gracias.
>
> Arc.
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
> -------------------------------------------------------------------------------
>

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------

• Next message: ÃÖÈ¿½Ä: "RE: interesting wireless card and linux issue"
• Previous message: Bénoni MARTIN: "RE: worksations automatic updates"
• In reply to: [Arcangel]: "Testing web based forms."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:00 EDT