Tool for manual web application testing

From: P K (pak76_apps@yahoo.com)
Date: Fri Dec 16 2005 - 02:18:15 EST

• Next message: Rapaille Maxime: "RE: Cracking WEP and WPA keys"
• Previous message: mozilla@ids-guide.de: "Re: enumerating nfs shares from a windows shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I have built a few tools for manual web application
testing and if anyone is interested in trying them
out, I have just released one of those tools.
http://www.securityfocus.com/tools/3744
or
http://myweb.tiscali.co.uk/pak76tools/ThorDemo/ThorDemo.zip

This tool is for Windows and .NET Framework 2.0 (I
have version also for 1.1, if anyone is interested).

There are two things I want to point out:
1. If you want to change POST body, add headers or
modify cookies (if you want to ovewrite cookie this
one is not perfect - you need to put valid domain/path
as the orignal cookie) - you can do it on the
right-hand side and then just re-submit the request
2. You can easiely switch to lower level tool - Odin,
which is built around HttpWebRequest/Response class.
Just create new Odin tabpage - set values on the right
hand side - including cookies and HTTP verb if you
want to, and click Submit. I'm not testing HTTP
implementation of the server, so this tool doesn't
allow you to create improper HTTP requests - as I said
it is for testing web applications only.

I didn't have time to build a web site and/or a proper
manual, but give me a shout if you have any
comments/problems.

Hope you will find it useful.

Best regards,

Pak76

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Rapaille Maxime: "RE: Cracking WEP and WPA keys"
• Previous message: mozilla@ids-guide.de: "Re: enumerating nfs shares from a windows shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:16 EDT