Penetration Testing mailing list archives
Tool for manual web application testing
From: P K <pak76_apps () yahoo com>
Date: Thu, 15 Dec 2005 23:18:15 -0800 (PST)
Hi, I have built a few tools for manual web application testing and if anyone is interested in trying them out, I have just released one of those tools. http://www.securityfocus.com/tools/3744 or http://myweb.tiscali.co.uk/pak76tools/ThorDemo/ThorDemo.zip This tool is for Windows and .NET Framework 2.0 (I have version also for 1.1, if anyone is interested). There are two things I want to point out: 1. If you want to change POST body, add headers or modify cookies (if you want to ovewrite cookie this one is not perfect - you need to put valid domain/path as the orignal cookie) - you can do it on the right-hand side and then just re-submit the request 2. You can easiely switch to lower level tool - Odin, which is built around HttpWebRequest/Response class. Just create new Odin tabpage - set values on the right hand side - including cookies and HTTP verb if you want to, and click Submit. I'm not testing HTTP implementation of the server, so this tool doesn't allow you to create improper HTTP requests - as I said it is for testing web applications only. I didn't have time to build a web site and/or a proper manual, but give me a shout if you have any comments/problems. Hope you will find it useful. Best regards, Pak76 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Tool for manual web application testing P K (Dec 17)