Penetration Testing mailing list archives

Re: brute force http post session with cookies

From: Fyodor <fygrave () gmail com>
Date: Tue, 14 Aug 2007 19:32:30 +0800

On 8/14/07, Christian Perst <chris_perst () gmx de> wrote:

Hi,

is there a tool like hydra, but which can be used for http post
sessions? It should be a brute force tool, where cookie handling
is implemented.


we are working here on the scriptable http bruteforcing tool where you
can script out whatever you'd want to bruteforce. The release
candidate code is available here:
http://o0o.nu/httpbee/ - we are working towards the first release (the
final tool implementation will include yawatt protocol support. we are
testing it on the moment). feel free to throw your feedback or feature
requests back.

you can also take a look on webscarab, as another option

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

brute force http post session with cookies Christian Perst (Aug 14)
- Re: brute force http post session with cookies Jerome Athias (Aug 14)
- Re: brute force http post session with cookies Fyodor (Aug 14)
  - Re: brute force http post session with cookies Serg B. (Aug 14)
- Re: brute force http post session with cookies Christian Martorella (Aug 14)
- RE: brute force http post session with cookies Adi Sharabani (Aug 15)