Re: IE plugins/tools for pen-testers

[¨˜”°º•C0D3w@lk3r•º°”˜¨ <c0d3walk3r () gmail com>]

Tamper IE: http://www.bayden.com/TamperIE/ ......... (similar to
Tamper Data on Firefox)
Internet Explorer Developer Toolbar ....... (Similar to Web developer
toolbar for Firefox)
HTTP Watch: http://www.httpwatch.com/
Watir: http://wtr.rubyforge.org/  ........ (Browser automation)
IECookiesView: http://www.nirsoft.net/        ......... I think this
will solve the cookie manipulation.


An as always BurpSuite is the best !!

--
¨˜”°º•C0D3w@lk3r•º°”˜¨



On Sat, Aug 8, 2009 at 1:28 AM, Nikhil Wagholikar<visitnikhil () gmail com> wrote:
> Hi Lister,
>
> You can give try to:
>
> 1. Fiddler2 - Fiddler is a Web Debugging Proxy which logs all HTTP(S)
> traffic between your computer and the Internet. Fiddler allows you to
> inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with
> incoming or outgoing data. Fiddler includes a powerful event-based
> scripting subsystem, and can be extended using any .NET language.
> Also, to add more features and power to Fiddler2, make use of Addons.
>
> More Info: http://www.fiddler2.com/fiddler2/
> Addons for Fiddler2 - http://www.fiddler2.com/Fiddler2/extensions.asp
> Documentation for Fiddler2 - http://www.fiddler2.com/Fiddler/help/
>
> 2. GreaseMonkey for IE - Greasemonkey for IE is an Internet Explorer
> extension which lets you to add bits of DHTML ("user scripts") to any
> web page to change its behavior. In much the same way that user CSS
> lets you take control of a web page's style, user scripts let you
> easily control any aspect of a web page's design or interaction.
>
> More Info: http://www.gm4ie.com/
>
> Besides these, Webscarab or Burpsuite are always at your service
> irrespective of any browser.
>
> Best of Luck!!
>
> ---
> Nikhil Wagholikar
> Practice Lead | Security Assessment & Digital Forensics
> Network Intelligence (I) Pvt. Ltd. [NII Consulting]
> Web: http://www.niiconsulting.com/
> Information Security Training - http://iisecurity.in/
> Comprehensive Information Security Trainings
> http://iisecurity.in/courses/Training%20Calendar.html
>
> 2009/8/7 <lister () lihim org>
> > I work mostly in firefox with various plugins for pen-testing.
> >
> > Does anyone have a list of common IE tools/plugins for pen-testing.
> >
> > I'm mostly interested in session cookie creation/modification for IE.
> > I want to take session cookies captured through XSS redirection and
> > re-create those session cookies in IE to see if I can access the site.
> >
> > Sincerely,
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> > and CEPT certs require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------