WebApp Sec mailing list archives
Mangle available for download
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Sun, 22 Dec 2002 18:34:08 +0200
Hi folks, I've mentioned a few times that I have been developing a program to (re)view web application traffic. You can get it at http://mysite.mweb.co.za/residents/rdawes/homepage.html. Features: Mangle proxy - Acts as an HTTP/HTTPS proxy (fakes a connection to the remote SSL server) - Records a summary of every request that goes through the proxy to a log file. - Records the detail of every request and response to individual files. - uses perl LWP objects internally, and can dynamically execute a modification function on every (or selected) requests and responses. - logs any modified requests and responses Analysis module: - Monitors the proxy log, and reviews each response for: - HTML comments - HTML Forms - Scripts and Script fragments - Potential Cross site scripting opportunities (very weak!) - Extracts any links in the page, and maintains a list of "unseen" links, which can be dumped at any time. - Will be extended to automatically generate VulnXML tests for applicable URL's, such as: - submitting various SCRIPT fragments into variables - submitting different types of SQL injection strings into variables - whatever else comes up. Review GUI: - written in Perl Gtk (i.e. not browser based. I found that browser based UI's were not powerful enough, and non-intuitive) - continuously tails the proxy log, and the analysis module's logfile - allows for commenting the transaction flow, (i.e. submit login here to bypass sesion management) - offers raw HTTP and tabulated request view of submissions - offers raw HTML and interpreted HTML view (currently broken) view of responses - offers a tree view of the sites seen (and linked to), highlighting URL's that have not been visited. - shows what requests have been sent to a URL - will include functionality from params.pl below to view submissions in different ways Charset analysis program. - Useful for initial analysis of cookies, to determine how random their generation is. - Calculates the character set used at each position in the cookie string, and uses that to convert the cookie into an integer. Returns the overall character set, positional character set, calculated cookie value, and the "difference" between the cookie, and the next one following. - Can be useful to load into a graphing program, and look for deviations from the expected "straight line" Params.pl - returns a list of URL's, and all the parameters (variable names) submitted to the URL. Can be useful to determine how the application functions. (will be extended to filter by URL, variable name, etc. When filtering by variable name, will show all the values for that variable) This is licensed under the GPL, so it may be freely used, modified, etc. I would appreciate any feedback from people who have used it, and found it useful, or even lacking in any way. As mentioned, the HTML support in the GUI is broken (segfaults in XmHTML - beats me why), but everything else is pretty functional. It is Perl, and requires a fair number of modules from CPAN, but I recommend that you install the Perl-Gtk RPM's or other packages, if at all possible. Note that this is not required for the proxy itself, only the GUI. Unfortunately, the Perl OpenSSL/Crypt::SSLeay support on Win32 is broken (was last time I tried, anyway), so for the moment, it is Unix only. Enjoy, and obviously, use wisely/legally. Rogan -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe () alum mit edu> -- Deloitte & Touche Security Services Group Tel: +27(11)806-6216 Fax: +27(11)806-5202 Cell: +27(82)784-9498 -- NOTE: This e-mail message and its attachments are subject to the disclaimers as published at: http://www.deloitte.co.za/disc.htm#emaildisc
Current thread:
- Mangle available for download Dawes, Rogan (ZA - Johannesburg) (Dec 22)