PortSwigger.net - web application hack tools

[Mads Rasmussen <mads () opencs com br>]

I haven't seen these tools mentioned on the list, all free for download

Please bear with me if these are wellknown, anyone have experience to share?

<http://portswigger.net/>

_Burp intruder_ is a tool to facilitate automated attacks against 
web-enabled applications. It uses a powerful engine to generate 
malicious HTTP requests using a template and a set of attack vectors. 
Burp intruder is highly configurable, and can be used to identify and 
exploit unusual vulnerabilities in bespoke application functionality.

_Burp spider_ is a tool for enumerating web-enabled applications. It 
uses various intelligent techniques to generate a comprehensive 
inventory of an application's content and functionality, avoiding the 
time-consuming and unreliable task of manually following links, 
submitting forms and scouring HTML source code.

_Burp proxy_ is an interactive HTTP/S proxy server for attacking and 
debugging web-enabled applications. It operates as a man-in-the-middle 
between the end browser and the target web server, and allows the user 
to intercept, inspect and modify the raw traffic passing in both directions.

_Sock_ is a simple tool for manually attacking web-enabled applications. 
It allows a single HTTP/S request to be manipulated and re-issued 
repeatedly from the same window. Each response can be viewed as plain 
text or rendered as a web page, and can be searched for keywords.



--
Mads Rasmussen, M.Sc.
Open Communications Security
www.opencs.com.br
+55 11 3345 2525