WebApp Sec mailing list archives

RE: Web Browser For Penetration Test

From: "Hamed Tajabadi" <htaj () avairan net>
Date: Sun, 9 Apr 2006 16:00:32 -0800


Hi

I suggest WebScarab from owasp.org as the best tool for your client side web
proxy needs. Give it a try and enjoy its rich and easy to use features! Its
free and very valuable amongst other web proxy tools.

There are other good choices if you can pay the costs from WebInspect to
Acunetix Web Scanner and Paessler SiteInspector. 

If you want to use a very simple and light web proxy, my interesting choice
is Hopster. Its not a browser thought, but integrates with your favorite
browser in a simple click and does exactly what you want to intercept
requests and responses; On the other hand, you can use your favorite
browser's plug-in set (for IE: IEWatch, IE DOM Inspector, etc) to analyze
source code of pages.

Hope this helps...


Hamed 




-----Original Message-----
From: nimdA [mailto:nimda1 () gmail com] 
Sent: Saturday, April 08, 2006 2:47 AM
To: webappsec () securityfocus com
Subject: Web Browser For Penetration Test

Dear All

I'm looking for web browser that help me in penetration testing of web
applications, there are a lot of scanning tools, but I'm looking for a
basic web browser which allow me to control all the data that send to
or receive from the web server.

There are some grate tools like minibrowser, but with complex
application it did not work fine unless you use "Internet Explorer" as
a browser, and you will lose the benefits of this browser.

Unfortunately, I can't find other browser that does the same thing.
What I'm looking for is a simple application, before send or receiving
any value from the web server asks the user to confirm that data that
will send or will receive, not more then that.

So, If any one know some software or IE plug-in or client proxy that
will help me on this, please send it.

Thanks.

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------

Current thread:

Web Browser For Penetration Test nimdA (Apr 09)
- Re: Web Browser For Penetration Test pagvac (Apr 09)
- Re: Web Browser For Penetration Test Sven Vetsch (Apr 09)
- RE: Web Browser For Penetration Test Hamed Tajabadi (Apr 09)
- RE: Web Browser For Penetration Test Hamed Tajabadi (Apr 09)
- Re: Web Browser For Penetration Test Justin Clarke (Apr 10)
- RE: Web Browser For Penetration Test Richard M. Smith (Apr 10)
- Re: Web Browser For Penetration Test Tim Brown (Apr 10)
- Re: Web Browser For Penetration Test Gareth Davies (Apr 12)
- <Possible follow-ups>
- Re: Web Browser For Penetration Test ROB DIXON (Apr 10)
- RE: Web Browser For Penetration Test Anthony Cicalla (Apr 10)
- RE: Web Browser For Penetration Test Evans, Arian (Apr 10)