WebApp Sec mailing list archives
Re: Any special tool for testing a web chat application?
From: Steve Pinkham <steve.pinkham () gmail com>
Date: Fri, 06 Feb 2009 11:09:05 -0500
Burp proxy has a built in REGEX based search and replace we often use to do on the fly injections.
A search string like: XSS(.*?)XSS and and output string like: (stored "web bug" type xss to steal cookies here)$1 which will match XSSmyidentifierXSS, and then replace that with: (stored "web bug" type xss to steal cookies here)myidentifierA very simple way to do many injections semi-automatically when you control the input. Otherwise, you have to write more complicated regexs or parsers in a plugin facility like Rogan mentioned.
Steve -- | Steven E. Pinkham | | GPG public key ID CD31CAFB | -------------------------------------------------------------------------Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Any special tool for testing a web chat application? Barry Archer (Feb 05)
- Re: Any special tool for testing a web chat application? Rogan Dawes (Feb 05)
- Message not available
- Re: Any special tool for testing a web chat application? Irene Abezgauz (Feb 05)
- Re: Any special tool for testing a web chat application? Rogan Dawes (Feb 05)
- Re: Any special tool for testing a web chat application? Barry Archer (Feb 05)
- Re: Any special tool for testing a web chat application? Steve Pinkham (Feb 06)
- Message not available
- Re: Any special tool for testing a web chat application? Rogan Dawes (Feb 05)
- <Possible follow-ups>
- Re: Any special tool for testing a web chat application? K (Feb 05)