|
Dailydave
mailing list archives
Re: Thought of the day: graphing web applications
From: list () roseslabs com
Date: Tue, 11 Jul 2006 19:36:19 +0200 (CEST)
Hi Dave,
Foundstone has something along this lines (SiteScope), check it out...
And the tool I'm working on, Pantera Web Assessment Studio (WAS) will
incorporate this feature among other things :)
Simon Roses Femerling
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So I use CANVAS as an attack platform for Web Application Assessments
quite often. There are probably better specialized tools, but I like
having everything in Python because each assessment is different and
it's easy to add to CANVAS for me.
In today's case, I'm looking at another large JSP application. Typical
three tier stuff.
What I want to do is browse the whole site, and then have another script
go through my SPIKE Proxy saved request-and-response files and graph
them. Pages with lots of forms on them or interesting text or variables
could get graphed larger, and links can be drawn between forms that
share the same data or lead to each other. And it'd be nice to cull and
color the graph and say "I checked this variable - it's safe" or even
tie it into the fuzzing mechanism. "Fuzz from this page to that page"
Essentially I want WebAppNavi. Does anyone have anything similar ?
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
iD8DBQFEs69ytehAhL0gheoRAsZNAJ4/fU8bDlPCGr3FUvWBFDr2TzunEgCbBIIV
cMJkjbT/cOmdW9QD0Q3jJ1E=
=D7o0
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
Intro
