Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: ProxyStrike v2.0 released
From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Wed, 18 Mar 2009 21:04:16 -0400

The reason why I was asking was to determine if it had any features or functions that I was missing in my arsenal. If it did, then I'd probably download it and use it. And yes, you are right burpsuite pro is not free, but others are. Either way, good work on the tool.


On Mar 18, 2009, at 7:30 PM, Christian Martorella wrote:

As i said before some features weren't there when we started coding ProxyStrike.. this is the version 2.1 now.

I didn't know the Pro version of Burpsuite, but Burpsuite Pro is commercial and ProxyStrike is free.

ProxyStrike analyze vulnerabilities (some of them) and Burpsuite only in the pro version.

Just consider another option for analyzing web applications, it's not intended to replace Burpsuite

The SQL and XSS detection engines are one of the best in my opinion, SQL engine is based on darkraver SQLiBF http://www.open-labs.org/ so the tool was developed around this engines for making easily the analysis.

It's just another option in your toolbox :)

Christian



On Mar 18, 2009, at 10:19 PM, Adriel T. Desautels wrote:

What does it do that burpsuite pro can't do? Or burpsuite for that matter? Perhaps I am missing something obvious here?

On Mar 18, 2009, at 5:15 PM, Christian Martorella wrote:

Hi Adriel, the objective of the tool is similar to Burpsuite, but ProxyStrike have some features that we needed in the moment we started coding that Burpsuite didn't had.

ProxyStrike is open source, it's plugin enabled, and is a tool we build based in our needs.

Burpsuite is a great piece of software :)

Any recommendation, or feedback is welcome

Cheers!

Christian Martorella


On Mar 18, 2009, at 3:05 AM, Adriel T. Desautels wrote:

So you basically wrote burpsuite pro?


On Mar 17, 2009, at 6:42 PM, Christian Martorella wrote:

Im please to announce a new version of ProxyStrike, an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that heavily depends on Javascript, not many web scanners did it good at this stage, so we came with this proxy.

Right now it has available Sql injection, XSS and Server side includes.

Features:

        • Plugin engine (Create your own plugins!)
        • Request interceptor
        • Request diffing
        • Request repeater
        • Automatic crawl process
        • Save/restore session
        • Http request/response history
        • Request parameter stats
        • Request parameter values stats
        • Request url parameter signing and header field signing
        • Use of an alternate proxy (tor for example ;D )
        • Attack logs
        • Export results to HTML or XML
        * Sql attacks (plugin)
        • Server Side Includes (plugin)
        • Xss attacks (plugin)

Check it at:  http://www.edge-security.com/proxystrike.php

Thanks to  Carlos del Ojo for this new release

Regards,

Christian Martorella
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------




        Adriel T. Desautels
        ad_lists () netragard com
    --------------------------------------

        Subscribe to our blog
    http://snosoft.blogspot.com






        Adriel T. Desautels
        ad_lists () netragard com
      --------------------------------------

        Subscribe to our blog
      http://snosoft.blogspot.com






        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]