Penetration Testing: Re: ProxyStrike v2.0 released

["Adriel T. Desautels" <ad_lists () netragard com>]

The reason why I was asking was to determine if it had any features or  
functions that I was missing in my arsenal.  If it did, then I'd  
probably download it and use it. And yes, you are right burpsuite pro  
is not free, but others are. Either way, good work on the tool.

On Mar 18, 2009, at 7:30 PM, Christian Martorella wrote:

> As i said before some features weren't there when we started coding  
> ProxyStrike.. this is the version 2.1 now.
> I didn't know the Pro version of Burpsuite, but Burpsuite Pro is  
> commercial and ProxyStrike is free.
> ProxyStrike analyze vulnerabilities (some of them) and Burpsuite  
> only in the pro version.
> Just consider another option for analyzing web applications,  it's  
> not intended to replace Burpsuite
> The SQL and XSS  detection engines are one of the best in my  
> opinion, SQL engine is based on darkraver SQLiBF  http://www.open-labs.org/ 
>   so the tool was developed around this engines for making easily  
> the analysis.
> It's just another option in your toolbox :)
>
> Christian
>
>
>
> On Mar 18, 2009, at 10:19 PM, Adriel T. Desautels wrote:
>
> > What does it do that burpsuite pro can't do? Or burpsuite for that  
> > matter? Perhaps I am missing something obvious here?
> > On Mar 18, 2009, at 5:15 PM, Christian Martorella wrote:
> >
> > > Hi Adriel,  the objective of the tool is similar to Burpsuite, but  
> > > ProxyStrike have some features that we needed  in the moment we  
> > > started coding that Burpsuite didn't had.
> > > ProxyStrike is open source, it's plugin enabled, and is a tool we  
> > > build based in our needs.
> > > Burpsuite is a great piece of software :)
> > >
> > > Any recommendation, or feedback is welcome
> > >
> > > Cheers!
> > >
> > > Christian Martorella
> > >
> > >
> > > On Mar 18, 2009, at 3:05 AM, Adriel T. Desautels wrote:
> > >
> > > > So you basically wrote burpsuite pro?
> > > >
> > > >
> > > > On Mar 17, 2009, at 6:42 PM, Christian Martorella wrote:
> > > >
> > > > > Im please to announce a new version of ProxyStrike, an active  
> > > > > Web Application Proxy, is a tool designed to find  
> > > > > vulnerabilities while browsing an application. It was created  
> > > > > because the problems we faced in the pentests of web  
> > > > > applications that heavily depends on Javascript, not many web  
> > > > > scanners did it good at this stage, so we came with this proxy.
> > > > > Right now it has available Sql injection, XSS and Server side  
> > > > > includes.
> > > > > Features:
> > > > >
> > > > >         • Plugin engine (Create your own plugins!)
> > > > >         • Request interceptor
> > > > >         • Request diffing
> > > > >         • Request repeater
> > > > >         • Automatic crawl process
> > > > >         • Save/restore session
> > > > >         • Http request/response history
> > > > >         • Request parameter stats
> > > > >         • Request parameter values stats
> > > > >         • Request url parameter signing and header field signing
> > > > >         • Use of an alternate proxy (tor for example ;D )
> > > > >         • Attack logs
> > > > >         • Export results to HTML or XML
> > > > >         * Sql attacks (plugin)
> > > > >         • Server Side Includes (plugin)
> > > > >         • Xss attacks (plugin)
> > > > >
> > > > > Check it at:  http://www.edge-security.com/proxystrike.php
> > > > >
> > > > > Thanks to  Carlos del Ojo for this new release
> > > > >
> > > > > Regards,
> > > > >
> > > > > Christian Martorella
> > > > > ------------------------------------------------------------------------
> > > > > This list is sponsored by: InfoSec Institute
> > > > >
> > > > > Learn all of the latest penetration testing techniques in  
> > > > > InfoSec Institute's Ethical Hacking class.
> > > > > Totally hands-on course with evening Capture The Flag (CTF)  
> > > > > exercises, Certified Ethical Hacker and Certified Penetration  
> > > > > Tester exams, taught by an expert with years of real pen testing  
> > > > > experience.
> > > > > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> > > > > ------------------------------------------------------------------------
> > > >
> > > >
> > > >         Adriel T. Desautels
> > > >         ad_lists () netragard com
> > > >     --------------------------------------
> > > >
> > > >         Subscribe to our blog
> > > >     http://snosoft.blogspot.com
> >
> >
> >         Adriel T. Desautels
> >         ad_lists () netragard com
> >       --------------------------------------
> >
> >         Subscribe to our blog
> >       http://snosoft.blogspot.com


        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------