mailing list archives
PortSwigger.net - web application hack tools
From: Mads Rasmussen <mads () opencs com br>
Date: Tue, 15 Jun 2004 11:40:16 -0300
I haven't seen these tools mentioned on the list, all free for download
Please bear with me if these are wellknown, anyone have experience to share?
_Burp intruder_ is a tool to facilitate automated attacks against
web-enabled applications. It uses a powerful engine to generate
malicious HTTP requests using a template and a set of attack vectors.
Burp intruder is highly configurable, and can be used to identify and
exploit unusual vulnerabilities in bespoke application functionality.
_Burp spider_ is a tool for enumerating web-enabled applications. It
uses various intelligent techniques to generate a comprehensive
inventory of an application's content and functionality, avoiding the
time-consuming and unreliable task of manually following links,
submitting forms and scouring HTML source code.
_Burp proxy_ is an interactive HTTP/S proxy server for attacking and
debugging web-enabled applications. It operates as a man-in-the-middle
between the end browser and the target web server, and allows the user
to intercept, inspect and modify the raw traffic passing in both directions.
_Sock_ is a simple tool for manually attacking web-enabled applications.
It allows a single HTTP/S request to be manipulated and re-issued
repeatedly from the same window. Each response can be viewed as plain
text or rendered as a web page, and can be searched for keywords.
Mads Rasmussen, M.Sc.
Open Communications Security
+55 11 3345 2525
- PortSwigger.net - web application hack tools Mads Rasmussen (Jun 16)