NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2008-10

Re: spidering of webapps

From: natron (natroninvisibledenizen.org)
Date: Fri Oct 03 2008 - 09:52:20 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The unfortunate fact of virtually all local proxies (Burp, Paros, etc)
is that while, yes, they can do spidering, they have no way to
save/export results!

HTTrack works, but it lacks on the analysis side, requiring you to do
a lot of manual reviews of the downloaded files. I end up relying
mostly on Burp Suite and just tackling the application in small
sections and living with the fact that I can't document very well.

Does anyone have any better solutions?

On Wed, Oct 1, 2008 at 8:35 PM, Ivan . <ivanhecgmail.com> wrote:
>
> Burp Suite
> http://portswigger.net/suite/
>
> Paros
> http://www.parosproxy.org/download.shtml
>
> just a smaple, plenty more out there
>
> cheers
> Ivan
>
> On Thu, Oct 2, 2008 at 4:51 AM, <listerlihim.org> wrote:
> >
> > Other than wget and HTTrack, what other means are you using to spider/mirror websites?
> >
> > How are you spidering through SSL? OpenSSL wrapper such as stunnel?
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Top 5 Common Mistakes in
> > Securing Web Applications
> > Get 45 Min Video and PPT Slides
> >
> > www.cenzic.com/landing/securityfocus/hackinar
> > ------------------------------------------------------------------------
> >
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]