OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dave Aitel (dave_at_immunitysec.com)
Date: Tue Sep 24 2002 - 08:21:28 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    More advanced than SPIKE Proxy?

    There's really only 3 things SPIKE Proxy doesn't do that commercial
    alternatives do:

    1. check for /admin/, /backup/,index.html.bak, index.html~, etc
    2. Check for web server patches and known vulnerabilities (like nikto
    does)
    3. Do "forced browsing" via a COM control or Mozilla.

    There's NOTHING on the market more configurable than SPIKE Proxy, since
    it's Open Source python. Generally, like any Open Source project, if you
    send me feature requests, bugs, or patches, they get handled within the
    day. (1,2 are scheduled for the next major release, but adding different
    inputs is easy as cake for anyone, even if you don't know python.
    "Scheduled injection," where you perform an series of actions, logging
    in and then making an online trade, for example, and then have SPIKE go
    through the entire series a number of times fuzzing a variable on the
    last page, or a page in between, is also scheduled for 1.3.)

    In addition, SPIKE Proxy has a few weird technologies that other
    alternatives lack - mostly due to Python's support for persistent stores
    via "pickle()" and other Pythonisms. You can actually browse around the
    target's directory structure on your own file system, if you like. And
    you can share the results of your testing with an entire team - all they
    have to do is use you as their HTTP proxy and go to http://spike/. It's
    hacking groupware! :>

    Dave Aitel
    Immunity, Inc.

    On Thu, 2002-09-19 at 00:54, Nick Jacobsen wrote:
    > Thank you Mark, to clerify my question, I am looking for something that
    > handles compiled CGI (common gateway interface, these can be perl, DLL, EXE,
    > or almost anything). I am wanting to do blind buffer overflow and input
    > verification checking, preferably fully configurable by me as to what the
    > inputs can be. I have used Spike proxy, but I want something much more
    > advanced. Any more suggestion, with an explination as to WHY it will work
    > for me, will be welcome.
    >
    > Nick J.
    > nickethicsdesign.com
    >
    > ----- Original Message -----
    > From: "Mark Curphey" <markcurphey.com>
    > To: <webappsecsecurityfocus.com>
    > Sent: Wednesday, September 18, 2002 9:57 AM
    > Subject: RE: Usefull tools for finding vulnerabilities in web-based progra
    > ms?
    >
    >
    > > If you are going to reply to this thread, pls add
    > > some value. Outline why you like the tool you are
    > > suggesting, what it does well, what it may not do so
    > > well etc...add some technical content. Does the tool
    > > really find vulnerable CGI's by pushing in malicious
    > > payloads or does it just check for a HTTP 200. You
    > > get the picture.
    > >
    > > I am not going to approve one liner URL's. Everyone
    > > can use a search engine !
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQA9kGbYB8JNm+PA+iURAkF6AKCOKi+S+y1LAAj2CW4EEaQzcfd40wCfblT2
    CgwQK92JeJxwjTdEyCV/5Is=
    =r4E3
    -----END PGP SIGNATURE-----