Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Dave Aitel (dave_at_immunitysec.com)
Date: Tue Sep 24 2002 - 08:21:28 CDT
More advanced than SPIKE Proxy?
There's really only 3 things SPIKE Proxy doesn't do that commercial
1. check for /admin/, /backup/,index.html.bak, index.html~, etc
2. Check for web server patches and known vulnerabilities (like nikto
3. Do "forced browsing" via a COM control or Mozilla.
There's NOTHING on the market more configurable than SPIKE Proxy, since
it's Open Source python. Generally, like any Open Source project, if you
send me feature requests, bugs, or patches, they get handled within the
day. (1,2 are scheduled for the next major release, but adding different
inputs is easy as cake for anyone, even if you don't know python.
"Scheduled injection," where you perform an series of actions, logging
in and then making an online trade, for example, and then have SPIKE go
through the entire series a number of times fuzzing a variable on the
last page, or a page in between, is also scheduled for 1.3.)
In addition, SPIKE Proxy has a few weird technologies that other
alternatives lack - mostly due to Python's support for persistent stores
via "pickle()" and other Pythonisms. You can actually browse around the
target's directory structure on your own file system, if you like. And
you can share the results of your testing with an entire team - all they
have to do is use you as their HTTP proxy and go to http://spike/. It's
hacking groupware! :>
On Thu, 2002-09-19 at 00:54, Nick Jacobsen wrote:
> Thank you Mark, to clerify my question, I am looking for something that
> handles compiled CGI (common gateway interface, these can be perl, DLL, EXE,
> or almost anything). I am wanting to do blind buffer overflow and input
> verification checking, preferably fully configurable by me as to what the
> inputs can be. I have used Spike proxy, but I want something much more
> advanced. Any more suggestion, with an explination as to WHY it will work
> for me, will be welcome.
> Nick J.
> ----- Original Message -----
> From: "Mark Curphey" <markcurphey.com>
> To: <webappsecsecurityfocus.com>
> Sent: Wednesday, September 18, 2002 9:57 AM
> Subject: RE: Usefull tools for finding vulnerabilities in web-based progra
> > If you are going to reply to this thread, pls add
> > some value. Outline why you like the tool you are
> > suggesting, what it does well, what it may not do so
> > well etc...add some technical content. Does the tool
> > really find vulnerable CGI's by pushing in malicious
> > payloads or does it just check for a HTTP 200. You
> > get the picture.
> > I am not going to approve one liner URL's. Everyone
> > can use a search engine !
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----