Yes, I have publicly apologized many times for my lack of documentation
around SPIKE. :> In particular, lately people have been getting confused
as to the difference between SPIKE Proxy and SPIKE.

Basically, "my marketing department goofed and our branding efforts were
confusing to the consumer." I've been bundling things inside SPIKE that
seemingly have no relation to SPIKE other than that they were written by
me. For example, dcedump and ifids, which gets the values from port 135
much the way rpcdump gets the values from port 111, is included in
SPIKE. Similarly, SPIKE Proxy, which is a pure python web application
assessment tool is included in SPIKE packages, but also distributed by
itself when I feel like releasing it but SPIKE itself has not changed
dramatically. SPIKE itself is a "fuzzer creation kit" that attempts to
make it easy to create network fuzzers.

For web auditing, I find it useful to use SPIKE Proxy to locate some
form that I would like to fuzz, or manipulate in some way, and then I
cut and paste that into a file. I then use the ./httpwizard.py included
with SPIKE on that file to generate a SPIKE script.

A SPIKE script looks just like C, but is interpreted by SPIKE at runtime
in order to allow you to easily manipulate it without recompiling. You
have to do . ld.sh in order to use the interpretation engine programs
(called ./generic*)

One of those generic programs ./generic_web_server_fuzz2 will use that
.spk file (which you should hand verify, btw, in case my wizard screwed
up) to fuzz a particular web page, saving the connection if possible for
additional speed.

If that doesn't work for you, try ./generic_web_server_fuzz, which
doesn't try to save the connection.

Generally, I save the results of this off, and grep through them for
error messages manually.

Another fun thing to do is play with ./closed_source_web_server_fuzz,
which has a bunch of things programmed into it that are know to cause
problems and crash various web servers. It's how I've found .htr and a
few other issues in various closed source web servers.

SPIKE requires quite a bit of memory, and is only known to run well on
Mandrake Linux 8.2 or other compatible Linux machines.

Many of the concepts behind SPIKE are explained in the OpenOfffice .ppt
file located at http://www.immunitysec.com/spike.html.

SPIKE does have a mailing list (see above URL) where you can ask
detailed questions about the API or using the supplied "pre-built"
fuzzers. Grabbing the pptp.spk I placed on the SPIKE web page yesterday
may explain some of the concepts behind it API, since it uses the
blocks, sizes, and other advanced SPIKE features quite nicely I think.

Dave Aitel
Immunity, Inc.

On Fri, 2002-09-27 at 07:56, zod wrote:
> Hi all,
>
> could someone throw some light on the usage of SPIKE/SPIKE proxy ...well spike proxy is understood to a certain extent ..similar to other proxy tools like websleuth, webproxy... but usage on SPIKE would be a nice thing.
>
> Thank you.
>
> cheers,
> -K
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA9lJw9B8JNm+PA+iURAlOYAKDaM5x14MrLTQyYKfE5yiitBDWh/wCdE5aY
Tbb7y7NLL6z1CMx/tFnH4qc=
=ZImT
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]