Groundspeed 1.1 – Web Application Security Add-on For Firefox

Groundspeed is an open-source Firefox extension for web application security testers presented at the OWASP AppSec DC 2009. It allows you to manipulate the web application’s user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration test.

What can I do with Groundspeed?

Groundspeed allows you to modify the forms and form elements loaded in the page. Some practical uses include:

  • Changing the types of form fields, for example you can change hidden fields into text fields so you can easily edit their contents.
  • Quickly removing size and length limitations on text fields so you have more space to type your attack strings.
  • Changing form target so the form submits in another tab.
  • Removing or editing the JavaScript event handlers to bypass client side validation.

You can install Groundspeed here:

https://addons.mozilla.org/en-US/firefox/addon/46698/

Or read more here.

Labels: , , , , ,

Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool

Browser Fuzzer 3, or bf3, is a comprehensive web browser fuzzer. Browser Fuzzer 3 is designed as a hybrid framework/standalone fuzzer; the modules it uses are extensible but also highly integrated into the core. bf3 can be used via command line to set all necessary flags for each fuzzing operation.

After initialization, bf3 creates test cases in a numbered system. Fuzzing is automated through the browser using the refresh method. If error is detected, server logs can provide insight to the offending test case.

Features

  • Fuzzes CSS, DOM, HTML, JavaScript and XML
  • Attended and Unattended Fuzzing Modes
  • 7th Generation Fuzzing Oracle
  • Random Data Generator
  • Mutation Fuzzing Engine

You can download Browser Fuzzer 3 here:

bf3.tar.gz

Or read more here.

Labels: , , , , , , , , , ,

Burp Suite v1.3 – Integrated Platform For Attacking Web Applications

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

This is a major upgrade with a host of new features, including:

  • A new message editor/viewer optimised for HTTP requests and responses, with colourised syntax, mouse-over decoding, and quick conversion functions.
  • Facility to add comments and highlights to the proxy history and site map.
  • Support for viewing and editing AMF-encoded messages.
  • Improved handling of SSL server certificates, to eliminate browser SSL warnings and connection problems with thick clients.
  • Copy to file / paste from file to facilitate working with binary content.
  • New display filters.
  • Greatly enhanced extensibility.
  • Configurable DNS resolution, to override your computer’s own resolution, facilitating work with non-proxy-aware clients.
  • Fine-grained upstream proxy rules.
  • Exporting of HTTP messages and metadata in XML format.

Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from java.sun.com.

Full release details can be found here.

You can download Burp Suite v1.3 here:

burpsuite_v1.3.zip

Or read more here.

Labels: ,

Microsoft SQL Server Fingerprint Tool

This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. The strength of this tool is that it uses probabilistic algorithm to identify the version of the Microsoft SQL Server.

The “Microsoft SQL Server Fingerprint Tool” can also be used to identify vulnerable versions of Microsoft SQL Server – it is based on some techniques used by Exploit Next GenerationTM to perform automated penetration test.

This is a very new tool and is in the BETA stage, so please do download it, try it out and give some feedback to the author.

You can download mssqlfp here:

mssqlfp-BETA4.exe

Or read more here.

Labels: , ,

WAFP – Web Application Finger Printing Tool

WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB.

How it works?

WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version and even the build number of a Web Application.

In detail?

A Web Application Finger Print consits of a set of relative file locations in conjunction with their md5sums. It is made based on a production or example installation of a Web Application or just out of an extracted Web Application install files tarball. For this task, generate_wafp_fingerprint.sh is to be used.

WAFP comes with a README and a HOWTO file both containing some descriptions and examples.

Example

A specific fingerprint with verbose mode enabled:

wafp.rb --verbose -p phpmyadmin https://phpmyadmin.example.de

    found the following matches (limited to 10):
  +-------------------------------------------------------------+
   phpmyadmin-2.11.9.1                  296 / 299  (98.99%)
   phpmyadmin-2.11.9.2                  295 / 299  (98.66%)
   phpmyadmin-2.11.9.4                  295 / 299  (98.66%)
   phpmyadmin-2.11.8.1                  295 / 299  (98.66%)
   phpmyadmin-2.11.9.5                  295 / 299  (98.66%)
   phpmyadmin-2.11.8                    295 / 299  (98.66%)
   phpmyadmin-2.11.9.3                  295 / 299  (98.66%)
   phpmyadmin-2.11.9                    295 / 299  (98.66%)
   phpmyadmin-2.11.4                    294 / 299  (98.33%)
   phpmyadmin-2.11.5.2                  294 / 299  (98.33%)

You can download WAFP here:

wafp-0.01-26c3.tar.gz

Or read more here.

Labels: , ,

YASAT – Yet Another Stupid Audit Tool

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut).

It do many tests for checking security configuration issue or others good practice.

It checks many software configurations like:

  • Apache
  • PHP
  • kernel
  • MySQL
  • OpenVPN
  • Packages update
  • snmpd
  • tomcat
  • user accounting
  • vsftpd
  • xinetd

YASAT has been tested on:

  • Gentoo
  • Debian
  • Ubuntu
  • FreeBSD
  • OpenBSD

YASAT is licensed under GPLv3.

You can download YASAT here:

yasat-207.tar.gz

Or read more here.

Labels:

fimap – Remote & Local File Inclusion (RFI/LFI) Scanner

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable.

Features

  • Check a Single URL, List of URLs, or Google results fully automatically.
  • Can identify and exploit file inclusion bugs.
  • Test and exploit multiple bugs
  • Has an interactive exploit mode
  • Add your own payloads and patches to the config.py file.
  • Has a Harvest mode which can collect URLs from a given domain for later pentesting.
  • Can use proxies (experimental).

Changes

  • All commands will now be send base64 encoded. So you can use quotes as much as you want.
  • php://input detection is now 100% reliable.
  • You can now define a POST string for relative and absolute files in the config.py.
  • TTL implemented. You can define it with “—ttl “. Default is 30 seconds.
  • Experimental HTTP Proxy support. You can define a HTTP(s) proxy with “—http-proxy localhost:8080″.
  • Googlescanner can now skip the first X pages. Use “—skip-pages X”.
  • Lots of bugfixes and additional regular expressions.

Requirements

  • Needs: Python >= 2.4

You can download fimap here:

fimap_alpha_v07.tar.gz

Or read more here.

Labels: , ,
Subscribe to: Posts (Atom)