[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Log requests and reply it again automaticall

From: steve jensen <sjensen1207@xxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Log requests and reply it again automaticall
Date: Fri, 11 Jan 2008 11:02:29 -0600

--_60963f27-7e99-46d4-8831-ca3e82716496_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

BurpSuite (Repeater or Intruder) can do exactly what you are asking.

You can provide your own "Fuzz List" to the Burp Intruder to have it test f=
or various vulnerabilities, such as XSS and SQLi.
The only SQLi specific tool I have found that is worth actually using is SP=
I Dynamics SQL Injector, but I believe it's only available in the toolkit p=
urchased with WebInspect.



Date: Fri, 11 Jan 2008 14:34:52 +0800
From: gunblad3@gmail.com
To: gpaharenko@gmail.com
CC: websecurity@webappsec.org
Subject: Re: [WEB SECURITY] Log requests and reply it again automaticall

It is possible to write BeanShell scripts for WebScarab to perform what you=
're looking for, maybe you could look in that direction?

Ray

On Jan 11, 2008 3:13 AM, Gleb Paharenko <=0A=
gpaharenko@gmail.com> wrote:
Hi.

I've been researching a simple task:=0A=


record all raw user requests to the server with post data and headers.
Then repeat them, perhaps modifying some parameters like session id.
It could be useful to test if some actions which were recorded under=0A=

privileged account is available under unprivileged account.

Tools like Selenium or other browser oriented staff which logs clicks
to buttons are unusable, because in unprivileged interface this
buttons could not exists, however direct post to url can work.=0A=


I've checked WebScarab, BurpSuite, Paros, w3af (spiderMan plugin)
and did not found any resoanble solution. Whith first three of them
I've been able to manually repeat a request, however for site with=0A=

hundreds links is is time consuming.

The only way to how automate this process, was exporting messages from
Paros. Then some scripting to get requests, modify session id, repeat
them again to server and scan by eyes though answers. It was several=0A=

times faster
than manual requests from graphical interface of these tools.

Question:
 Is it possible to do this simple task with some tool to  minimize
scripting and not invent a wheel.
 Is there a good command line XSS,SQLi checker which can read raw=0A=

requests with marked parameters to fuzz (like in burp suite), fuzz the
url, analyze responces to find problems.

w3af seems a good tool, however I've not run deep inside it yet. If it
can do all mentioned above stuff, point me please to right plugins.=0A=

Sure that there should be a discover plugin which can just read raw
request, but I have not found it!

Thanks all.


--
Best regards.
Gleb Pakharenko.
=0A=
http://gpaharenko.livejournal.com

---------------------------------------------------------------------------=
-
Join us on IRC: irc.freenode.net #webappsec=0A=


Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
=0A=
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


=0A=

_________________________________________________________________
Share life as it happens with the new Windows Live.
http://www.windowslive.com/share.html?ocid=3DTXT_TAGHM_Wave2_sharelife_0120=
08=

--_60963f27-7e99-46d4-8831-ca3e82716496_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class=3D'hmmessage'><div style=3D"text-align: left;">BurpSuite (Repea=
ter or Intruder) can do exactly what you are asking.<br><br>You can provide=
 your own "Fuzz List" to the Burp Intruder to have it test for various vuln=
erabilities, such as XSS and SQLi.<br>The only SQLi specific tool I have fo=
und that is worth actually using is SPI Dynamics SQL Injector, but I believ=
e it's only available in the toolkit purchased with WebInspect.<br></div><b=
r><br><br><blockquote><hr id=3D"EC_stopSpelling">Date: Fri, 11 Jan 2008 14:=
34:52 +0800<br>From: gunblad3@gmail.com<br>To: gpaharenko@gmail.com<br>CC: =
websecurity@webappsec.org<br>Subject: Re: [WEB SECURITY] Log requests and r=
eply it again automaticall<br><br>It is possible to write BeanShell scripts=
 for WebScarab to perform what you're looking for, maybe you could look in =
that direction?<br><br>Ray<br><br><div class=3D"EC_gmail_quote">On Jan 11, =
2008 3:13 AM, Gleb Paharenko &lt;=0A=
<a href=3D"mailto:gpaharenko@gmail.com";>gpaharenko@gmail.com</a>&gt; wrote:=
<br><blockquote class=3D"EC_gmail_quote" style=3D"padding-left: 1ex;">Hi.<b=
r><br>I've been researching a simple task:=0A=
<br><br>record all raw user requests to the server with post data and heade=
rs.<br>Then repeat them, perhaps modifying some parameters like session id.=
<br>It could be useful to test if some actions which were recorded under=0A=
<br>privileged account is available under unprivileged account.<br><br>Tool=
s like Selenium or other browser oriented staff which logs clicks<br>to but=
tons are unusable, because in unprivileged interface this<br>buttons could =
not exists, however direct post to url can work.=0A=
<br><br>I've checked WebScarab, BurpSuite, Paros, w3af (spiderMan plugin)<b=
r>and did not found any resoanble solution. Whith first three of them<br>I'=
ve been able to manually repeat a request, however for site with=0A=
<br>hundreds links is is time consuming.<br><br>The only way to how automat=
e this process, was exporting messages from<br>Paros. Then some scripting t=
o get requests, modify session id, repeat<br>them again to server and scan =
by eyes though answers. It was several=0A=
<br>times faster<br>than manual requests from graphical interface of these =
tools.<br><br>Question:<br>&nbsp;Is it possible to do this simple task with=
 some tool to &nbsp;minimize<br>scripting and not invent a wheel.<br>&nbsp;=
Is there a good command line XSS,SQLi checker which can read raw=0A=
<br>requests with marked parameters to fuzz (like in burp suite), fuzz the<=
br>url, analyze responces to find problems.<br><br>w3af seems a good tool, =
however I've not run deep inside it yet. If it<br>can do all mentioned abov=
e stuff, point me please to right plugins.=0A=
<br>Sure that there should be a discover plugin which can just read raw<br>=
request, but I have not found it!<br><br>Thanks all.<br><br><br>--<br>Best =
regards.<br>Gleb Pakharenko.<br><a href=3D"http://gpaharenko.livejournal.co=
m" target=3D"_blank">=0A=
http://gpaharenko.livejournal.com</a><br><br>------------------------------=
----------------------------------------------<br>Join us on IRC: <a href=
=3D"http://irc.freenode.net"; target=3D"_blank">irc.freenode.net</a> #webapp=
sec=0A=
<br><br>Have a question? Search The Web Security Mailing List Archives:<br>=
<a href=3D"http://www.webappsec.org/lists/websecurity/"; target=3D"_blank">h=
ttp://www.webappsec.org/lists/websecurity/</a><br><br>Subscribe via RSS:<br=
>=0A=
<a href=3D"http://www.webappsec.org/rss/websecurity.rss"; target=3D"_blank">=
http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br><br></blockq=
uote></div><br>=0A=
</blockquote><br /><hr />Share life as it happens with the new Windows Live=
. <a href=3D'http://www.windowslive.com/share.html?ocid=3DTXT_TAGHM_Wave2_s=
harelife_012008' target=3D'_new'>Start sharing!</a></body>
</html>=

--_60963f27-7e99-46d4-8831-ca3e82716496_--

References:
- [WEB SECURITY] Log requests and reply it again automaticall
  - From: Gleb Paharenko
- Re: [WEB SECURITY] Log requests and reply it again automaticall
  - From: Ray Foo

Prev by Date: Re: [WEB SECURITY] rIP BETA - reverse IP tool
Next by Date: Re: [WEB SECURITY] rIP BETA - reverse IP tool
Previous by thread: Re: [WEB SECURITY] Log requests and reply it again automaticall
Next by thread: RE: [WEB SECURITY] Log requests and reply it again automaticall
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site