Right now it has available SQL injection and XSS modules. Both modules are designed to catch as many vulnerabilities as they can, it’s that why the SQL Injection module is a Python port of the great “SQLibf“.
The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.
- HTTP request/response history
- Request parameter stats
- Request parameter values stats
- Request URL parameter signing and header field signing
- Use of an alternate proxy (tor for example)
- SQL attacks
- XSS attacks
- Export results to HTML or XML
- Console version (python proxystrike.py -c / proxystrike.exe -c)
You can download ProxyStrike here:
Or read more here.
- Watcher – Passive Web Application Vulnerability Scanner
- Pentoo – Gentoo Based Penetration Testing Linux LiveCD
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- ProxyStrike v2.1 Released – Active Web Application Proxy Tool
- SPIKE Proxy – Application Level Security Assessment
- ratproxy – Passive Web Application Security Audit Tool
Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,901,363 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,126,635 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 639,173 views