Views: 5,361 Ever find yourself looking for that show-stopper exploit in a Web-app, and forgetting to check out all the low-hanging fruit? That’s initially why the authors created Watcher – a passive web application vulnerability scanner. For one thing, you don’t want to manually inspect a Web-app for many of these issues (cookie settings, SSL […]
fiddler
x5s – Automated XSS Security Testing Assistant
Views: 7,782 [ad] x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by: Detecting where safe encodings were not applied to emitted user-inputs Detecting where Unicode character transformations might bypass security filters Detecting where […]
Fiddler – Web Debugging Proxy For HTTP(S)
Views: 13,942 [ad] Recently I posted about Charles Web Debugging Proxy and quite a few people mentioned they had been using Fiddler. Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing […]