The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc). Also, since the http traffic is stored in a MongoDB, the traffic is […]
Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The author did ask for the original authors of Paros Proxy to integrate his changes but was rejected, hence the […]
Tags: andiparos, paros, paros fork, paros-proxy, personal proxy, proxies, proxy, smartcard certificates, web application proxy, web application security assessment, web application security tool, web-application-security, web-proxy, web-security-tool
Posted in: Database Hacking, Hacking Tools, Web Hacking | Add a CommentWebtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does […]
Tags: hacking-networks, http tunnel, http tunneling, Network Hacking, proxy, web tunnel, web-proxy, webtunnel
Posted in: Hacking Tools, Network Hacking | Add a CommentBurp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility. Burp Suite […]
Tags: burp, burp-proxy, burp-suite, hacking-web-applications, proxy, proxy-tool, web-application-security
Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a CommentOne of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release – not a minor upgrade. Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to […]
FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It includes a powerful proxy feature for intercepting and modifying HTTP requests, and an inference engine for automating SQL injection exploitation. Often web developers think that by disabling error messages in […]
ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios. Formerly announced as […]
Tags: hacking, Hacking Tools, Network Hacking, network-security, penetration-testing, proxmon, proxy, proxy-monitoring, scarabmon, webscarab
Posted in: Hacking Tools, Network Hacking | Add a CommentProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication. ProxyFuzz is a good tool […]
Tags: fuzzing, man-in-the-middle, mitm, Network Hacking, network-fuzzer, network-fuzzing, network-security, proxy, proxy-fuzzer, proxyfuzz
Posted in: Hacking Tools, Network Hacking | Add a CommentIntroducing a pair of tools that go well together and give you some good control for HTTP transaction analysis and looking at the security of web applications. Odysseus is a tool designed for testing the security of web applications. Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical […]
SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include: Automated […]
