FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It includes a powerful proxy feature for intercepting and modifying HTTP requests, and an inference engine for automating SQL injection exploitation. Often web developers think that by disabling error messages in […]
proxy
Proxmon – Proxy Log Monitoring Tool
[ad] ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios. Formerly announced […]
ProxyFuzz – MITM Network Fuzzer in Python
[ad] ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication. ProxyFuzz is a good […]
Odysseus Win32 Proxy & Telemachus HTTP Transaction Analysis
[ad] Introducing a pair of tools that go well together and give you some good control for HTTP transaction analysis and looking at the security of web applications. Odysseus is a tool designed for testing the security of web applications. Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A […]
SPIKE Proxy – Application Level Security Assessment
[ad] SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include: […]