Try proxmon
http://www.isecpartners.com/proxmon.html
It works with webscarb
On 4/13/07 6:45 AM, "Serg B." <sergicles@gmail.com> wrote:
> I don't know of any "pen-test" tool that does an alternative to what
> you have already mentioned (within the Open Source realm any way)
> however you may want to look at Selenium
> (http://www.openqa.org/selenium/). This is a JS web application
> testing tool, essentially it is just a harness that you feed small JS
> test scripts and the rest is taken care for you. Therefore, if you
> know what you are doing and don't mind coding a little Selenium is
> worth a try.
>
> On 12/04/07, Paul Sebastian Ziegler <psz@observed.de> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Hi all,
>>
>> I stumbled across Paros quite a while ago.
>> It has been really nice to work with, providing an easy "click and run"
>> interface. However there are some limitations to it that are becoming
>> more and more obvious.
>>
>> 1) It has not been updated for half a year. (Ok, this is probably the
>> least significant problem.)
>>
>> 2) Java is great for platform independence and stuff - but its just
>> slow. You don't even have to scan across an intranet to find this out.
>> Even if you scan through a custom 2000/200 kbps line the limiting factor
>> will be your processor and not your bandwidth. (2Ghz Pentium M - results
>> may vary)
>>
>> 3) It lacks deep configurations. Of course you can set all your basic
>> stuff, but you have no access to the routines called afterwards unless
>> you hack up the source yourself. Now again this is normal for a click
>> and run tool.
>>
>> 4) The logs it creates are _huge_. 2GB and more are not seldom at all.
>> This sometimes raises startup and resume times to 30+ minutes.
>>
>> 5) some more. This is not a flame. I actually like Paros. Just wanted to
>> sketch what troubled my mind.
>>
>> This is why I started searching for alternatives.
>> Now - as you might expect - asking google for "paros alternatives"
>> mostly turns up Greek villages. That's not really what I'm after.
>>
>> I found a few good programs but they all lack some key features.
>> For example:
>>
>> I) WebScarab
>> (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
>> Really nice for packet-manipulation and manual fuzzing of webapps.
>> However it lacks standardized tests and automation.
>>
>> II) Nikto (http://www.cirt.net/code/nikto.shtml)
>> Mostly pattern matching without strong generic tests for XSS, CRLF or
>> SQL-Injection
>>
>> III) Burpsuite (http://portswigger.net/suite/)
>> Another really nice tool. Here you get all the options.
>> However automation is missing up until now.
>>
>>
>> So this is my question:
>> Does anybody (know|use|develop) a (tool|script|app) that carries out
>> partially or completely automated tests on webapplications, runs on
>> linux or bsd, is open source and copes with some of the points given above?
>>
>> If so, please let me know.
>>
>> Thanks in advance
>>
>> Many Greetings
>> Paul
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFGHWfyaHrXRd80sY8RCojjAJ0Qen53VyzyCATvWfqNYKYKT7lZ8QCfbIfd
>> GAACIut+KZRoAQ2vBZtGoz0=
>> =8zee
>> -----END PGP SIGNATURE-----
>>
>> ------------------------------------------------------------------------
>> This List Sponsored by: Cenzic
>>
>> Are you using SPI, Watchfire or WhiteHat?
>> Consider getting clear vision with Cenzic
>> See HOW Now with our 20/20 program!
>>
>> http://www.cenzic.com/c/2020
>> ------------------------------------------------------------------------
>>
>>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
|