[WEB SECURITY] Thor - manual web application testing

P K pak76_apps at yahoo.com
Sun Dec 18 04:18:28 EST 2005


Hi guys,

I have built a few tools for manual web application
testing and if anyone is interested in trying them
out, I have just released one of those tools (Thor).
http://www.securityfocus.com/tools/3744
or
http://myweb.tiscali.co.uk/pak76tools/ThorDemo/ThorDemo.zip

Thor is offers extended browser capabilities, so you
can browse application as normal, and in the meantime
it can intercept IE "Navigation" events.

This tool is for Windows and .NET Framework 2.0 (I
have version also for 1.1, if anyone is interested).

There are two things I want to point out:
1. If you want to change POST body, add headers or
modify cookies (if you want to ovewrite cookie this
one is not perfect - you need to put valid domain/path
as the orignal cookie) - you can do it on the
right-hand side and then just re-submit the request
2. You can easiely switch to lower level tool - Odin
(built-in),
which is built around HttpWebRequest/Response class.
Just create new Odin tabpage - set values on the right
hand side - including cookies and HTTP verb if you
want to, and click Submit. I'm not testing HTTP
implementation of the server, so this tool doesn't
allow you to create improper HTTP requests - as I said
it is for testing web applications only.

I didn't have time to build a web site and/or a proper
manual, but give me a shout if you have any
comments/problems.

Hope you will find it useful.

Best regards,

Pak76


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list