I'm pleased to announce a new version of ProxyStrike, an active Web Application Proxy, a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that heavily depends on Javascript, not many web scanners did it good at this stage, so we came with this proxy.
Right now it has available Sql injection, XSS and Server side includes.
Highlights from this release:
• Plugin engine (Create your own plugins!)
• Automatic crawl process
• Request interceptor
• Request diffing
• Request repeater
• Save/restore session
• Http request/response history
• Request parameter stats
• Request parameter values stats
• Request url parameter signing and header field signing
• Use of an alternate proxy (tor for example ;D )
• Attack logs
• Export results to HTML or XML
* Sql attacks (plugin)
• Server Side Includes (plugin)
• Xss attacks (plugin)
Check it at: http://www.edge-security.com/proxystrike.php
Here is a video of the tool:
Great Job from Carlos del Ojo (deepbit) for this new release
-CMM
2 comentarios:
Como se utiliza el Plugin Engine??? es que no encuentro donde se hacen los plugins.
Gracias por la excelente herramienta.
Saludos
Hi, to create a plugin you should check the file plugin.py and there you can find some examples.
I will create a post about programming plugins for Proxystrike very soon
Cheers!
Post a Comment