Mallory: Transparent TCP and UDP Proxy Intrepidus Group - Insight Mallory: Transparent TCP and UDP Proxy Welcome to the home of Mallory! Mallory is a transparent TCP and UDP proxy. It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend. You are probably here to get Mallory up and running. There are a number of ways to accomplish this. Once you get things working in VMware reliably you can get Mallory running on any Ubuntu machine. Code Mallory Resources Coverage and Mentions WSJ’s Cellphone Testing Methodology made use of Mallory
FREE Website Monitoring & Monitoring Software from Monitor.Us Here's what our monitoring tools can do for IT Consultants, ISPs, ISVs, Web Developers and Web Designers Imagine how much you could grow your business if you weren't chained to your desk. Monitor.Us makes this possible. Because Monitor.Us is Cloud-based it not only lets you keep an eagle eye on everything, from anywhere; it also takes complex set-ups, installs, updates, reinstalls and server monitoring... and drops them from a very large height. So you can spend your time growing your business rather than simply managing it. After all, there is no faster or easier way to improve your revenue and expand your client list. And, here's what our monitoring tools can do for Sys Admins, DevOps, and IT Managers Monitor.Us system and all-in-one dashboard gives you such unrivalled insight that you can get a sense that something's wrong before it even happens.
pirni-derv - Project Hosting on Google Code The author of Pirni has released a GUI-version of Pirni, entitled "Pirni Pro". A link to the product is available here: Much of the functionality of 'pirni-derv' is available in Pirni Pro, and is easier to use (No command-line!). Overview derv is a collection of scripts for parsing captured network packets; specifically cookies, plain-text passwords, and URLs. derv uses Pirni to capture packets. Pirni is a packet sniffing application used on iPhone and iPod Touch devices. Pirni and the derv scripts have been tested on iPhone 3GS and iPod Touch (2nd generation) running OS version 3.0, 3.1, and 3.1.2; should work for all versions of iPhone and iPod OSes that can install and run Mobile Terminal. About Pirni dumps sniffed packets to a file. I could not find a way to view packets "in realtime" on the iPhone/iPod device as they were being captured, so I wrote these scripts in Bash. Scripts derv has two main scripts: Usage
OWASP WebScarab NG Project Main Welcome to the WebScarab (Next Generation) Project WebScarab-NG logo WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the Spring Rich Client Platform to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc. Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly. New User Interface As mentioned above, the user interface has changed quite a lot from the old WebScarab. Current status Error feedback Obtaining WebScarab-NG Technical information
Research | Projects | Page Detailer Page Detailer provides instrumentation and visualization of the performance of web page downloads, showing decomposition of the web page into its component parts (e.g., HTML, GIFs, Applets) and the activities involved in retrieving them. By understanding the retrieval schedule for Web page components, page designers can dramatically improve performance by reorganizing content. By decomposing response time, site architects can understand how to tune their servers and/or configure their applications to provide optimum performance. Page Detailer relies heavily on IBM Research's patented Web Detailer (aka ETE: End-to-End performance monitoring, US#06108700) technology developed in Hawthorne to provide instrumentation of browsers and other HTTP-based applications and to correlate discrete events into a hierarchy of timelines. To view PDF version click here
News: Evolving Higher Ed Hubs HONG KONG -- In the global economy, many nations want to be known as a "higher ed hub." Singapore, Malaysia, Hong Kong and several countries in the Middle East are all striving to attract some combination of local and international universities that would make them a regional center for education and research. The theory goes that some of the top student talent from the area may stay at home rather than rushing off to the United States, Britain or elsewhere. And that talent will then become an educated work force, providing key services and starting businesses. In many discussions of hubs, they are mentioned as if they are interchangeable. But at a session here today at Going Global, the British Council's annual international education conference, educators from Qatar and the UAE pointed to the very different paths these two hubs have taken -- and to evolutions on both of those roads. Beyond the Single Nation Hub A Federal System Wyatt R.
reDuh - HTTP Tunneling Proxy Authors: Haroon Meer, Marco Slaviero, Glenn Wilkonson (reDuhClient && JSP), Gert Burger (PHP), Ian de Villiers (ASPX)Cost: FreeSource Code: GitHubVersion : 0.3License : GPLRelease Date : 2008/07/29Recent Changes : Fixed issues with PHP version and older versions of PHP reDuh was released as part of SensePost's BlackHat USA 2008 talk on tunnelling data in and out of networks. reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests. Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially. While the original documentation made heavy use of bad ASCII art we had to have prettier pics for the .ppt so here you go: reDuhClient and reDuh.jsp will happily shunt TCP until they are killed. The system can handle multiple connections, so while RDP is running, we can use the management connection (on port 1010) again, and request [createTunnel]5555:sshd.victim.com:22.
Pylot | Open Source Web Performance Tool Watcher: Web security testing tool and passive vulnerability scanner by Chris Weber, co-founder at Casaba Security, contact me through CodePlex, or email me at casaba .com. Frequently Asked Questions:Answers to common questions are on the FAQ page. Contents DownloadBackgroundPrior WorkReviewsUser Interface and ReportingInstallationConfiguration and UsageCompliance with OWASPChecks and how they workCreating and Contributing Checks Downloading Watcher From the download page you can get the ZIP file for manual installation or the EXE installer. Note also, if you're looking for a tool to perform cross-site scripting (XSS) testing, check out our x5s XSS testing tool. A Passive tool for Web Security Testing and Auditing Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Major Features: Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com. Prior work Reviews Installation
Wbox HTTP testing tool HTTP testing tool Wbox aims to help you having fun while testing HTTP related stuff. You can use it to perform many tasks, including the following. Benchmarking how much time it takes to generate content for your web application.Web server and web application stressing.Testing virtual domains configuration without the need to alter your local resolver.Check if your redirects are working correctly emitting the right HTTP code.Test if the HTTP compression is working and if it is actually serving pages faster.Use it as a configuration-less HTTP server to share files! (see the server mode documentation at the end of the Wbox tutorial in this page, but it's as simple as % wbox servermode webroot /tmp) Wbox is free software under the BSD license and was written in ANSI C (POSIX runtime required) by Salvatore 'antirez' Sanfilippo. Download 10 Dec 2009 - wbox version 5 is out. Don't miss the next release, use the Windows binaries HTTP client mode The following is a short tutorial. Basic usage
Attack and Defense Labs - Tools Ravan is a JavaScript Distributed Computing system that uses HTML5 WebWorkers to perform brute force attacks on salted hashes in background JavaScript threads across a farm of workers. Salted and plain versions of the following hashing algorithms are currently supported: MD5 SHA1 SHA256 SHA512 Try it online Description JS-Recon a HTML5 based JavaScript Network Reconnaissance tool. Current functionality: Port Scanning Network Scanning Detecting Internal IP Address Try it online Description Shell of the Future is a Reverse Web Shell handler. It can be used to: Demonstrate the severity of XSS and JavaScript injection attacks Create POCs for XSS vulnerabilities in Penetration test reports Run automated scans on internal websites from outside by tunneling the traffc through an internal browser Download UserGuide Video Source Code This is a plugin template for Burp Proxy that is used for penetration testing of JAVA Serialzied Objects passed in POST data. The plug-in provides the following:
SiteTimer About SiteTimer Web Monitor allows you to monitor how long it takes for a user to download one or more of your web site pages. It visits the page that your request and downloads all content that's directly linked from that page; Images Frames IFrames Script files It follows redirects As the pages are downloaded, SiteTimer stores statistics on how long time each item takes to download, and how much data they contained. Web Monitor correctly handles http compressed material (see OctaGate Switch), and it also honors keep-alive requests to give an accurate indication of the times a real browser would spend downloading the content. Optimizing your site Your page shouldn't take too long to load, slow load speeds will lead to users leaving your pages even though they're interested in the material. The size of the page is the main deciding factor for download times, coupled with bandwidth. Decrease the size of your images: Use JPG instead of GIF or BMP. Reasons for slow load speeds
w3af in burp