[ OWASP - Montréal ]Vrute force HTML form password guessing
Philippe Blondin
blondin.philippe at gmail.com
Tue Nov 25 23:10:48 EST 2008
Thanks for your quick answer Laurent :P
This is actually the first post on Owasp Montreal group. Just wanted to
drop a line to say that i am very happy to see some activity here. I
hope to see a lot more in the future..
I also have a question in mind: Is this mailing list should be either in
French or English or both?
Philippe Blondin
Benoit Guerette wrote:
> That was too obvious ;) I didn't find the replay tool, but I can use
> the fuzzer and provide a password.txt file as a source, so it will do
> brute force password guessing
>
> Thanks!
>
> WebScarab is doing very well with HTTPS, but I have trouble with burp.
> Paros is great, but it use a homemade user-agent so my web application
> firewall drop all requests
>
>
>
> I looked in the mailing list history, seems we are the first to post?
>
> On Tue, Nov 25, 2008 at 10:15 PM, Laurent Desaulniers
> <laurent.desaulniers at gmail.com <mailto:laurent.desaulniers at gmail.com>>
> wrote:
>
> Hello,
>
> I am very happy to see activity on the Owasp Montreal group. To
> answer your question, there are many options. You can do
> bruteforce with webscarab, using the post replay tool (under the
> advanced view). Of course, burp proxy and paros will do the same.
> If you look for something more automated; burp proxy 2.0 will be
> able to brute force automatically.
>
> I am also told that websleuth may be able to do it to
> (http://sandsprite.com/Sleuth/). W3af
> (http://w3af.sourceforge.net/) is also able to brute force http
> forms, (either use formauthBrute or SpiderMan)
>
>
> I hope it answers your question.
>
>
> Laurent Desaulniers
>
>
>
> On Tue, Nov 25, 2008 at 8:22 PM, Benoit Guerette
> <benoit.guerette at gmail.com <mailto:benoit.guerette at gmail.com>> wrote:
>
> Hi!
>
> I am using WebScarab for a lot of injection tests. Is there
> any good tool for brute force password guessing in html forms?
> It do not seems to be an option on WebScarab.
>
> Most antivirus don't like brutus, and I have trouble running
> Burp Suite with ssl.
>
> Thanks
>
> --
> http://www.linkedin.com/in/benoitguerette
>
> _______________________________________________
> Owasp-montreal mailing list
> Owasp-montreal at lists.owasp.org
> <mailto:Owasp-montreal at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-montreal
>
>
>
>
> --
> *CONFIDENTIALITÉ* L'information apparaissant dans ce message
> électronique est de nature légalement privilégiée et
> confidentielle. Si ce message vous est parvenu par erreur et que
> vous n'êtes pas le destinataire visé, vous êtes par les présentes
> avisé que tout usage, copie ou distribution de ce message est
> strictement interdit. Vous êtes donc prié de nous informer
> immédiatement de cette erreur et de détruire ce message.
>
>
>
> *CONFIDENTIALITY* The information in this message is legally
> privileged and confidential. In the event of a transmission error
> and if you are not the individual or entity mentioned above, you
> are hereby advised that any use, copying or reproduction of this
> document is strictly forbidden. Please advise us of this error and
> destroy this message.
>
>
>
>
> --
> http://www.linkedin.com/in/benoitguerette
> ------------------------------------------------------------------------
>
> _______________________________________________
> Owasp-montreal mailing list
> Owasp-montreal at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-montreal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-montreal/attachments/20081125/db55a626/attachment.html
More information about the Owasp-montreal
mailing list