Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
GovernmentSecurity.org > General GSO > General Security Information
mmkhan
May 30 2005, 03:55 AM
Hi all,
Check out some more tools from foundstone esp cookiedigger with some nice clean features.

CookieDigger™
QUOTE
CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.

for download hXXp://www.foundstone.com/resources/termso...ookiedigger.zip

Hacme Books™
QUOTE
The Hacme Books application simulates a ‘real-world’ eCommerce bookstore and was built with known and common vulnerabilities to teach application developers, programmers, architects and security professionals how to create secure Java software. Leveraging this new tool, software developers and architects can examine real exploits against Java applications and learn from the offending code in order to better understand vulnerabilities and how to repair them.

For download hXXp://www.foundstone.com/resources/termso...=hacmebooks.zip

For having a information about foundstone's other tools.
hXXp://www.foundstone.com/resources/freetools.htm


Thanks
aeqix
Jul 12 2005, 10:46 PM
Those are fakes links... don't click on it...
it's going to:
http://hxxp//www.foundstone.com/resources/freetools.htm
vnet576
Jul 12 2005, 11:11 PM
I really can't believe you just posted that. Wow. Classic.
tweakz20
Jul 13 2005, 01:10 AM
laugh.gif
Warlord_David
Jul 13 2005, 03:15 AM
wow aeqix...classic lol

they also have a new tool "WSDigger" confusing as hell to use though.
mmkhan
Jul 13 2005, 07:58 AM
just a little elaboration on WSDigger

QUOTE
WSDigger is a free open source tool designed by Foundstone to automate black-box web services security testing (also known as penetration testing). WSDigger is more than a tool, it is a web services testing framework. Version one of this framework contains sample attack plug-ins for SQL injection, cross site scripting and XPATH injection attacks. A web service vulnerable to XPATH injection is provided as an example with the tool. By releasing the framework as an open-source tool, users are encouraged to develop and share their own plug-ins.



source: hxxp://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/wsdigger.htm

for downloading the tool:
hxxp://www.foundstone.com/resources/termsofuse.htm?file=wsdigger.zip

Screenshots:
hxxps://www.threatsandcountermeasures.com/blogs/marksblog/archive/2005/07/08/522.aspx
manu
Jul 13 2005, 08:49 AM
QUOTE(aeqix @ Jul 12 2005, 10:46 PM)
Those are fakes links... don't click on it...
it's going to:
http://hxxp//www.foundstone.com/resources/freetools.htm
*



laugh.gif laugh.gif laugh.gif

Thanks a lot my friend, I would have been wasted time clicking on the line HXXP:\\ laugh.gif laugh.gif

Mannnnnn, thanks for giving me a good laugh early morning ..
Manu laugh.gif

By the way, for your info, He just changed the HTTP to HXXP to avoid u clicking it directly from GSO, u have to copy the link and change "XX" to "TT" and use it in a new Browser window ( I cant explain more simply than this) ... This is to avoid Gso as a referror.. Can someone explain this better for this kid? sad.gif

Manu

sEc0nd
Jul 13 2005, 09:16 AM
and what is the problem, if gso is referenzed? blink.gif
dissolutions
Jul 13 2005, 09:22 AM
QUOTE(Warlord_David @ Jul 12 2005, 08:15 PM)
wow aeqix...classic lol

they also have a new tool "WSDigger" confusing as hell to use though.
*



We're still having difficulty getting to the download site, don't start with the actual execution phases. tongue.gif laugh.gif
GSecur
Jul 13 2005, 02:53 PM
QUOTE(sEc0nd @ Jul 13 2005, 04:16 AM)
and what is the problem, if gso is referenzed?  blink.gif
*




Nothing really depending on the topic. Some people just like to be a bit more cautious
Salvia
Jul 13 2005, 03:21 PM
QUOTE(Warlord_David @ Jul 13 2005, 03:15 AM)
wow aeqix...classic lol

they also have a new tool "WSDigger" confusing as hell to use though.
*




I think this thread should be renamed to "n00bDigger" the are coming out of the wood work tongue.gif
mmkhan
Jul 14 2005, 03:49 AM
QUOTE(GSecur @ Jul 13 2005, 07:53 PM)
QUOTE(sEc0nd @ Jul 13 2005, 04:16 AM)
and what is the problem, if gso is referenzed?  blink.gif
*




Nothing really depending on the topic. Some people just like to be a bit more cautious
*



So this means one can add a live link?
manu
Jul 14 2005, 06:16 AM
That depends on the topic and link smile.gif

No problem adding legal links directly..

Manu smile.gif
aeqix
Jul 16 2005, 06:44 PM
Calm down people..
If my last msg is to simple for you.. Don't read it... New people is around and they need to learn, like you did when you started..
hxxp is a live link that someone can use for malicious purpose ...just common sense...
huh.gif





wink.gif
vnet576
Jul 16 2005, 07:32 PM
QUOTE(aeqix @ Jul 16 2005, 02:44 PM)
Calm down people..
If my last msg is to simple for you.. Don't read it... New people is around and they need to learn, like you did when you started..
hxxp is a live link that someone can use for malicious purpose ...just common sense...
huh.gif





wink.gif
*



Show me an example (proof of concept), by pm if you want or you can post here, of how one can use a hxxp link maliciously in a browser of your choice and I'll remove your warning point.
ninar12
Jul 18 2005, 02:52 PM
wahahahahha

now come back to the topic again biggrin.gif nough lought smile.gif


between these thread is 50 days old
bearwithme
Jul 19 2005, 03:53 PM
looks like there are a few new toys out there for me to play with. Thanks for the heads up.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.