ProxyStrike – Background SQL Injection and XSS analysisApril 9, 2008 – 5:11 AM
The folks over at Darknet do a great job of pointing out interesting tools for use in penetration testing and web app security testing among other things. I won’t be duplicating their feed here, but when I see something that I want to test for myself, I will be posting about it.
One such tool that I have been playing with a little over the couple of days is Edge-Security – ProxyStrike v1.0. from their site:
The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.
Nifty, I don’t have to do anything, but browse about and rack up the vulnerability counts. Well, it is not quite that easy, but works quite well in the limited testing I have done using DVL. I will be playing with it more and will report back what I find.
Source: Infosec Ramblings