ProxyStrike – Background SQL Injection and XSS analysis

April 9, 2008 – 5:11 AM

The folks over at Darknet do a great job of pointing out interesting tools for use in penetration testing and web app security testing among other things. I won’t be duplicating their feed here, but when I see something that I want to test for myself, I will be posting about it.

One such tool that I have been playing with a little over the couple of days is Edge-Security – ProxyStrike v1.0. from their site:

The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.

Nifty, I don’t have to do anything, but browse about and rack up the vulnerability counts.  Well, it is not quite that easy, but works quite well in the limited testing I have done using DVL.  I will be playing with it more and will report back what I find.

Source: Infosec Ramblings

You must be logged in to post a comment.