Tuesday, March 17, 2009

ProxyStrike v2.0 released!

I'm pleased to announce a new version of ProxyStrike, an active Web Application Proxy, a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that heavily depends on Javascript, not many web scanners did it good at this stage, so we came with this proxy.

Right now it has available Sql injection, XSS and Server side includes.

Highlights from this release:
• Plugin engine (Create your own plugins!)
• Automatic crawl process

• Request interceptor
• Request diffing
• Request repeater
• Save/restore session
• Http request/response history
• Request parameter stats
• Request parameter values stats
• Request url parameter signing and header field signing
• Use of an alternate proxy (tor for example ;D )
• Attack logs
• Export results to HTML or XML
* Sql attacks (plugin)
• Server Side Includes (plugin)
• Xss attacks (plugin)

Check it at: http://www.edge-security.com/proxystrike.php

Here is a video of the tool:



Great Job from Carlos del Ojo (deepbit) for this new release


-CMM

No comments: