OWASP
Navigation

About OWASP
   Our Mission
   Org Chart
   Foundation By-laws
   Licenses
   FAQ
   Get Involved
   Contact Us

Projects
   Security Requirements
   Testing Framework
   XML Data Exchange Format
   Attack Components
   Project Schedule

News & Announcements
   News Archive

Resources
   Framework Tools
   Presentation
   Tutorials
   Links
   Books

Home : Framework Tools
OWASP
Framework Tools - Websleuth

WebSleuth is an early Alpha release of what will be the first tool of the black-box testing toolkit, and is built to help a user manually understand various security issues of his / her system. It is not intended to replace or compete with commercial tools, and there is certainly no shiny red-button automating attacks. However it is an investigative learning tool that with some patience and knowledge, helps you to find and learn about issues you may have in your web applications. It is written to allow people to code plug-ins for specific issues and this release has a form validation plug-in as a demonstration. We currently have plug-ins for SQL Injection being developed by Chip Andrews from SQLSecurity.com, and Session ID prediction being developed by Dave Endler from iDefense.com

WebSleuth allows you to edit HTTP and HTML requests on the fly in real-time. The first releases implements many features including the ability to test for:

Parameter Manipulation
Cookies
Form Fields
URL Query Strings
HTTP Headers (referrer etc)

Informational
Comments
Meta Tags

Input Validation
Cross Site Scripting
Client-Side Validation


WebSleuth Screenshot

Download
WebSleuth v1.10 Alpha:

Installer Package (1.9mb)
websleuth_installer.zip

*Download the Installer Package if you are installing for the first time or do not have the Visual Basic DLLs.


WebSleuth v1.10 Alpha .exe and source file (94k)
websleuth.zip

*Download the .exe if you are updating from a previous release.



WebSleuth is open source and is subject to the OWASP Software license. It was written in Visual Basic to take advantage of the MS Internet Explorer object avoiding the need for a reverse proxy. The lead developer is David Zimmer who can be contacted at dizzie@owasp.org.

As with any open source projects, we welcome your ideas, input and improvements. Suggestions for features or to participate in developing the tool, please email owasp@owasp.org and dzzie@owasp.org.

If you are interested in sponsoring the further development of this open source project, please contact owasp@owasp.org



OWASP

 

Home - Get Involved - Projects - Schedule - Tools - Tutorials - Contact


Copyright © 2001 The Open Web Application Security Project