lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 31 Oct 2006 10:14:50 +0800
From: "pdp (architect)" <pdp.gnucitizen@...glemail.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, 
	"Web Application Security" <webappsec@...urityfocus.com>, 
	websecurity@...appsec.org, 
	"Penetration Testing" <pen-test@...urityfocus.com>, 
	security-basics@...urityfocus.com
Subject: JavaScript Attack Console (Backweb)

http://www.gnucitizen.org/blog/introducing-backweb
http://www.gnucitizen.org/backweb

I am quite happy to release the Backweb Attack Console.

The application is in its 0.1a release currently. This means that a
lot more work needs to be done. Right now it is quite stable and it
should work well with attack channels similar to the one described
here: http://www.gnucitizen.org/blog/persistent-bi-directional-communication-channels.
Check the AttackAPI project for the attack channel complete source
code.

So what is Backweb anyway? The Backweb project was an experiment that
was initially started to create a full featured attack console for
exploiting web browsers, web users and remote applications. Those who
are familiar with XSS Proxy or even BEEF might already be familiar
with the core principles of the Backweb project.

I tried to make the core as modular as possible although I didn't try
vary hard. Those who are curios enough to check the source code will
see quite a few bugs. As a said earlier this is the 0.1a (alpha)
release. There is a new release in the SVN trunk that will be ready
for download quite soon.

Documentation is also expected in the next month. If any one is
willing to contribute please feel free to contact me. For ideas of how
to use this application read this blog: http://www.gnucitizen.org/ or
these one http://ha.ckers.org or anything related to XSS and web
security.

The name Backweb is already taken by Backweb Inc. which means that I
might need to change it in the near future. I am in contact with them.

-- 
pdp (architect) | petko d. petkov
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists