lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Oct 2006 10:14:50 +0800 From: "pdp (architect)" <pdp.gnucitizen@...glemail.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, "Web Application Security" <webappsec@...urityfocus.com>, websecurity@...appsec.org, "Penetration Testing" <pen-test@...urityfocus.com>, security-basics@...urityfocus.com Subject: JavaScript Attack Console (Backweb) http://www.gnucitizen.org/blog/introducing-backweb http://www.gnucitizen.org/backweb I am quite happy to release the Backweb Attack Console. The application is in its 0.1a release currently. This means that a lot more work needs to be done. Right now it is quite stable and it should work well with attack channels similar to the one described here: http://www.gnucitizen.org/blog/persistent-bi-directional-communication-channels. Check the AttackAPI project for the attack channel complete source code. So what is Backweb anyway? The Backweb project was an experiment that was initially started to create a full featured attack console for exploiting web browsers, web users and remote applications. Those who are familiar with XSS Proxy or even BEEF might already be familiar with the core principles of the Backweb project. I tried to make the core as modular as possible although I didn't try vary hard. Those who are curios enough to check the source code will see quite a few bugs. As a said earlier this is the 0.1a (alpha) release. There is a new release in the SVN trunk that will be ready for download quite soon. Documentation is also expected in the next month. If any one is willing to contribute please feel free to contact me. For ideas of how to use this application read this blog: http://www.gnucitizen.org/ or these one http://ha.ckers.org or anything related to XSS and web security. The name Backweb is already taken by Backweb Inc. which means that I might need to change it in the near future. I am in contact with them. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists