Web application security - the fast guide 1.1 | Page 169

Chapter 8 - Attack Tools
P a g e | 169
One of the special features in fiddler that it allows the user to write a .Net code to
alter the request and response programmatically or even create a full interceptor
compiled as .DLL and put it in the (Interceptors ) folder of fiddler.

Burp intruder: Java based software that allows user to iterate through
several attacks based on a manually created request structure then a need
to decide at when and what various attack payloads need to include.
Burp Intruder offers several packaged payloads, including overflow
testing payloads, fuzz testing and denial of service. While Burp represents
a good tool for iteration based attacks it is not the most suitable tool when
it comes to create single well-crafted request attack
Figure 63:Burp Suite interface

Google rat proxy:
Google had released also an interesting tool to allow application security
assessment tool named Ratproxy. The tool like other proxies initiate an
interceptor that will enable analyzing user activities while using the site
in the background and looks for security holes.
The tool uses passive mode approach to collect information and store it to
log.
User needs to use a parser to convert the log to html based humanly
readable format.
To get the parser we use: