Re: [PEN-TEST] Web site password guessing over SSL

From: Burak DAYIOGLU (dayiogluat_private)
Date: Fri Apr 13 2001 - 02:32:08 PDT

Next message: Avi Drabkin: "[PEN-TEST] Cybercop"

Previous message: Vanja Hrustic: "[PEN-TEST] sdiis.dll (part of SecurID?)"
Next in thread: ET LoWNOISE: "Re: [PEN-TEST] Web site password guessing over SSL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Batten, Gerald" wrote:
>
> Our client wants us to try to brute-force one of their public web sites that
> is password-protected via a form-based login over SSL.  I'd rather not have
> to sit by the computer manually typing in passwords over and over again.
> I've looked at the 'popular' web page cracking tools, and none of them seem
> to work over SSL.
>
> Does anybody have any ideas?
>
> Gerald Batten
> Security Consulant
> Exocom
>
> (*note:  views expressed in this e-mail are not necessarily those of my
> employer.)
> (**note: views expressed in this e-mail are not necessarily mine either.)

Hi,
Instead of trying to find out a ssl wrapper and use it with the best of
your
brute-force tools.

Some popular wrappers are Bjorb (http://www.hitachi-ms.co.jp/bjorb/en/)
and
SSLwrap (http://www.rickk.com/sslwrap/).

cheers,
Burak DAYIOGLU

Next message: Avi Drabkin: "[PEN-TEST] Cybercop"
Previous message: Vanja Hrustic: "[PEN-TEST] sdiis.dll (part of SecurID?)"
Next in thread: ET LoWNOISE: "Re: [PEN-TEST] Web site password guessing over SSL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 08:46:20 PDT