Re: [PEN-TEST] Web site password guessing over SSL

From: Burak DAYIOGLU (dayiogluat_private)
Date: Fri Apr 13 2001 - 02:32:08 PDT

  • Next message: Avi Drabkin: "[PEN-TEST] Cybercop"

    "Batten, Gerald" wrote:
    >
    > Our client wants us to try to brute-force one of their public web sites that
    > is password-protected via a form-based login over SSL.  I'd rather not have
    > to sit by the computer manually typing in passwords over and over again.
    > I've looked at the 'popular' web page cracking tools, and none of them seem
    > to work over SSL.
    >
    > Does anybody have any ideas?
    >
    > Gerald Batten
    > Security Consulant
    > Exocom
    >
    > (*note:  views expressed in this e-mail are not necessarily those of my
    > employer.)
    > (**note: views expressed in this e-mail are not necessarily mine either.)
    
    Hi,
    Instead of trying to find out a ssl wrapper and use it with the best of
    your
    brute-force tools.
    
    Some popular wrappers are Bjorb (http://www.hitachi-ms.co.jp/bjorb/en/)
    and
    SSLwrap (http://www.rickk.com/sslwrap/).
    
    cheers,
    Burak DAYIOGLU
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 08:46:20 PDT