Re: [PEN-TEST] Web site password guessing over SSL

From: Cjk Jempi (cjkat_private)
Date: Wed Apr 18 2001 - 03:48:11 PDT

  • Next message: Nelson Brito: "Re: [PEN-TEST] Cybercop"

    On Thu, Apr 12, 2001 at 09:52:37AM -0400, Batten, Gerald wrote:
    > Our client wants us to try to brute-force one of their public web sites that
    > is password-protected via a form-based login over SSL.  I'd rather not have
    > to sit by the computer manually typing in passwords over and over again.
    > I've looked at the 'popular' web page cracking tools, and none of them seem
    > to work over SSL.
    
    There exists a windows tool called brutus which can be found at http://www.hoobie.net/brutus/.
    It's a quite advanced Brute Forcing tool.
    
    Form their homepage:
    04th April 2000 - A quick update, SSL support (v2,v3 &TLSv1) is nearly ready to roll into AET3 which will be available within a couple of weeks.
    
    
    --
    cjkat_private
    



    This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 08:55:13 PDT