Re: [PEN-TEST] Web site password guessing over SSL

From: Cjk Jempi (cjkat_private)
Date: Wed Apr 18 2001 - 03:48:11 PDT

Next message: Nelson Brito: "Re: [PEN-TEST] Cybercop"

Previous message: Jason Brvenik: "Re: [PEN-TEST] VLAN Security"
Next in thread: Batten, Gerald: "Re: [PEN-TEST] Web site password guessing over SSL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 12, 2001 at 09:52:37AM -0400, Batten, Gerald wrote:
> Our client wants us to try to brute-force one of their public web sites that
> is password-protected via a form-based login over SSL.  I'd rather not have
> to sit by the computer manually typing in passwords over and over again.
> I've looked at the 'popular' web page cracking tools, and none of them seem
> to work over SSL.

There exists a windows tool called brutus which can be found at http://www.hoobie.net/brutus/.
It's a quite advanced Brute Forcing tool.

Form their homepage:
04th April 2000 - A quick update, SSL support (v2,v3 &TLSv1) is nearly ready to roll into AET3 which will be available within a couple of weeks.

--
cjkat_private

Next message: Nelson Brito: "Re: [PEN-TEST] Cybercop"
Previous message: Jason Brvenik: "Re: [PEN-TEST] VLAN Security"
Next in thread: Batten, Gerald: "Re: [PEN-TEST] Web site password guessing over SSL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 08:55:13 PDT