Download here: http://www.immunitysec.com/spike.html Screenshot here: http://www.immunitysec.com/spikeproxy1.1.jpg Make sure to check the signature as well. Hopefully you have my key in your ring. If not, give me a call to verify the fingerprint. SPIKE Proxy now includes a nice HTTP based GUI. You can browse all around your target web application, then click "argscan" and it will attempt to locate SQL injection bugs (or overflows) on the entire site. You can modify and resubmit specific requests, and display the request or results of any request. To access the GUI, simply browse to http://spike/ SPIKE Proxy is easy to modify Open Source (GPLv2.0) Python. It requires only a single module (pyOpenSSL, provided on the SPIKE webpage) and Python 2.2. obAdvertisement: I won't be demoing this part of SPIKE specifically at BlackHat. It's too self-explanatory and SPIKE 2.5 is much more interesting, I think. Instead, try this out yourself and come to my talk to see the Exchange 2K 0day! :> -dave
This archive was generated by hypermail 2b30 : Tue Jul 23 2002 - 16:45:23 PDT