https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Abhi+M+BalakrishnanOWASP - User contributions [en]2026-04-27T23:23:41ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=OWASP_Vulnerable_Web_Applications_Directory_Project/Pages/Offline&diff=256189OWASP Vulnerable Web Applications Directory Project/Pages/Offline2019-11-26T19:05:33Z<p>Abhi M Balakrishnan: Added Alert Labs</p>
<hr />
<div>{| border="1" width="80%" cellspacing="0" cellpadding="2"<br />
|-<br />
! scope="col" | App Name / Link<br />
! scope="col" | Technology<br />
! scope="col" | Other links<br />
! scope="col" | Author<br />
! scope="col" | Notes<br />
|-<br />
|[https://github.com/Abhi-M/alert-labs Alert Labs]<br />
|PHP<br />
|[https://exploitme.info/alert-labs/ demo] [https://github.com/Abhi-M/alert-labs/archive/master.zip download] [https://exploitme.info/alert-labs/user-guide.php docs]<br />
|Abhi M Balakrishnan<br />
|Focusing only on XSS<br />
|-<br />
| [https://github.com/CSPF-Founder/btslab/ btslab]<br />
| PHP<br />
| <br />
| <br />
| Includes flash-based xss, SSRF, and SSI<br />
|-<br />
| [http://www.badstore.net/ BadStore]<br />
| Perl(CGI)<br />
| <br />
| <br />
| <br />
|-<br />
| [http://code.google.com/p/bodgeit/ BodgeIt Store]<br />
| Java<br />
| [http://code.google.com/p/bodgeit/downloads/list download]<br />
| <br />
| <br />
|-<br />
| [http://sechow.com/bricks/index.html Bricks]<br />
| PHP<br />
| [http://sechow.com/bricks/download.html download] [http://sechow.com/bricks/docs/ docs]<br />
| OWASP<br />
| <br />
|-<br />
| [http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project/ Butterfly Security Project]<br />
| PHP<br />
| [http://sourceforge.net/projects/thebutterflytmp/files/ download]<br />
| <br />
| Last updated in 2008<br />
|-<br />
| [http://www.itsecgames.com/ bWAPP]<br />
| PHP<br />
| [http://sourceforge.net/projects/bwapp/files/ download] [http://itsecgames.blogspot.be/2013/01/bwapp-installation.html docs]<br />
| <br />
| <br />
|-<br />
| [https://github.com/fridaygoldsmith/bwa_cyclone_transfers Cyclone Transfers]<br />
| Ruby on Rails<br />
| <br />
| <br />
| <br />
|-<br />
| [https://github.com/quantumfoam/DVNA/ Damn Vulnerable Node Application - DVNA]<br />
| Node.js<br />
| [https://github.com/quantumfoam/DVNA/ download]<br />
| Claudio Lacayo<br />
| <br />
|-<br />
| [http://www.dvwa.co.uk/ Damn Vulnerable Web Application - DVWA]<br />
| PHP<br />
| [http://code.google.com/p/dvwa/downloads/list download]<br />
| RandomStorm<br />
| <br />
|-<br />
| [http://dvws.secureideas.net/ Damn Vulnerable Web Service - DVWS]<br />
| PHP<br />
| [http://dvws.secureideas.net/downloads/files/dvws.tgz download]<br />
| Secure Ideas (depriciated?)<br />
| <br />
|-<br />
| [https://github.com/snoopysecurity/dvws Damn Vulnerable Web Services - DVWS]<br />
| PHP<br />
| <br />
| snoopysecurity<br />
| <br />
|-<br />
| [https://github.com/secvulture/dvta Damn Vulnerable Thick Client App - DVTA]<br />
| C# .NET<br />
| <br />
| secvulture<br />
| <br />
|-<br />
| [http://google-gruyere.appspot.com/ Gruyere]<br />
| Python<br />
| [http://google-gruyere.appspot.com/gruyere-code.zip download]<br />
| Google<br />
| <br />
|-<br />
| [https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project Hackademic Challenges Project]<br />
| PHP<br />
| [https://code.google.com/p/owasp-hackademic-challenges/ download]<br />
| OWASP<br />
| <br />
|-<br />
| [https://github.com/rapid7/hackazon Hackazon]<br />
| <br />
| <br />
| Rapid7<br />
| Has some REST and new-school web components.<br />
|-<br />
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx Hacme Bank - Android]<br />
| <br />
| <br />
| McAfee / Foundstone<br />
| <br />
|-<br />
| [http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx Hacme Bank]<br />
| .NET<br />
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-bank.aspx download]<br />
| McAfee / Foundstone<br />
| <br />
|-<br />
| [http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Hacme Books]<br />
| Java<br />
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmebooks.aspx download]<br />
| McAfee / Foundstone<br />
| <br />
|-<br />
| [http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Hacme Casino]<br />
| Ruby on Rails<br />
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacme-casino.aspx download]<br />
| McAfee / Foundstone<br />
| <br />
|-<br />
| [http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx Hacme Shipping]<br />
| ColdFusion<br />
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmeshipping.aspx download]<br />
| McAfee / Foundstone<br />
| <br />
|-<br />
| [http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx Hacme Travel]<br />
| C++<br />
| [http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/hacmetravel.aspx download]<br />
| McAfee / Foundstone<br />
| <br />
|-<br />
| [http://hackxor.sourceforge.net/cgi-bin/index.pl hackxor]<br />
| <br />
| <br />
| <br />
| First 2 levels online, rest offline<br />
|-<br />
| [https://www.owasp.org/index.php/OWASP_Juice_Shop_Project Juice Shop]<br />
| Node/JS<br />
| [https://github.com/bkimminich/juice-shop download] [https://hub.docker.com/r/bkimminich/juice-shop/ docker] [https://www.gitbook.com/book/bkimminich/pwning-owasp-juice-shop guide]<br />
| OWASP<br />
| <br />
|-<br />
| [http://sourceforge.net/projects/lampsecurity/ LampSecurity]<br />
| PHP<br />
| <br />
| <br />
| <br />
|-<br />
| [http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 Mutillidae]<br />
| PHP<br />
| [http://www.irongeek.com/mutillidae/ download]<br />
| <br />
| <br />
|-<br />
| [https://github.com/jerryhoff/WebGoat.NET .NET Goat]<br />
| C#<br />
| [https://github.com/jerryhoff/WebGoat.NET git repository]<br />
| OWASP<br />
| <br />
|-<br />
| [https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project NodeGoat]<br />
| Node.js<br />
| [https://github.com/OWASP/NodeGoat git repository]<br />
| OWASP<br />
| <br />
|-<br />
| [http://peruggia.sourceforge.net/ Peruggia]<br />
| PHP<br />
| [http://sourceforge.net/projects/peruggia/files/ download]<br />
| <br />
| <br />
|-<br />
| [https://code.google.com/p/puzzlemall/ Puzzlemall]<br />
| Java<br />
| [https://code.google.com/p/puzzlemall/downloads/list download] [https://code.google.com/p/puzzlemall/downloads/list docs]<br />
| <br />
| <br />
|-<br />
| [https://www.owasp.org/index.php/OWASP_Rails_Goat_Project Rails Goat]<br />
| Ruby on Rails<br />
| [https://github.com/OWASP/railsgoat/archive/master.zip download] [http://railsgoat.cktricky.com/getting_started.html docs]<br />
| OWASP<br />
| <br />
|-<br />
| [http://suif.stanford.edu/%7Elivshits/securibench/ SecuriBench]<br />
| Java<br />
| <br />
| Stanford<br />
| <br />
|-<br />
| [http://suif.stanford.edu/%7Elivshits/work/securibench-micro/ SecuriBench Micro]<br />
| Java<br />
| [http://suif.stanford.edu/~livshits/securibench/download.html download]<br />
| Stanford<br />
| <br />
|-<br />
| [https://www.owasp.org/index.php/OWASP_Security_Shepherd Security Shepherd]<br />
| Java<br />
| [https://sourceforge.net/projects/owaspshepherd/ download]<br />
| OWASP<br />
| <br />
|-<br />
| [https://github.com/sqlmapproject/testenv SQL injection test environment]<br />
| PHP<br />
| <br />
| <br />
| SQLmap Project<br />
|-<br />
| [https://github.com/Audi-1/sqli-labs SQLI-labs]<br />
| PHP<br />
| [https://github.com/Audi-1/sqli-labs/archive/master.zip download] [http://dummy2dummies.blogspot.com/ blog]<br />
| <br />
| <br />
|-<br />
| [https://github.com/SpiderLabs/SQLol SQLol]<br />
| PHP<br />
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]<br />
| <br />
| <br />
|-<br />
| [https://github.com/SpiderLabs/SQLol SQLol]<br />
| PHP<br />
| [https://github.com/SpiderLabs/SQLol/archive/master.zip download]<br />
| <br />
| <br />
|-<br />
| [https://github.com/sakti/twitterlike twitterlike]<br />
| PHP<br />
| [https://github.com/sakti/twitterlike git repository]<br />
| Sakti Dwi Cahyono<br />
| <br />
|-<br />
| [http://www.nth-dimension.org.uk/blog.php?id=88 VulnApp]<br />
| .NET<br />
| [http://projects.nth-dimension.org.uk/dir?d=VulnApp CVS download] [http://projects.nth-dimension.org.uk/rptview?rn=6 vulns]<br />
| <br />
| <br />
|-<br />
| [http://exploit.co.il/hacking/exploit-kb-vulnerable-web-app/ Vulnerable Web App]<br />
| <br />
| <br />
| Exploit.co.il<br />
| <br />
|-<br />
|[https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Application Vulnerable Web Application Project]<br />
|PHP<br />
|[https://github.com/OWASP/Vulnerable-Web-Application Github]<br />
|[https://github.com/hummingbirdscyber/ Hummingbirds Cyber Security Community]<br />
|<br />
|-<br />
| [https://github.com/adamdoupe/WackoPicko WackoPicko]<br />
| PHP<br />
| [https://github.com/adamdoupe/WackoPicko/zipball/master download] [http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf whitepaper]<br />
| <br />
| <br />
|-<br />
| [https://github.com/sectooladdict/wavsep WAVSEP - Web Application Vulnerability Scanner Evaluation Project]<br />
| Java<br />
| [https://sourceforge.net/projects/wavsep/ download (builds)] [https://code.google.com/p/wavsep/downloads/list download (old)] [https://github.com/sectooladdict/wavsep/wiki wiki]<br />
| Shay Chen<br />
| <br />
|-<br />
| [https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project WebGoat]<br />
| Java<br />
| [http://code.google.com/p/webgoat/downloads/list download] [https://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents guide]<br />
| OWASP<br />
| <br />
|-<br />
| [https://www.owasp.org/index.php/WebGoatPHP WebGoatPHP]<br />
| PHP<br />
| [https://github.com/OWASP/OWASPWebGoatPHP download] [https://github.com/OWASP/OWASPWebGoatPHP/blob/master/README.md guide]<br />
| OWASP<br />
| <br />
|-<br />
| [https://code.google.com/p/wivet/ WIVET&nbsp;- Web Input Vector Extractor Teaser]<br />
| <br />
| [http://www.webguvenligi.org/projeler/wivet download] [https://code.google.com/p/wivet/downloads/list?can=1&amp;q= tests]<br />
| <br />
| <br />
|-<br />
| [https://github.com/s4n7h0/xvwa Xtreme Vulnerable Web Application (XVWA)]<br />
| PHP/MySQL<br />
| [https://github.com/s4n7h0/xvwa download]<br />
| @s4n7h0, @samanL33T<br />
| <br />
|-<br />
|}</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Talk:XSS_Filter_Evasion_Cheat_Sheet&diff=222378Talk:XSS Filter Evasion Cheat Sheet2016-10-12T20:22:51Z<p>Abhi M Balakrishnan: /* Filter bypass based polyglot */</p>
<hr />
<div>I can speak from being on the receiving end of XSS Evasion Attacks :)<br />
<br />
http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html<br />
http://blog.spiderlabs.com/2013/08/the-web-is-vulnerable-xss-on-the-battlefront-part-1.html<br />
<br />
Essentially what we need to do is to consolidate a couple of key resources. The top two being -<br />
<br />
HTML5Sec Vectors - https://raw.githubusercontent.com/cure53/H5SC/master/vectors.txt. These are taken from Mario's awesome work - http://html5sec.org/<br />
Shazzer's Successful Fuzzes - https://raw.githubusercontent.com/client9/libinjection/master/data/xss-shazzer.txt. These are from Gareth's equally awesome work - http://shazzer.co.uk/home. <br />
<br />
I would start with these two resources as the base and build from there.<br />
<br />
-Ryan<br />
<br />
<br />
<br />
'''Outdated Examples?'''<br />
<br />
According to https://www.owasp.org/index.php/Script_in_IMG_tags and due to my own observations, it seems that the examples with <img src="..."> provided here are outdated and irrelevant. Means: they are only relevant to Browsers <=IE6 . This makes it hard to collect the relevant (test-)cases from this page and may make people think that an application is not xss save if it does not handle these cases (as it was in my case).<br />
Can these examples either be removed or moved to a dedicated sub-chapter?<br />
Or I am completely wrong?<br />
- Markus<br />
<br />
== ha.ckers.org Down ==<br />
<br />
The ha.ckers.org site has been down for quite some time now, breaking the examples listed on the page. I've setup a mirror for these files, so the samples will work again. If ha.ckers.org ever comes back, the change to use the xss.rocks mirror can be reverted.<br />
<br />
If anyone objects to this, please let me know. --[[User:Adam Caudill|Adam Caudill]] ([[User talk:Adam Caudill|talk]]) 18:43, 3 March 2016 (CST)<br />
<br />
== %tag ==<br />
<br />
I searched online with <tt>"%tag" internet explorer</tt>, saw an example in [https://archive.org/stream/TheBrowserHackersHandbook2014/The%20Browser%20Hackers%20Handbook%202014_djvu.txt The Browser Hackers Handbook 2014] and a reference to the main article. I wonder if the main article should include the <tt><%tag style=xss:expression(alert(6))></tt> trick. Another article explained that IE ignored a possibility of code execution via the unexpected tag, http://real-hacker-network.blogspot.ca/2012/09/aspnet-cross-site-scripting.html --[[User:Eelgheez|Eelgheez]] ([[User talk:Eelgheez|talk]])<br />
:: My attempt with <tt>%tag</tt> could not evade IE11's XSS filter. Oh well. --[[User:Eelgheez|Eelgheez]] ([[User talk:Eelgheez|talk]]) 17:14, 7 July 2016 (CDT)<br />
<br />
== Filter bypass based polyglot ==<br />
<br />
Why is this polyglot linking to a resource on a private website? (shellypalmer.com)<br />
I believe it should link to localhost. In the case of a successful execution of the payload, the referrer header will get listed on the logs of shellypalmer.com<br />
<br />
[[User:Abhi M Balakrishnan|Abhi M Balakrishnan]] ([[User talk:Abhi M Balakrishnan|talk]])</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Talk:XSS_Filter_Evasion_Cheat_Sheet&diff=222377Talk:XSS Filter Evasion Cheat Sheet2016-10-12T20:22:29Z<p>Abhi M Balakrishnan: /* Filter bypass based polyglot */ new section</p>
<hr />
<div>I can speak from being on the receiving end of XSS Evasion Attacks :)<br />
<br />
http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html<br />
http://blog.spiderlabs.com/2013/08/the-web-is-vulnerable-xss-on-the-battlefront-part-1.html<br />
<br />
Essentially what we need to do is to consolidate a couple of key resources. The top two being -<br />
<br />
HTML5Sec Vectors - https://raw.githubusercontent.com/cure53/H5SC/master/vectors.txt. These are taken from Mario's awesome work - http://html5sec.org/<br />
Shazzer's Successful Fuzzes - https://raw.githubusercontent.com/client9/libinjection/master/data/xss-shazzer.txt. These are from Gareth's equally awesome work - http://shazzer.co.uk/home. <br />
<br />
I would start with these two resources as the base and build from there.<br />
<br />
-Ryan<br />
<br />
<br />
<br />
'''Outdated Examples?'''<br />
<br />
According to https://www.owasp.org/index.php/Script_in_IMG_tags and due to my own observations, it seems that the examples with <img src="..."> provided here are outdated and irrelevant. Means: they are only relevant to Browsers <=IE6 . This makes it hard to collect the relevant (test-)cases from this page and may make people think that an application is not xss save if it does not handle these cases (as it was in my case).<br />
Can these examples either be removed or moved to a dedicated sub-chapter?<br />
Or I am completely wrong?<br />
- Markus<br />
<br />
== ha.ckers.org Down ==<br />
<br />
The ha.ckers.org site has been down for quite some time now, breaking the examples listed on the page. I've setup a mirror for these files, so the samples will work again. If ha.ckers.org ever comes back, the change to use the xss.rocks mirror can be reverted.<br />
<br />
If anyone objects to this, please let me know. --[[User:Adam Caudill|Adam Caudill]] ([[User talk:Adam Caudill|talk]]) 18:43, 3 March 2016 (CST)<br />
<br />
== %tag ==<br />
<br />
I searched online with <tt>"%tag" internet explorer</tt>, saw an example in [https://archive.org/stream/TheBrowserHackersHandbook2014/The%20Browser%20Hackers%20Handbook%202014_djvu.txt The Browser Hackers Handbook 2014] and a reference to the main article. I wonder if the main article should include the <tt><%tag style=xss:expression(alert(6))></tt> trick. Another article explained that IE ignored a possibility of code execution via the unexpected tag, http://real-hacker-network.blogspot.ca/2012/09/aspnet-cross-site-scripting.html --[[User:Eelgheez|Eelgheez]] ([[User talk:Eelgheez|talk]])<br />
:: My attempt with <tt>%tag</tt> could not evade IE11's XSS filter. Oh well. --[[User:Eelgheez|Eelgheez]] ([[User talk:Eelgheez|talk]]) 17:14, 7 July 2016 (CDT)<br />
<br />
== Filter bypass based polyglot ==<br />
<br />
Why is this polyglot linking to a resource on a private website? (shellypalmer.com)<br />
I believe it should link to localhost. In the case of a successful execution of the payload, the referrer header will get listed on the logs of shellypalmer.com</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=188333OWASP Bricks2015-01-21T12:07:05Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Bricks==<br />
<br />
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.<br />
<br />
==Introduction==<br />
<br />
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
==Description==<br />
<br />
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.<br />
<br />
==Licensing==<br />
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Bricks? ==<br />
<br />
OWASP Bricks provides:<br />
<br />
* A platform for learning web application security.<br />
* A test bed for analyzing the performance of web application security scanners.<br />
<br />
== Presentation ==<br />
<br />
[[File:OWASP_Bricks_Presentation_Slides.pptx|OWASP Bricks Presentation Slides]]<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan| Abhi_M_Balakrishnan]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Mantra - Security Framework]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/owaspbricks<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [http://sechow.com/bricks/download.html Download Bricks]<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
<br />
== In Print ==<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.<br />
<br />
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.<br />
<br />
==Others==<br />
<br />
<br />
= Road Map and Getting Involved =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
<br />
Involvement in the development and promotion of OWASP Bricks is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.<br />
* Write about OWASP Bricks on your web site/ book.<br />
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.<br />
* Make tutorials/videos of Bricks in languages you know of.<br />
* Include it in your training materials, talks, discussions etc.<br />
<br />
<br />
<br />
=News=<br />
* [http://news.softpedia.com/news/Security-App-of-the-Week-OWASP-Bricks-375093.shtml OWASP Bricks was the Softpedia Security App of the week]<br />
* [http://is-ra.org/c0c0n/2014/ OWASP Bricks was supporting partner of c0c0n 2014] <br />
* [https://www.youtube.com/watch?v=pPg8bA7ps3U OWASP Bricks was presented at OWASP/Null combined meet in Delhi November 2014]<br />
* [https://www.facebook.com/OwaspBricks/posts/646717422114772 Adwiteeya Agrawal presented OWASP Bricks at Indira Gandhi Delhi Technical University for Women - IGDTU]<br />
* [http://dl.packetstormsecurity.net/papers/general/poor_mans_security_lab.pdf The Poor Man's Security Lab guide recommends OWASP Bricks]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Bricks}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]<br />
<br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=188332OWASP Bricks2015-01-21T12:06:26Z<p>Abhi M Balakrishnan: News</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Bricks==<br />
<br />
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.<br />
<br />
==Introduction==<br />
<br />
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
==Description==<br />
<br />
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.<br />
<br />
==Licensing==<br />
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Bricks? ==<br />
<br />
OWASP Bricks provides:<br />
<br />
* A platform for learning web application security.<br />
* A test bed for analyzing the performance of web application security scanners.<br />
<br />
== Presentation ==<br />
<br />
[[File:OWASP_Bricks_Presentation_Slides.pptx|OWASP Bricks Presentation Slides]]<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan| Abhi_M_Balakrishnan]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Mantra - Security Framework]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/owaspbricks<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [http://sechow.com/bricks/download.html Download Bricks]<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
<br />
== In Print ==<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.<br />
<br />
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.<br />
<br />
==Others==<br />
<br />
<br />
= Road Map and Getting Involved =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
<br />
Involvement in the development and promotion of OWASP Bricks is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.<br />
* Write about OWASP Bricks on your web site/ book.<br />
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.<br />
* Make tutorials/videos of Bricks in languages you know of.<br />
* Include it in your training materials, talks, discussions etc.<br />
<br />
<br />
<br />
=News=<br />
[http://news.softpedia.com/news/Security-App-of-the-Week-OWASP-Bricks-375093.shtml OWASP Bricks was the Softpedia Security App of the week]<br />
[http://is-ra.org/c0c0n/2014/ OWASP Bricks was supporting partner of c0c0n 2014] <br />
[https://www.youtube.com/watch?v=pPg8bA7ps3U OWASP Bricks was presented at OWASP/Null combined meet in Delhi November 2014]<br />
[https://www.facebook.com/OwaspBricks/posts/646717422114772 Adwiteeya Agrawal presented OWASP Bricks at Indira Gandhi Delhi Technical University for Women - IGDTU]<br />
[http://dl.packetstormsecurity.net/papers/general/poor_mans_security_lab.pdf The Poor Man's Security Lab guide recommends OWASP Bricks]<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Bricks}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]<br />
<br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=188331OWASP Mantra - Security Framework2015-01-21T11:29:23Z<p>Abhi M Balakrishnan: Null & OWASP Delhi Combined Meeting November 2014</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
[http://is-ra.org/c0c0n/ OWASP Mantra is a supporting partner of c0c0n 2014]<br/><br />
[http://thepowerofapostrophe.blogspot.com/ The Power of Apostrophe blog created as part of [[OWASP_Security_Blitz]]]<br/><br />
[https://www.owasp.org/index.php/Null_%26_OWASP_Delhi_Combined_Meeting_November_2014 LAMP Security CTF 6 walk through using OWASP Mantra by Abhi M Balakrishnan on Null & OWASP Delhi Combined Meeting November 2014]<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[https://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20source.7z&can=1&q= Mirror 1]<br />
|}<br/><br/><br />
<br />
==Old Versions==<br />
Old versions of OWASP Mantra and their source code can be obtained from:<br/><br />
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br/><br />
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]<br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179028OWASP Mantra - Security Framework2014-07-19T05:06:08Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
[http://is-ra.org/c0c0n/ OWASP Mantra is a supporting partner of c0c0n 2014]<br/><br />
[http://thepowerofapostrophe.blogspot.com/ The Power of Apostrophe blog created as part of [[OWASP_Security_Blitz]]]<br/><br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[https://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20source.7z&can=1&q= Mirror 1]<br />
|}<br/><br/><br />
<br />
==Old Versions==<br />
Old versions of OWASP Mantra and their source code can be obtained from:<br/><br />
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br/><br />
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]<br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179027OWASP Mantra - Security Framework2014-07-19T05:05:15Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
[http://thepowerofapostrophe.blogspot.com/ The Power of Apostrophe blog created as part of [[OWASP_Security_Blitz]]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
[http://is-ra.org/c0c0n/ OWASP Mantra is a supporting partner of c0c0n 2014]<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[https://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20source.7z&can=1&q= Mirror 1]<br />
|}<br/><br/><br />
<br />
==Old Versions==<br />
Old versions of OWASP Mantra and their source code can be obtained from:<br/><br />
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br/><br />
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]<br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179026OWASP Mantra - Security Framework2014-07-19T04:10:35Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
[http://is-ra.org/c0c0n/ OWASP Mantra is a supporting partner of c0c0n 2014]<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[https://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20source.7z&can=1&q= Mirror 1]<br />
|}<br/><br/><br />
<br />
==Old Versions==<br />
Old versions of OWASP Mantra and their source code can be obtained from:<br/><br />
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br/><br />
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]<br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179025OWASP Mantra - Security Framework2014-07-19T04:09:31Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
[http://is-ra.org/c0c0n/ OWASP Mantra is a supporting partner of c0c0n 2014]<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[https://getmantra.googlecode.com/files/OWASP%20Mantra%20Janus%20source.7z Mirror 1]<br />
|}<br/><br/><br />
<br />
==Old Versions==<br />
Old versions of OWASP Mantra and their source code can be obtained from:<br/><br />
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br/><br />
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]<br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179024OWASP Mantra - Security Framework2014-07-19T03:29:54Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
[http://is-ra.org/c0c0n/ OWASP Mantra is a supporting partner of c0c0n 2014]<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]<br />
|}<br/><br/><br />
<br />
==Old Versions==<br />
Old versions of OWASP Mantra and their source code can be obtained from:<br/><br />
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br/><br />
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]<br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179023OWASP Mantra - Security Framework2014-07-19T03:27:52Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]<br />
|}<br/><br/><br />
<br />
==Old Versions==<br />
Old versions of OWASP Mantra and their source code can be obtained from:<br/><br />
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br/><br />
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]<br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179022OWASP Mantra - Security Framework2014-07-19T03:27:16Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]<br />
|}<br />
<br />
==Old Versions==<br />
Old versions of OWASP Mantra and their source code can be obtained from:<br />
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br />
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]<br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179021OWASP Mantra - Security Framework2014-07-19T03:23:41Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/><br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br/><br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/><br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/><br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/><br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/><br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/><br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/><br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/><br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/><br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/><br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/><br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/><br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/><br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/><br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/><br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/><br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/><br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/><br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]<br />
|}<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179020OWASP Mantra - Security Framework2014-07-19T03:22:16Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html Article about OWASP Mantra on KitPloit]<br />
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br />
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br />
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br />
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br />
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br />
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br />
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br />
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br />
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br />
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br />
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br />
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br />
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br />
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br />
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br />
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br />
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]<br />
|}<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179019OWASP Mantra - Security Framework2014-07-19T02:53:07Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]<br />
|}<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=179018OWASP Mantra - Security Framework2014-07-19T02:51:49Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
== Ohloh ==<br />
<br />
*https://www.ohloh.net/p/getmantra<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]<br />
|}<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
=News=<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=171589OWASP Mantra - Security Framework2014-04-04T11:47:15Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Downloads=<br />
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/><br />
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''<br />
{|<br />
|''Linux 32 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]<br />
|-<br />
|''Linux 64 bit: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]<br />
|-<br />
|''Windows: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]<br />
|-<br />
|''Macintosh: '' <br />
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]<br />
|-<br />
|''Source: '' <br />
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]<br />
|}<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=171588OWASP Mantra - Security Framework2014-04-04T11:45:49Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=171587OWASP Mantra - Security Framework2014-04-04T11:45:10Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
=Tutorials=<br />
'''Tutorials'''<br />
{|<br />
|''Text Tutorials''<br />
|<br />
|''Video Tutorials''<br />
|-<br />
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br />
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br />
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/><br />
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/><br />
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=171586OWASP Mantra - Security Framework2014-04-04T11:37:44Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br />
<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP Mantra - Security Framework | Project About}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=171585OWASP Mantra - Security Framework2014-04-04T11:35:25Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and <br />
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
[[User:Gokul_C_Gopinath|Gokul C Gopinath]]<br />
[[User:Maximiliano_Soler|Maximiliano Soler]]<br />
[[User:Niraj T Mohite|Niraj Mohite]]<br />
[[User:Rahul Babu R|Rahul Babu R]]<br />
Gopu C Gopinath and <br />
Thomas Mackenzie<br />
<br />
==Others==<br />
* xxx<br />
* xxx<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* xxx<br />
* xxx<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Example_Project_About_Page}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=171584OWASP Mantra - Security Framework2014-04-04T11:33:38Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP Mantra provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[Abhi M BalaKrishnan]]<br />
[[Yashartha Chaturvedi]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* xxx<br />
* xxx<br />
<br />
==Others==<br />
* xxx<br />
* xxx<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* xxx<br />
* xxx<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Example_Project_About_Page}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Mantra_-_Security_Framework&diff=171583OWASP Mantra - Security Framework2014-04-04T11:31:20Z<p>Abhi M Balakrishnan: New Template Migration</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Mantra - Security Framework==<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
==Introduction==<br />
<br />
Free and Open Source Browser based Security Framework<br />
<br />
<br />
==Description==<br />
<br />
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.<br />
<br />
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br />
<br />
<br />
==Licensing==<br />
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Mantra? ==<br />
<br />
OWASP XXX provides:<br />
<br />
* A web application security testing framework built on top of a browser. <br />
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh. <br />
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.<br />
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish<br />
* Comes installed with major security distributions including BackTrack and Matriux<br />
<br />
<br />
== Presentation ==<br />
<br />
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] | <br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]<br />
<br />
<br />
== Project Leader ==<br />
<br />
Abhi M BalaKrishnan<br />
Yashartha Chaturvedi<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Bricks]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* http://www.getmantra.com/owasp-mantra.html<br />
<br />
== Email List ==<br />
<br />
https://lists.owasp.org/mailman/listinfo/owasp-mantra<br />
<br />
== News and Events ==<br />
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/><br />
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/><br />
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/><br />
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/><br />
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/><br />
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/><br />
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/><br />
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/><br />
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/><br />
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_CODE.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:<br />
<br />
* xxx<br />
* xxx<br />
<br />
==Others==<br />
* xxx<br />
* xxx<br />
<br />
= Road Map and Getting Involved =<br />
As of now, the priorities are:<br />
Create an ecosystem for hackers based on browser<br />
To bring the attention of security people to the potential of a browser based security platform<br />
Provide easy to use and portable platform for demonstrating common web based attacks( read training )<br />
To associate with other security tools/products to make a better environment. Eg:<br />
It can be a nice addition to OWASP Live CD<br />
It can be used to solve basic levels of CTF contests<br />
It can associate with projects like DVWA to showcase attacks<br />
It can bring functions like crawler, SQL injection scanner etc by installing extensions.<br />
<br />
Involvement in the development and promotion of OWASP Mantra is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* xxx<br />
* xxx<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Example_Project_About_Page}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]<br />
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=167185OWASP Bricks2014-02-01T08:43:47Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Bricks==<br />
<br />
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.<br />
<br />
==Introduction==<br />
<br />
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
==Description==<br />
<br />
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.<br />
<br />
==Licensing==<br />
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Bricks? ==<br />
<br />
OWASP Bricks provides:<br />
<br />
* A platform for learning web application security.<br />
* A test bed for analyzing the performance of web application security scanners.<br />
<br />
== Presentation ==<br />
<br />
[[File:OWASP_Bricks_Presentation_Slides.pptx|OWASP Bricks Presentation Slides]]<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan| Abhi_M_Balakrishnan]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Mantra - Security Framework]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [http://sechow.com/bricks/download.html Download Bricks]<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
<br />
== In Print ==<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.<br />
<br />
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.<br />
<br />
==Others==<br />
<br />
<br />
= Road Map and Getting Involved =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
<br />
Involvement in the development and promotion of OWASP Bricks is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.<br />
* Write about OWASP Bricks on your web site/ book.<br />
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.<br />
* Make tutorials/videos of Bricks in languages you know of.<br />
* Include it in your training materials, talks, discussions etc.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Bricks}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]<br />
<br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=167184OWASP Bricks2014-02-01T08:39:23Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Bricks==<br />
<br />
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.<br />
<br />
==Introduction==<br />
<br />
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
==Description==<br />
<br />
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.<br />
<br />
==Licensing==<br />
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Bricks? ==<br />
<br />
OWASP Bricks provides:<br />
<br />
* A platform for learning web application security.<br />
* A test bed for analyzing the performance of web application security scanners.<br />
<br />
== Presentation ==<br />
<br />
[[File:OWASP_Bricks_Presentation_Slides.pptx|OWASP Bricks Presentation Slides]]<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan| Abhi_M_Balakrishnan]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Mantra - Security Framework]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [http://sechow.com/bricks/download.html Download Bricks]<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
<br />
== In Print ==<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.<br />
<br />
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.<br />
<br />
==Others==<br />
<br />
<br />
= Road Map and Getting Involved =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
<br />
Involvement in the development and promotion of OWASP Bricks is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.<br />
* Write about OWASP Bricks on your web site/ book.<br />
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.<br />
* Make tutorials/videos of Bricks in languages you know of.<br />
* Include it in your training materials, talks, discussions etc.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Example_Project_About_Page}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=167183OWASP Bricks2014-02-01T08:38:27Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Bricks==<br />
<br />
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.<br />
<br />
==Introduction==<br />
<br />
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
==Description==<br />
<br />
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.<br />
<br />
==Licensing==<br />
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Bricks? ==<br />
<br />
OWASP Bricks provides:<br />
<br />
* A platform for learning web application security.<br />
* A test bed for analyzing the performance of web application security scanners.<br />
<br />
== Presentation ==<br />
<br />
[[File:OWASP_Bricks_Presentation_Slides.pptx]]<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan| Abhi_M_Balakrishnan]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Mantra - Security Framework]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [http://sechow.com/bricks/download.html Download Bricks]<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
<br />
== In Print ==<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.<br />
<br />
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.<br />
<br />
==Others==<br />
<br />
<br />
= Road Map and Getting Involved =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
<br />
Involvement in the development and promotion of OWASP Bricks is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.<br />
* Write about OWASP Bricks on your web site/ book.<br />
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.<br />
* Make tutorials/videos of Bricks in languages you know of.<br />
* Include it in your training materials, talks, discussions etc.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Example_Project_About_Page}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=167182OWASP Bricks2014-02-01T08:37:38Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Bricks==<br />
<br />
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.<br />
<br />
==Introduction==<br />
<br />
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
==Description==<br />
<br />
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.<br />
<br />
==Licensing==<br />
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Bricks? ==<br />
<br />
OWASP Bricks provides:<br />
<br />
* A platform for learning web application security.<br />
* A test bed for analyzing the performance of web application security scanners.<br />
<br />
== Presentation ==<br />
<br />
[[File:OWASP_Bricks_Presentation_Slides.pptx]]<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan Abhi_M_Balakrishnan]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Mantra - Security Framework]]<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [http://sechow.com/bricks/download.html Download Bricks]<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
<br />
== In Print ==<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.<br />
<br />
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.<br />
<br />
==Others==<br />
<br />
<br />
= Road Map and Getting Involved =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
<br />
Involvement in the development and promotion of OWASP Bricks is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.<br />
* Write about OWASP Bricks on your web site/ book.<br />
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.<br />
* Make tutorials/videos of Bricks in languages you know of.<br />
* Include it in your training materials, talks, discussions etc.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Example_Project_About_Page}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=167181OWASP Bricks2014-02-01T08:36:39Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Bricks==<br />
<br />
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.<br />
<br />
==Introduction==<br />
<br />
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
==Description==<br />
<br />
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.<br />
<br />
==Licensing==<br />
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is Bricks? ==<br />
<br />
OWASP Bricks provides:<br />
<br />
* A platform for learning web application security.<br />
* A test bed for analyzing the performance of web application security scanners.<br />
<br />
<br />
== Presentation ==<br />
<br />
[[File:OWASP_Bricks_Presentation_Slides.pptx]]<br />
<br />
<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Mantra - Security Framework]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [http://sechow.com/bricks/download.html Download Bricks]<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
<br />
== In Print ==<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.<br />
<br />
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.<br />
<br />
==Others==<br />
<br />
<br />
= Road Map and Getting Involved =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
<br />
Involvement in the development and promotion of OWASP Bricks is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.<br />
* Write about OWASP Bricks on your web site/ book.<br />
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.<br />
* Make tutorials/videos of Bricks in languages you know of.<br />
* Include it in your training materials, talks, discussions etc.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Example_Project_About_Page}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=167180OWASP Bricks2014-02-01T08:35:55Z<p>Abhi M Balakrishnan: New template</p>
<hr />
<div>=Main=<br />
<br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Bricks==<br />
<br />
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.<br />
<br />
==Introduction==<br />
<br />
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
==Description==<br />
<br />
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.<br />
<br />
<br />
==Licensing==<br />
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== What is OWASP Bricks? ==<br />
<br />
OWASP Bricks provides:<br />
<br />
* A platform for learning web application security.<br />
* A test bed for analyzing the performance of web application security scanners.<br />
<br />
<br />
== Presentation ==<br />
<br />
[[File:OWASP_Bricks_Presentation_Slides.pptx]]<br />
<br />
<br />
<br />
<br />
== Project Leader ==<br />
<br />
[[User:Abhi_M_Balakrishnan]]<br />
<br />
<br />
== Related Projects ==<br />
<br />
* [[OWASP Mantra - Security Framework]]<br />
<br />
<br />
<br />
| valign="top" style="padding-left:25px;width:200px;" | <br />
<br />
== Quick Download ==<br />
<br />
* [http://sechow.com/bricks/download.html Download Bricks]<br />
<br />
<br />
<br />
== News and Events ==<br />
<br />
<br />
<br />
== In Print ==<br />
<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]<br />
|-<br />
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]<br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<br />
; Q1<br />
: A1<br />
<br />
; Q2<br />
: A2<br />
<br />
= Acknowledgements =<br />
==Volunteers==<br />
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.<br />
<br />
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.<br />
<br />
==Others==<br />
<br />
<br />
= Road Map and Getting Involved =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
<br />
Involvement in the development and promotion of OWASP Bricks is actively encouraged!<br />
You do not have to be a security expert in order to contribute.<br />
Some of the ways you can help:<br />
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.<br />
* Write about OWASP Bricks on your web site/ book.<br />
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.<br />
* Make tutorials/videos of Bricks in languages you know of.<br />
* Include it in your training materials, talks, discussions etc.<br />
<br />
<br />
<br />
=Project About=<br />
{{:Projects/OWASP_Example_Project_About_Page}} <br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]]<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=164003OWASP Bricks2013-11-30T02:34:05Z<p>Abhi M Balakrishnan: OWASP Bricks - 2.2 Tuivai</p>
<hr />
<div>[[Image:OWASP Bricks logo.png|400px|OWASP Bricks]]<br> <br> <br />
<div style="font-size:112%;border:none;margin: 0;color:#000;"><br />
* Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br><br><br />
<br />
'''[http://sechow.com/bricks/download.html Download Bricks] | [https://www.youtube.com/OWASPBricks Watch videos] | [http://sechow.com/bricks/docs/ Documentation]<br><br />
= Bricks =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Challenge<br />
! Page<br />
! URL<br />
! Documentations<br />
|-<br />
| 1<br />
| Log in page #1<br />
| bricks/login-1/<br />
| [http://sechow.com/bricks/docs/login-1.html Text], [http://www.youtube.com/watch?v=mCo6ajvBv50 Video]<br />
|-<br />
| 2<br />
| File upload page #1<br />
| bricks/upload-1/<br />
| [http://sechow.com/bricks/docs/file-upload-1.html Text], [http://www.youtube.com/watch?v=N6SAzEkgJ3s Video]<br />
|-<br />
| 3<br />
| Content page #1<br />
| bricks/content-1/<br />
| [http://sechow.com/bricks/docs/content-page-1.html Text], [http://www.youtube.com/watch?v=j5I0wPvQxTg Video]<br />
|-<br />
| 4<br />
| Log in page #2<br />
| bricks/login-2/<br />
| [http://sechow.com/bricks/docs/login-2.html Text], [http://www.youtube.com/watch?v=nZYejElQxhk Video]<br />
|-<br />
| 5<br />
| Content page #2<br />
| bricks/content-2/<br />
| [http://sechow.com/bricks/docs/content-page-2.html Text], [http://www.youtube.com/watch?v=7TkRBREYn6Y Video]<br />
|-<br />
| 6<br />
| File upload page #2<br />
| bricks/upload-2/<br />
| [http://sechow.com/bricks/docs/file-upload-2.html Text], [http://www.youtube.com/watch?v=tsDClYorsXI Video]<br />
|-<br />
| 7<br />
| Log in page #3<br />
| bricks/login-3/<br />
| [http://sechow.com/bricks/docs/login-3.html Text], [http://www.youtube.com/watch?v=Glsl-UR2OmU Video]<br />
|-<br />
| 8<br />
| Content page #3<br />
| bricks/content-3/<br />
| [http://sechow.com/bricks/docs/content-page-3.html Text], [http://www.youtube.com/watch?v=qWpqZbymsl8 Video]<br />
|-<br />
| 9<br />
| Log in page #4<br />
| bricks/login-4/<br />
| [http://sechow.com/bricks/docs/login-4.html Text], [https://www.youtube.com/watch?v=z4JUplVRG1U Video]<br />
|-<br />
| 10<br />
| Content page #4<br />
| bricks/content-4/<br />
| [http://sechow.com/bricks/docs/content-page-4.html Text]<br />
|-<br />
| 11<br />
| File upload page #3<br />
| bricks/upload-3/<br />
| [http://sechow.com/bricks/docs/file-upload-3.html Text]<br />
|-<br />
| 12<br />
| Log in page #5<br />
| bricks/login-5/<br />
| [http://sechow.com/bricks/docs/login-5.html Text]<br />
|-<br />
| 13<br />
| Content page #5<br />
| bricks/content-5/<br />
| [http://sechow.com/bricks/docs/content-page-5.html Text]<br />
|-<br />
| 14<br />
| Login page #6<br />
| bricks/login-6/<br />
| Open for public<br />
|-<br />
| 15<br />
| Content page #6<br />
| bricks/content-6/<br />
| Open for public<br />
|-<br />
|}<br />
= Road map =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
</div><br />
=Project About=<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks&diff=164002Projects/OWASP Bricks2013-11-30T02:32:37Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>{{Template:Project About<br />
| project_name =OWASP Bricks<br />
| project_home_page =OWASP_Bricks<br />
| project_description =Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to 'break the bricks'.<br />
| project_license =Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)<br />
| leader_name1 =Abhi M Balakrishnan<br />
| leader_email1 =abhi.balakrishnan@owasp.org<br />
<br />
| pamphlet_link = https://www.owasp.org/images/c/c9/OWASP_Bricks_Project_Pamphlet.pdf<br />
| presentation_link = https://www.owasp.org/index.php/File:OWASP_Bricks_Presentation_Slides.pptx<br />
<br />
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp_bricks<br />
| project_road_map = https://www.owasp.org/index.php/Projects/OWASP_Bricks/Roadmap<br />
| release_1 = Narmada<br />
| release_2 = Betwa<br />
| release_3 = Feni<br />
| release_4 = Torsa<br />
| release_5 = Punpun<br />
| release_6 = Lachen<br />
| release_7 = Raidak<br />
| release_8 = Phalgu<br />
| release_9 = Atrai<br />
| release_10 = Barak<br />
| release_11 = Dakatua<br />
| release_12 = Mora<br />
}}</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks/Releases/Current&diff=164001Projects/OWASP Bricks/Releases/Current2013-11-30T02:32:08Z<p>Abhi M Balakrishnan: OWASP Bricks - 2.2 Tuivai</p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
<br />
| project_name = OWASP Bricks<br />
<br />
| project_home_page = OWASP Bricks<br />
<br />
| release_name = Tuivai<br />
<br />
| release_date = 30 November 2013<br />
<br />
| release_description = 13th public release<br />
<br />
| release_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]<br />
<br />
| release_download_link = http://sechow.com/bricks/download.html<br />
<br />
| leader_name1 = Abhi M BalaKrishnan <br />
| leader_email1 = abhi@getmantra.com<br />
| leader_username1 = Abhi_M_Balakrishnan<br />
<br />
| release_notes = http://owaspbricks.blogspot.com/2013/11/owasp-bricks-22-tuivai-release.html<br />
}}</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=File:OWASP_Bricks_Tuivai.jpg&diff=164000File:OWASP Bricks Tuivai.jpg2013-11-30T02:31:10Z<p>Abhi M Balakrishnan: OWASP Bricks Tuivai</p>
<hr />
<div>OWASP Bricks Tuivai</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks/Releases/Tuivai&diff=163999Projects/OWASP Bricks/Releases/Tuivai2013-11-30T02:30:46Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
| project_name = OWASP Bricks<br />
| project_home_page = OWASP Bricks<br />
| release_name = Tuivai<br />
| release_date = 30/11/2013<br />
| release_description = <br />
<br />
'''This is the 13th public release.'''<br />
<br />
| release_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]<br />
| release_download_link = http://sechow.com/bricks/download.html<br />
<br />
| leader_name1 = Abhi M Balakrishnan <br />
| leader_email1 = abhi@getmantra.com<br />
| leader_username1 = Abhi_M_Balakrishnan<br />
<br />
| release_notes = http://owaspbricks.blogspot.com/2013/11/owasp-bricks-22-tuivai-release.html<br />
<br />
<br />
}}<br />
<br />
==Screenshot==<br />
[[Image:OWASP Bricks Tuivai.jpg|600px|OWASP Bricks Tuivai]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks/Releases/Tuivai&diff=163998Projects/OWASP Bricks/Releases/Tuivai2013-11-30T02:30:18Z<p>Abhi M Balakrishnan: OWASP Bricks Tuivai</p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
| project_name = OWASP Bricks<br />
| project_home_page = OWASP Bricks<br />
| release_name = Dakatua<br />
| release_date = 30/11/2013<br />
| release_description = <br />
<br />
'''This is the 13th public release.'''<br />
<br />
| release_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]<br />
| release_download_link = http://sechow.com/bricks/download.html<br />
<br />
| leader_name1 = Abhi M Balakrishnan <br />
| leader_email1 = abhi@getmantra.com<br />
| leader_username1 = Abhi_M_Balakrishnan<br />
<br />
| release_notes = http://owaspbricks.blogspot.com/2013/11/owasp-bricks-22-tuivai-release.html<br />
<br />
<br />
}}<br />
<br />
==Screenshot==<br />
[[Image:OWASP Bricks Tuivai.jpg|600px|OWASP Bricks Tuivai]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks&diff=163445Projects/OWASP Bricks2013-11-16T02:47:21Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>{{Template:Project About<br />
| project_name =OWASP Bricks<br />
| project_home_page =OWASP_Bricks<br />
| project_description =Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to 'break the bricks'.<br />
| project_license =Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)<br />
| leader_name1 =Abhi M Balakrishnan<br />
| leader_email1 =abhi.balakrishnan@owasp.org<br />
<br />
| pamphlet_link = https://www.owasp.org/images/c/c9/OWASP_Bricks_Project_Pamphlet.pdf<br />
| presentation_link = https://www.owasp.org/index.php/File:OWASP_Bricks_Presentation_Slides.pptx<br />
<br />
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp_bricks<br />
| project_road_map = https://www.owasp.org/index.php/Projects/OWASP_Bricks/Roadmap<br />
| release_1 = Narmada<br />
| release_2 = Betwa<br />
| release_3 = Feni<br />
| release_4 = Torsa<br />
| release_5 = Punpun<br />
| release_6 = Lachen<br />
| release_7 = Raidak<br />
| release_8 = Phalgu<br />
| release_9 = Atrai<br />
| release_10 = Barak<br />
| release_11 = Dakatua<br />
}}</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=File:OWASP_Bricks_Mora.jpg&diff=163444File:OWASP Bricks Mora.jpg2013-11-16T02:46:06Z<p>Abhi M Balakrishnan: </p>
<hr />
<div></div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks/Releases/Mora&diff=163443Projects/OWASP Bricks/Releases/Mora2013-11-16T02:45:29Z<p>Abhi M Balakrishnan: Created page with "{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude> | project_name = OWASP Bricks | project_home_page = OWASP Bricks | release_name = Mora | rel..."</p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
| project_name = OWASP Bricks<br />
| project_home_page = OWASP Bricks<br />
| release_name = Mora<br />
| release_date = 16/11/2013<br />
| release_description = <br />
<br />
'''This is the 12th public release.'''<br />
<br />
| release_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]<br />
| release_download_link = http://sechow.com/bricks/download.html<br />
<br />
| leader_name1 = Abhi M Balakrishnan <br />
| leader_email1 = abhi@getmantra.com<br />
| leader_username1 = Abhi_M_Balakrishnan<br />
<br />
| release_notes = http://owaspbricks.blogspot.com/2013/11/owasp-bricks-21-mora-release.html<br />
<br />
<br />
}}<br />
<br />
==Screenshot==<br />
[[Image:OWASP Bricks Mora.jpg|600px|OWASP Bricks Mora]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks/Releases/Current&diff=163442Projects/OWASP Bricks/Releases/Current2013-11-16T02:43:43Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
<br />
| project_name = OWASP Bricks<br />
<br />
| project_home_page = OWASP Bricks<br />
<br />
| release_name = Mora<br />
<br />
| release_date = 16 November 2013<br />
<br />
| release_description = 12th public release<br />
<br />
| release_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]<br />
<br />
| release_download_link = http://sechow.com/bricks/download.html<br />
<br />
| leader_name1 = Abhi M BalaKrishnan <br />
| leader_email1 = abhi@getmantra.com<br />
| leader_username1 = Abhi_M_Balakrishnan<br />
<br />
| release_notes = http://owaspbricks.blogspot.com/2013/11/owasp-bricks-21-mora-release.html<br />
}}</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=163440OWASP Bricks2013-11-16T02:36:13Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>[[Image:OWASP Bricks logo.png|400px|OWASP Bricks]]<br> <br> <br />
<div style="font-size:112%;border:none;margin: 0;color:#000;"><br />
* Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br><br><br />
<br />
'''[http://sechow.com/bricks/download.html Download Bricks] | [https://www.youtube.com/OWASPBricks Watch videos] | [http://sechow.com/bricks/docs/ Documentation]<br><br />
= Bricks =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Challenge<br />
! Page<br />
! URL<br />
! Documentations<br />
|-<br />
| 1<br />
| Log in page #1<br />
| bricks/login-1/<br />
| [http://sechow.com/bricks/docs/login-1.html Text], [http://www.youtube.com/watch?v=mCo6ajvBv50 Video]<br />
|-<br />
| 2<br />
| File upload page #1<br />
| bricks/upload-1/<br />
| [http://sechow.com/bricks/docs/file-upload-1.html Text], [http://www.youtube.com/watch?v=N6SAzEkgJ3s Video]<br />
|-<br />
| 3<br />
| Content page #1<br />
| bricks/content-1/<br />
| [http://sechow.com/bricks/docs/content-page-1.html Text], [http://www.youtube.com/watch?v=j5I0wPvQxTg Video]<br />
|-<br />
| 4<br />
| Log in page #2<br />
| bricks/login-2/<br />
| [http://sechow.com/bricks/docs/login-2.html Text], [http://www.youtube.com/watch?v=nZYejElQxhk Video]<br />
|-<br />
| 5<br />
| Content page #2<br />
| bricks/content-2/<br />
| [http://sechow.com/bricks/docs/content-page-2.html Text], [http://www.youtube.com/watch?v=7TkRBREYn6Y Video]<br />
|-<br />
| 6<br />
| File upload page #2<br />
| bricks/upload-2/<br />
| [http://sechow.com/bricks/docs/file-upload-2.html Text], [http://www.youtube.com/watch?v=tsDClYorsXI Video]<br />
|-<br />
| 7<br />
| Log in page #3<br />
| bricks/login-3/<br />
| [http://sechow.com/bricks/docs/login-3.html Text], [http://www.youtube.com/watch?v=Glsl-UR2OmU Video]<br />
|-<br />
| 8<br />
| Content page #3<br />
| bricks/content-3/<br />
| [http://sechow.com/bricks/docs/content-page-3.html Text], [http://www.youtube.com/watch?v=qWpqZbymsl8 Video]<br />
|-<br />
| 9<br />
| Log in page #4<br />
| bricks/login-4/<br />
| [http://sechow.com/bricks/docs/login-4.html Text], [https://www.youtube.com/watch?v=z4JUplVRG1U Video]<br />
|-<br />
| 10<br />
| Content page #4<br />
| bricks/content-4/<br />
| [http://sechow.com/bricks/docs/content-page-4.html Text]<br />
|-<br />
| 11<br />
| File upload page #3<br />
| bricks/upload-3/<br />
| [http://sechow.com/bricks/docs/file-upload-3.html Text]<br />
|-<br />
| 12<br />
| Log in page #5<br />
| bricks/login-5/<br />
| [http://sechow.com/bricks/docs/login-5.html Text]<br />
|-<br />
| 13<br />
| Content page #5<br />
| bricks/content-5/<br />
| [http://sechow.com/bricks/docs/content-page-5.html Text]<br />
|-<br />
| 14<br />
| Login page #6<br />
| bricks/login-6/<br />
| Open for public<br />
|-<br />
|}<br />
= Road map =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
</div><br />
=Project About=<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=161672OWASP Bricks2013-10-26T06:24:37Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>[[Image:OWASP Bricks logo.png|400px|OWASP Bricks]]<br> <br> <br />
<div style="font-size:112%;border:none;margin: 0;color:#000;"><br />
* Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br><br><br />
<br />
'''[http://sechow.com/bricks/download.html Download Bricks] | [https://www.youtube.com/OWASPBricks Watch videos] | [http://sechow.com/bricks/docs/ Documentation]<br><br />
= Bricks =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Challenge<br />
! Page<br />
! URL<br />
! Documentations<br />
|-<br />
| 1<br />
| Log in page #1<br />
| bricks/login-1/<br />
| [http://sechow.com/bricks/docs/login-1.html Text], [http://www.youtube.com/watch?v=mCo6ajvBv50 Video]<br />
|-<br />
| 2<br />
| File upload page #1<br />
| bricks/upload-1/<br />
| [http://sechow.com/bricks/docs/file-upload-1.html Text], [http://www.youtube.com/watch?v=N6SAzEkgJ3s Video]<br />
|-<br />
| 3<br />
| Content page #1<br />
| bricks/content-1/<br />
| [http://sechow.com/bricks/docs/content-page-1.html Text], [http://www.youtube.com/watch?v=j5I0wPvQxTg Video]<br />
|-<br />
| 4<br />
| Log in page #2<br />
| bricks/login-2/<br />
| [http://sechow.com/bricks/docs/login-2.html Text], [http://www.youtube.com/watch?v=nZYejElQxhk Video]<br />
|-<br />
| 5<br />
| Content page #2<br />
| bricks/content-2/<br />
| [http://sechow.com/bricks/docs/content-page-2.html Text], [http://www.youtube.com/watch?v=7TkRBREYn6Y Video]<br />
|-<br />
| 6<br />
| File upload page #2<br />
| bricks/upload-2/<br />
| [http://sechow.com/bricks/docs/file-upload-2.html Text], [http://www.youtube.com/watch?v=tsDClYorsXI Video]<br />
|-<br />
| 7<br />
| Log in page #3<br />
| bricks/login-3/<br />
| [http://sechow.com/bricks/docs/login-3.html Text], [http://www.youtube.com/watch?v=Glsl-UR2OmU Video]<br />
|-<br />
| 8<br />
| Content page #3<br />
| bricks/content-3/<br />
| [http://sechow.com/bricks/docs/content-page-3.html Text], [http://www.youtube.com/watch?v=qWpqZbymsl8 Video]<br />
|-<br />
| 9<br />
| Log in page #4<br />
| bricks/login-4/<br />
| [http://sechow.com/bricks/docs/login-4.html Text], [https://www.youtube.com/watch?v=z4JUplVRG1U Video]<br />
|-<br />
| 10<br />
| Content page #4<br />
| bricks/content-4/<br />
| [http://sechow.com/bricks/docs/content-page-4.html Text]<br />
|-<br />
| 11<br />
| File upload page #3<br />
| bricks/upload-3/<br />
| Open for public<br />
|-<br />
| 12<br />
| Log in page #5<br />
| bricks/login-5/<br />
| Open for public<br />
|-<br />
| 13<br />
| Content page #5<br />
| bricks/content-5/<br />
| Open for public<br />
|-<br />
|}<br />
= Road map =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
</div><br />
=Project About=<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks&diff=161671Projects/OWASP Bricks2013-10-26T06:23:54Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>{{Template:Project About<br />
| project_name =OWASP Bricks<br />
| project_home_page =OWASP_Bricks<br />
| project_description =Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to 'break the bricks'.<br />
| project_license =Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)<br />
| leader_name1 =Abhi M Balakrishnan<br />
| leader_email1 =abhi.balakrishnan@owasp.org<br />
<br />
| pamphlet_link = https://www.owasp.org/images/c/c9/OWASP_Bricks_Project_Pamphlet.pdf<br />
| presentation_link = https://www.owasp.org/index.php/File:OWASP_Bricks_Presentation_Slides.pptx<br />
<br />
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp_bricks<br />
| project_road_map = https://www.owasp.org/index.php/Projects/OWASP_Bricks/Roadmap<br />
| release_1 = Narmada<br />
| release_2 = Betwa<br />
| release_3 = Feni<br />
| release_4 = Torsa<br />
| release_5 = Punpun<br />
| release_6 = Lachen<br />
| release_7 = Raidak<br />
| release_8 = Phalgu<br />
| release_9 = Atrai<br />
| release_10 = Barak<br />
}}</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=File:OWASP_Bricks_Dakatua.jpg&diff=161670File:OWASP Bricks Dakatua.jpg2013-10-26T06:21:31Z<p>Abhi M Balakrishnan: Dakatua</p>
<hr />
<div>Dakatua</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks/Releases/Dakatua&diff=161669Projects/OWASP Bricks/Releases/Dakatua2013-10-26T06:20:59Z<p>Abhi M Balakrishnan: Dakatua</p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
| project_name = OWASP Bricks<br />
| project_home_page = OWASP Bricks<br />
| release_name = Dakatua<br />
| release_date = 26/10/2013<br />
| release_description = <br />
<br />
'''This is the 11th public release.'''<br />
<br />
| release_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]<br />
| release_download_link = http://sechow.com/bricks/download.html<br />
<br />
| leader_name1 = Abhi M Balakrishnan <br />
| leader_email1 = abhi@getmantra.com<br />
| leader_username1 = Abhi_M_Balakrishnan<br />
<br />
| release_notes = http://owaspbricks.blogspot.com/2013/10/owasp-bricks-20-dakatua-release.html<br />
<br />
<br />
}}<br />
<br />
==Screenshot==<br />
[[Image:OWASP Bricks Dakatua.jpg|600px|OWASP Bricks Dakatua]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks/Releases/Current&diff=161668Projects/OWASP Bricks/Releases/Current2013-10-26T06:19:50Z<p>Abhi M Balakrishnan: Dakatua</p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
<br />
| project_name = OWASP Bricks<br />
<br />
| project_home_page = OWASP Bricks<br />
<br />
| release_name = Dakatua<br />
<br />
| release_date = 26 Octber 2013<br />
<br />
| release_description = 11th public release<br />
<br />
| release_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]<br />
<br />
| release_download_link = http://sechow.com/bricks/download.html<br />
<br />
| leader_name1 = Abhi M BalaKrishnan <br />
| leader_email1 = abhi@getmantra.com<br />
| leader_username1 = Abhi_M_Balakrishnan<br />
<br />
| release_notes = http://owaspbricks.blogspot.com/2013/10/owasp-bricks-20-dakatua-release.html<br />
}}</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=OWASP_Bricks&diff=161662OWASP Bricks2013-10-26T03:03:38Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>[[Image:OWASP Bricks logo.png|400px|OWASP Bricks]]<br> <br> <br />
<div style="font-size:112%;border:none;margin: 0;color:#000;"><br />
* Bricks is a deliberately vulnerable web application built on PHP and MySQL. <br />
* The project focuses on variations of commonly seen application security vulnerabilities and exploits. <br />
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). <br />
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br><br><br />
<br />
'''[http://sechow.com/bricks/download.html Download Bricks] | [https://www.youtube.com/OWASPBricks Watch videos] | [http://sechow.com/bricks/docs/ Documentation]<br><br />
= Bricks =<br />
<br />
{| class="wikitable"<br />
|-<br />
! Challenge<br />
! Page<br />
! URL<br />
! Documentations<br />
|-<br />
| 1<br />
| Log in page #1<br />
| bricks/login-1/<br />
| [http://sechow.com/bricks/docs/login-1.html Text], [http://www.youtube.com/watch?v=mCo6ajvBv50 Video]<br />
|-<br />
| 2<br />
| File upload page #1<br />
| bricks/upload-1/<br />
| [http://sechow.com/bricks/docs/file-upload-1.html Text], [http://www.youtube.com/watch?v=N6SAzEkgJ3s Video]<br />
|-<br />
| 3<br />
| Content page #1<br />
| bricks/content-1/<br />
| [http://sechow.com/bricks/docs/content-page-1.html Text], [http://www.youtube.com/watch?v=j5I0wPvQxTg Video]<br />
|-<br />
| 4<br />
| Log in page #2<br />
| bricks/login-2/<br />
| [http://sechow.com/bricks/docs/login-2.html Text], [http://www.youtube.com/watch?v=nZYejElQxhk Video]<br />
|-<br />
| 5<br />
| Content page #2<br />
| bricks/content-2/<br />
| [http://sechow.com/bricks/docs/content-page-2.html Text], [http://www.youtube.com/watch?v=7TkRBREYn6Y Video]<br />
|-<br />
| 6<br />
| File upload page #2<br />
| bricks/upload-2/<br />
| [http://sechow.com/bricks/docs/file-upload-2.html Text], [http://www.youtube.com/watch?v=tsDClYorsXI Video]<br />
|-<br />
| 7<br />
| Log in page #3<br />
| bricks/login-3/<br />
| [http://sechow.com/bricks/docs/login-3.html Text], [http://www.youtube.com/watch?v=Glsl-UR2OmU Video]<br />
|-<br />
| 8<br />
| Content page #3<br />
| bricks/content-3/<br />
| [http://sechow.com/bricks/docs/content-page-3.html Text], [http://www.youtube.com/watch?v=qWpqZbymsl8 Video]<br />
|-<br />
| 9<br />
| Log in page #4<br />
| bricks/login-4/<br />
| [http://sechow.com/bricks/docs/login-4.html Text], [https://www.youtube.com/watch?v=z4JUplVRG1U Video]<br />
|-<br />
| 10<br />
| Content page #4<br />
| bricks/content-4/<br />
| [http://sechow.com/bricks/docs/content-page-4.html Text]<br />
|-<br />
| 11<br />
| File upload page #3<br />
| bricks/upload-3/<br />
| Open for public<br />
|-<br />
| 12<br />
| Log in page #5<br />
| bricks/login-5/<br />
| Open for public<br />
|-<br />
|}<br />
= Road map =<br />
# Demonstrate maximum variations of most common vulnerabilities<br />
# Help people to learn the need of secure codding practices and SSDLC<br />
# Attract people to design more bricks<br />
# Become a test bed for analyzing the performance of web application security scanners.<br />
# Help people learn the manual method of testing the applications<br />
# Demonstrate the possibilities of various security tools and techniques<br />
# Become a platform to teach web application security in a class room/lab environment.<br />
</div><br />
=Project About=<br />
{{:Projects/OWASP_Bricks}} <br />
[[Category:OWASP Project|Bricks]]<br />
[[Category:OWASP Download|Bricks]]<br />
[[Category:OWASP Tool|Bricks]]<br />
[[Category:OWASP Alpha Quality Tool|Bricks]]</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks&diff=159785Projects/OWASP Bricks2013-10-05T06:56:07Z<p>Abhi M Balakrishnan: </p>
<hr />
<div>{{Template:Project About<br />
| project_name =OWASP Bricks<br />
| project_home_page =OWASP_Bricks<br />
| project_description =Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to 'break the bricks'.<br />
| project_license =Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)<br />
| leader_name1 =Abhi M Balakrishnan<br />
| leader_email1 =abhi.balakrishnan@owasp.org<br />
<br />
| pamphlet_link = https://www.owasp.org/images/c/c9/OWASP_Bricks_Project_Pamphlet.pdf<br />
| presentation_link = https://www.owasp.org/index.php/File:OWASP_Bricks_Presentation_Slides.pptx<br />
<br />
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp_bricks<br />
| project_road_map = https://www.owasp.org/index.php/Projects/OWASP_Bricks/Roadmap<br />
| release_1 = Narmada<br />
| release_2 = Betwa<br />
| release_3 = Feni<br />
| release_4 = Torsa<br />
| release_5 = Punpun<br />
| release_6 = Lachen<br />
| release_7 = Raidak<br />
| release_8 = Phalgu<br />
| release_9 = Atrai<br />
}}</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=File:OWASP_Bricks_Barak.jpg&diff=159784File:OWASP Bricks Barak.jpg2013-10-05T06:54:01Z<p>Abhi M Balakrishnan: http://owaspbricks.blogspot.in/2013/10/owasp-bricks-19-barak-release.html</p>
<hr />
<div>http://owaspbricks.blogspot.in/2013/10/owasp-bricks-19-barak-release.html</div>Abhi M Balakrishnanhttps://wiki.owasp.org/index.php?title=Projects/OWASP_Bricks/Releases/Barak&diff=159783Projects/OWASP Bricks/Releases/Barak2013-10-05T06:51:42Z<p>Abhi M Balakrishnan: Barak</p>
<hr />
<div>{{Template: <includeonly>{{{1}}}</includeonly><noinclude>Release About</noinclude><br />
| project_name = OWASP Bricks<br />
| project_home_page = OWASP Bricks<br />
| release_name = Barak<br />
| release_date = 05/10/2013<br />
| release_description = <br />
<br />
'''This is the tenth public release.'''<br />
<br />
| release_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0]<br />
| release_download_link = http://sechow.com/bricks/download.html<br />
<br />
| leader_name1 = Abhi M Balakrishnan <br />
| leader_email1 = abhi@getmantra.com<br />
| leader_username1 = Abhi_M_Balakrishnan<br />
<br />
| release_notes = http://owaspbricks.blogspot.in/2013/10/owasp-bricks-19-barak-release.html<br />
<br />
<br />
}}<br />
<br />
==Screenshot==<br />
[[Image:OWASP Bricks Barak.jpg|600px|OWASP Bricks Barak]]</div>Abhi M Balakrishnan