Difference between revisions of "OWASP/Training/OWASP Webslayer Project"

The tools have a payload generator and a easy and powerful results analyzer.

Some features are:

• Encodings: 15 encodings supported
• All parameters attack: the tool will inject the payload in every parameter (Headers, Get, Post)
• Authentication: Webslayer supports Ntml and Basic authentication, also you can brute force the authentication
• Multiple payloads: you can use 2 paylods in different parts
• Proxy support (authentication supported)
• Live filters: You can change the filters as the attack is taking place
• Multiple threads: You can set how many threads to use in the attack
• Session import/export: Allows you to save the session and to continue working with the results
• Integrated web browser: a full fledge webkit browser is included to analyze the results
• Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, www.open-labs.org)
• Payload Generator (custom payload generator)

• Interface overview
• Basic Payloads overview
• Basic directory discovery setup
• Advance directory and file discovery
• Login form brute force attack
• Basic authentication attack
• Custom payload generation
• Advanced uses

The latest version of Webslayer can be downloaded from google code subversion here.

• Video of the session presented at IBWAS'10 Training Day, 16th Dec 2010
• Webslayer Training, IBWAS2010