This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Interceptor Project"
Line 1: | Line 1: | ||
− | [[Image:OWASP Inactive Banner.jpg| | + | {| |
+ | |- | ||
+ | ! width="700" align="center" | <br> | ||
+ | ! width="500" align="center" | <br> | ||
+ | |- | ||
+ | | align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/Category:OWASP_Project]] | ||
+ | | align="right" | | ||
+ | |||
+ | |} | ||
{{Template:Inactive Projects}} | {{Template:Inactive Projects}} | ||
<br> | <br> |
Revision as of 18:26, 23 January 2014
|
|
---|---|
This Project has been discontinued and therefore marked by the OWASP Global Projects Committee as an Inactive one. |
Click here to return to OWASP Projects page.
Click here to see (& edit, if wanted) the template.
PROJECT IDENTIFICATION | ||||||
---|---|---|---|---|---|---|
Project Name | OWASP Interceptor Project | |||||
Short Project Description | The Interceptor tool is designed to easily assist security testers in performing attacks against XML Web Services and AJAX interfaces. The utility allows testers to capture a sample XML request and then replay/fuzz requests against the Web Service.
A tester can also preload an automated attack database for each request into the tool, and Interceptor will fuzz and replay each attack against the service and provide results. | |||||
Email Contacts | Project Leader Justin Derry |
Project Contributors (if applicable) Name&Email |
Mailing List/Subscribe Mailing List/Use |
First Reviewer Nathan Green Profile |
Second Reviewer Esteban Ribičić Curriculum |
OWASP Board Member (if applicable) Name&Email |
PROJECT MAIN LINKS | |||||
---|---|---|---|---|---|
|
SPONSORS & GUIDELINES | |||||
---|---|---|---|---|---|
Sponsor - OWASP Summer of Code 2008 | Sponsored Project/Guidelines/Roadmap |
ASSESSMENT AND REVIEW PROCESS | ||||
---|---|---|---|---|
Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) |
First Reviewer (applicable for Alpha Quality & further) |
Second Reviewer (applicable for Beta Quality & further) |
OWASP Board Member (applicable just for Release Quality) |
50% Review | Objectives & Deliveries reached? Yes (35-50%) --------- See&Edit:50% Review/Self-Evaluation (A) |
Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review/1st Reviewer (C) |
Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50%Review/2nd Reviewer (E) |
X |
Final Review | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/SelfEvaluation (B) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/2nd Reviewer (F) |
Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See/Edit: Final Review/Board Member (G) |
Overview
Welcome to the OWASP Interceptor Project for XML Processing. The Interceptor tool is designed to easily assist security testers in performing attacks against XML Web Services and AJAX interfaces. The utility allows testers to capture a sample XML request and then replay/fuzz requests against the Web Service.
A tester can also preload an automated attack database for each request into the tool, and Interceptor will fuzz and replay each attack against the service and provide results.
The Welcome Screen (And Interface) of the Interceptor Project.
Goals
The Goal of this project was to develop a simple, quick and easy to use tool that could capture and save XML requests and then allow testers to easily replay the request with fuzzed data. Thus allowing the quick testing of the XML Web Service interfaces without the need to use TCP request processors or additional proxies to manipulate and replay handcrafted attack data.
- Please help with this project. We would like to be able to create a "GENERIC" XML attack list of common types of XML attacks that can be configured as a pre-loaded attack database in Interceptor. Contact the Project Team with any ideas.
Download
Interceptor 0.9 BETA is currently available for download from [1] Finally i have moved house, and got the new server up and running. Apologies to all those whom wish to download. You can now download and we will be preparing new versions shortly. Interceptor ZIP includes all the binaries and associated Libraries to run on Windows. The utility requires the system to have an installed version of the Microsoft .NET Framework 2.0 installed.
Features
Web Interceptor Functionality (Release 0.9 BETA)
· Capture XML Traffic (via PROXY Configuration)
· Capture XML Traffic (Interception) – In ALPHA Code in release.
· Save, Edit and Replay XML Requests to Web Services
· Configure HTTP Headers (Injection & Manipulation)
· Replay Attacks for Captured XML Data
· Create customized XML Attack Signatures and automate XML replay attacks
· BASE 64 Encoding/Decoding
· SHA Hash Generator
· MD5 Hash Generator
· Many more features to come…
Future Development
OK, After a while of not much developer, interceptor is back into full swing. Thanks to some new team members with b-sec, we are now developing a release which can be treated as 1.0 and will run on all the latest versions of windows etc (including VISTA). If you have anything you want us to add or change let us know.
News
June-July 2007, Work on Version 1.0 is happening and the next release will come up within a month. This will fix the VISTA problems etc.
22nd November 2006 - Interceptor 0.9 BETA Released on OWASP Web Site.
Project Contributors
This project is currently supported and run by Justin Derry of Fortify Software. Email: jderry AT fortify.com
This category currently contains no pages or media.