16
Introduction to Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner
The HTTP
Sniffer
allows you to capture,
examine
and modify
HTTP
communications between an HTTP client and a web server. This tool is used
to:
Analyze
how Session IDs are stored –
Session IDs are used by the
application to uniquely identify a client browser. It is important that
the
session ID is unpredictable and the application utilizes a strong method
of generating random ID’s.
Analyze how inputs are sent back to the server.
Alter any HTTP
request being sent back to the server before it does
actually get sent.
Navigate through
parts of the website which cannot be crawled
automatically because, for example, of certain JavaScript code.
To use this tool, all http requests must pass through WVS thus the software
must be set as the proxy server for your browser.
HTTP Fuzzer
Screenshot 6 - The HTTP Fuzzer
The HTTP
Fuzzer
tool allows sophisticated testing for buffer overflows and
input
validation. With this tool you can easily create input rules for Acunetix
WVS to test.
A simple example would be the following URL:
Using the HTTP
Fuzzer
you can
create a rule which would automatically
replace the last part of the URL - ‘1’ -
with numbers between 1 – 999. Only
valid results will be reported. This degree of automation allows you to quickly
test the results of a 1000 queries while significantly reducing the amount of
manual input.
 |
 |
 |