[prev in list] [next in list] [prev in thread] [next in thread]
List: spike
Subject: Re: [Spike] Definitive How-To for Spike
From: fr0stman <fr0stman () sun-tzu-security ! net>
Date: 2002-11-07 17:38:17
[Download RAW message or body]
I've written a SpikeUsage text doc to get you started with the basics. Dave
you may have more you want to add to this.
On Thursday 07 November 2002 12:15, Jeremy Junginger wrote:
> Hey guys, could you point me to a comprehensive how-to document for
> spike? I am interested in using it but am unfamiliar with its
> capabilities and methods. Thanks,
>
> -Jeremy
>
> _______________________________________________
> Spike mailing list
> Spike@immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/spike
--
fr0stman
["SpikeUsage.txt" (text/plain)]
Spike Proxy Win32 Usage Guide:
Unzip the full package into C:\ this should create a folder called "spikeproxy". If you want to
unzip it to another drive other than C:\ you will have to edit the runme.bat files within the
package.
Start SpikeProxy by executing the runme.bat file in C:\spikeproxy\.
Check that the directory C:\SPIKEProxy\spkproxy\spikeProxyUI\ is empty. There's a cleanup.bat
for this but I prefer a manual check.
Now setup your browser to use this as a proxy. (host: 127.0.0.1 port 8080 for HTTP/HTTPS)
Now browse through your site you want to test putting things like asdf asdf into User/Password fields
and submitting them.
Once you have browsed the complete site or files you want to test point your browser to
http://spike
This is the user interface where you can perform all the actions.
Everything else is straight forward. If you have any questions feel free to e-mail me.
fr0stman@sun-tzu-security.net
Here's a breakdown of the functions:
argscan: Scan arguments passed to scripts for injection vulns.
dirscan: Scan for common directories and files such as /admin or global.asa
overflow: Insert large strings into variables and headers looking for vulns.
vulnxml: try whisker/nikto based type attacks against the server.
_______________________________________________
Spike mailing list
Spike@immunitysec.com
http://www.immunitysec.com/mailman/listinfo/spike
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic