What tools do you use to test applications?
There are various tools that are used for different purposes.
For capturing the traffic, Ethereal is used. Ethereal is a tool for network protocol analyzer. It captures the packets on the network. It is available for download at Ethereal.
Web server scanners are used for scanning web servers for vulnerabilities.
Examples of such tools are:
- Nikto - is an Open Source web server scanner which performs comprehensive tests against web servers for multiple vulnerabilities.
- Nessus - It can be used as a remote vulnerability scanner and also for fingerprinting the OS.
For manipulating any information like form fields, hidden variables and cookies, attackers use tools known as HTTP proxy tools. The browser's proxy settings are configured to go through the HTTP proxy. The proxy tool can see all information flowing between the client and the server; it even allows the attacker to modify any part of the request/response before sending it. Examples of such tools are:
For viewing the contents of the memory, Winhex is used.