Projects
I have been using other's tools since I started using computers so this is the place for me and friends to redeem that non-rewarded usage and publish our own tools so that the whole world can use them!
Contents
No more and 1=1
When doing WebApp testing I'm so sure you have had to retype million times the same old commands to test SQL I, XSS and all that stuff. Sometimes, you even have to recollect what were the characters involved in header injection for example and you might have to do a search for it. In order to minimize the time required to type malicious syntax and have a handy repository of it M and me created this small tool that we hence call No more and 1=1.
The tool comes in two flavours (so far) the stand alone version (a java app) and the Webscarab Proxy attached version, we may bundle the tool with more proxies in the near future. The tool is simple, its great value comes in the definitions file which is totally customizable.
Standalone Version
Downloads
Donwload it here Standalone_NoMore_AND_1=1_v04.zip
Latest definitions File (31 Jan 2010) definitions.zip
Requirements
- A Java Runtime Machine is required
- Put the definitons.csv file (included in the zip file) in the same directory where this program is being run.
- Please do edit that file according to your needs but Respect the file syntax in definitions.csv:
Scope,category,injection
- No commas are allowed in the scope and category names or parsing of definitions file will fail.)
- Please respect the definitions order (sequential scope and category) or the menu will be over-populated.
Usage
You should use the jar file: java -jar NoMore_AND_1=1.jar or just double clic on it
- Navigate through the menus to select your injection
- Clic on your desired injection and it will copied to your systems clipboard
Paste it wherever (<ctrl>+v)
- Have fun apptesting and never care again of retyping the same commands over and over again
Source Code
Source code here. NoMore.java
Tested in
- Debian (KDE, DWM)
- WinXP
Webscarab Version
Downloads
Donwload it here Webscarab_NoMore_v0.3.zip
Requirements
- A Java Runtime Machine is required
- Put the definitons.csv file (included in the zip file) in the same directory where this program is being run.
- Please do edit that file according to your needs but Respect the file syntax in definitions.csv:
Scope,category,injection
- No commas are allowed in the scope and category names or parsing of definitions file will fail.)
- Please respect the definitions order (sequential scope and category) or the menu will be over-populated.
Usage
- You should use the jar file: java -jar webscarab.jar or just double clic on it
- When in an injection pane right click and a contextual menu with No more menu will appear. See screenshots section.
- Clic on your desired injection and it will copied to your systems clipboard
Paste it wherever (<ctrl>+v)
- Have fun apptesting and never care again of retyping the same commands over and over again
Source Code
Source code here. webscarab_NoMore_src_v0.3.zip
- The whole changes made are included in: /src/org/owasp/webscarab/util/swing/TextComponentContextMenu.java
Tested in
- Debian (KDE, DWM)
- WinXP
Some screenshots
Credits
- To all of you guys that have gathered the nice attacking commands we have included in the definitions file.
To Rowan Daves the developper of Webscarab (a must in wepapp testing) http://dawes.za.net/rogan/webscarab/
- Last but not least many shouts to our crew from labdsec.net!