[Hardanger] Web Application Penetration Testing Platform
The project deliverable is a Fiddler2 (http://www.fiddler2.com)
add-on dll written in C# that is easily installed using a .msi
installer and a standalone application is also be available for users
that do not want the integrated Fiddler2 experience. Hardanger has been
architected so it can be easily expanded to add other functionality. The
first version only includes a simple HTTP(S) GET and POST parameter
fuzzer but will has built a foundation where it is trivial to plug in
additional fuzzers and detection engines as well as other features. Once
server fuzzing is perfected and state of the art, this project will
continue to add new features such as a web browser fuzzer, brute force
tool, manual tampering, crawler, passive vulnerability detection, recon
tools, etc.
Current Features
- Native Windows feel via Windows Presentation Foundation
- Can run as a Fiddler2 add-on or standalone
- ClickOnce installer with automatic updates (standalone version)
- Context tab allowing inspection of full HTTP requests
- Server fuzzer tab to configure and launch the server fuzzer
- Basic random fuzzer generates random strings of UTF8 characters of random lengths
- Non HTTP 200 detection engine
- Results window keeping track of successful detections
- Ability to review requests/responses in the results details window
[Hardanger] Web Application Penetration Testing Platform
Reviewed by Zion3R
on
12:03 AM
Rating: