This page is about understanding what Sleuth is, and what it can do for you.
Sleuth was developed from my own personal need for a web application
analysis tool. It represents the exact functionality I found necessary in
the trenches of a security audit.
Sleuth puts a nice twist on efficiency of design and visual tools keeping
a complete toolbox of testing aids at the intuitive auditors fingertips.
What is Sleuth? What can it do?
Sleuth is a manual research and exploration tool for web applications. It is not just
one application, it is a complete toolbox of applications that come together to let
you do some unique things.
Why has the design focused around manual tools?
Most auditing software has focused around automation and predefined
scan patterns. They will typically have a large database of exploits
or variables to try to inject to web scripts, and a long list of
insecure files, default configurations etc to try to brute force
away in their scan.
Sleuth breaks from this concept and focuses only on trying to give
auditors the tools they need to manually disassemble the web application
by hand and to efficiently test it in any manner they can conceive.
The reason I have made it with this focus, is that Web Applications can
create and manipulate forms, FLASH and PDFs can also display and submit forms.
Automated tools have to be created smart enough to do almost impossibly complex
to really be able to be sure they are testing every aspect of the web application.
of a form in the lower frame to submit to an alternative Search script?
I have not personally tested any of the commercial automated tools, but I would
be quite impressed if they were able to pick up such an interaction and know of the
existence of the alternative search script.
Another reason Sleuth exists is for research for creating new automation
utilities and scripts. To test and debug theories, you need dynamic manual tools
to test your ideas, catalog server interactions and explore what is going on in
its most bare bones components.
Sleuth has been designed to take you right down to the foundation levels that
web applications work at and strives to bring a new level of efficiency and
capability to a greater audience, making such capabilities possible for
all auditors and not just those who have the skills to develop their own
proprietary tools, or are lucky enough to work for a company with such a
framework already in place.
Two other key areas where Sleuth proves itself to be an invaluable resource
- Developer and Auditor training -
Key concepts can easily and visually be shown any audience. Often with
the student able to directly reproduce the simple steps shown to them.
- Verifying Automated tools results -
Efficiently dig and poke into any corner of the web application to see if
an automated tool missed something, or to test the exposure of a vuln that
may have been public for some time.
With that said, the next step is in understanding what tools Sleuth provides
and just what it is capable of.
Sleuth is actually a framework of several tools, each of which has been highlighted
below. In addition to the descriptions given here, each section title has been linked
to a separate dedicated page on that tool which contains auxiliary information complete
with product screen shots.
What are its limitations, what cant it do?
- Main Application -
Integrated IE web browser surrounded with an entire host of
powerful examination and manipulation tools. With it you can:
- get an efficient listing of all links, forms, script,frames etc in a web page
- easily edit form elements, links etc of the page
- +tons more
The main application also has an integrated HTTP intercept proxy so that you can
easily manipulate the raw headers sent to and from the browser. One key feature of
the Intercept proxy is just how integrated it is with the application. In its configuration
pane, you set breakpoints on common criteria. When a breakpoint is reached, you are
automatically switched to the proxy window for the edit, after which you will be
automatically switched back.
The proxy breakpoints have been designed to be powerful and flexible, allowing you
to hone in on exactly the events of interest with a minimum of back and forth between
proxy and browser panes.
- RawRequest -
A Raw http client that allows you to build up a HTTP request manually.
The wizard pane allows you insert a fully configured URL which you can then edit to
your preference. The request can also be edited in the raw request pane which allows
you total control over what you are sending to the server. After the request is sent
the raw source returned is displayed in a nicely formatted syntax highlight display.
You also have the option of viewing the source in an embedded browser window to easily
view the entire page output as it was designed to be displayed. New versions of RawRequest
currently out in the members section support SSL connections, as well as being able to
save and restore saved requests and responses.
- Sleuth Script -
Sleuth script is a dynamic framework that allows you to dynamically
automate your testing. Because it is based around common VBScript it is easily configurable
and can be adapted for many test scenarios. The sleuth Script framework is built around a
powerful set of libraries that handle all of the hard work such as saving and retrieving data
from databases, sending raw http requests, writing data to files and more. Check out the
Object browser to see all of the built in functionality. Sleuth Script can also be easily
extended by custom developed ActiveX objects dynamically loaded at runtime through the use
of CreateObject(). The Sleuth Script IDE can likewise also be extended allowing you to customize
the intellisense menus to fit your preferences or even include new objects that you choose.
The Sleuth Script IDE has been designed with as many efficiency tools as I could to help
new coders learn it, and advanced coders be as efficient as possible. Current automated scripts
include: directory bruteforcers, backup file brute forcers, basic auth bruteforcer, and webform
- Sleuth Browser Extensions -
The browser extensions package aim to integrate a handful of tools right into the standard IE
browser. They add functionality such as "Edit Source", and "Edit Forms" options right into the
IE right click menus. Other noteworthy functionality includes browser toolbar buttons that will
execute scripting commands on the current page and more. (JS Console is great for analyzing
pages with its extended logging and analysis routines)
- Sleuth Lite -
Based on the main Sleuth functionality, but does not contain its own browser window. Instead
Sleuth lite is designed to be left running and quietly sits down in the system tray. You surf
in IE, when you need to analyze a page, you just bring it back up, attach it to the IE window you
desire (like a debugger) and it is instantly hooked into everything that page contains.
- Doc Analyzer -
Similar to Sleuth Lite, except that it contains some extended functionality. Doc Analyzer is actually
the predecessor of Sleuth Lite and has advancements that allow it to explore all of the frames
of a document at once and edit any portion of any frame from the listview. Doc Analyzer is only
available to Commercially Licensed users.
With the tools that Sleuth provides, you really can dig into the depths of just about any web application
and see what makes it tick. With all of the multiple ways provided, you should be able to get where you
need to go, whether you started browsing a site in Sleuth, want to analyze some popup you think
might be Malicious, of just want to check something offhand as you surf the web.
The sky’s pretty much the limit. It usually comes down to what the wielder can do with it.
Automated tools definitely have their place, Web Apps can just flat out be huge and automation
is key, but they cannot be the only line of defense. There will inevitably be things they
miss. Their analyzation logic can only be as smart as their designers have implemented, (and figure
out how to properly implement).
My personal passion is figuring out how stuff works. So I needed a tool that would let me dig,
research, learn and directly understand how it all works and what could be done. Sleuth is
the result of that work.