Downloads Plugins Frequently Asked Questions Installation Notes Free Web Application Security Papers Extra Files scriptArchieve.php area
Sleuth Stuff

Main Site
Best Viewed w/ IE5+
Frequently   Asked   Questions
  1. What is Sleuth and what does it do?

        Sleuth is Web Application analysis tool. It has been designed to help you probe through a site to try to gather insight into how it works and how the authors designed it. Sleuth was born in the midst of a Web Application Security Audit when I felt that I needed some custom tools to preform the job efficiently.

    For a more indepth discussion on the topic check out the Sleuth About page

  2. I am new to Sleuth and Web Application Security where can I learn more?

        If you are new to Web Application Security and want to learn more, then check out the extensive papers section of this site. Also make sure to check out, and for loads of great info. Have questions? Browse through the WebAppSec mailing list.

    If you are new to Sleuth and looking for documentation, also check out the comprehensive help file.

  3. What are Sleuths System Requirements?

        Sleuths new Installer should take care of all Windows ME/XP/2000 users. For Windows 98 users, please read the notes on the Installation page.

  4. How do I Install Sleuth?

        See the install page for specific details

  5. How do I Install Plugins?

        Drop the plugin (*_2.dll) into the Plugins folder in the Sleuth home directory. Start up Sleuth, then goto the Options pane and hit the "Plugin Manager" button. The Dll name should appear in the list unchecked. Check it, and hit done. The plugin will be loaded on the spot and available from then on. See the help file for more indepth discussion on the plugin framework.

  6. I want to write my own Plugin!

       Great :) The best palce to start is by opening up one of the open source plugins and seeing just how they are coded. They are actually quite simple, and can be created in any language that supports making activeX servers. (Including .NET and even javascript! ).

    Need an article and some samples to get get you started? Check out the tutorial I wrote . Also be sure to check out the Sleuth help file which has some more indepth documentation on the theory behind plugin developement.

    How about some examples to get you started? Check out the Developers Corner For example plugins in: C++, J++, VB.NET, & even VBScript!

    With the new plugin format of 1.35+ it is easier now than ever to create your own plugins!

  7. Are older versions of Sleuth still available open source?

       Yes, I have placed old versions of Sleuth source in GIT along with the old style plugins.

  8. I have a functionality or feature request for Sleuth.

        Feel free to submit ideas for new features or thoughts on how to streamline processes with the feature request form.

  9. I found a B U G !

        *waves hand preforming the Jedi mind trick* - There are no errors here -

    You know..that never works, mabey if I wore a robe....anyway there will ineviatable be bugs, I squash what I can as I come across them but one person can only do so much.

    You can submit bugs to my own personal bug collection

  10. The Intercept proxy seems pretty fast compared to some others, why is that?

    The intercept was designed with efficiency in mind. Alot of intercept proxies work on a 3 step system. First they receive the request, then they download the entire file, then they pass it back to the browser. The Sleuth intercept handles the requests on the fly, and asynchronously feeds the received data back to the browser. The Intercept also can handle multiple requests at once and supports keep-alive connections making it very efficient.

  11. Does the Sleuth Intercept Proxy Support SSL Connections?

        Sleuth Intercept is currently a HTTP only proxy, while native SSL support will be added shortly you can use the Sleuth Intercept in conjunction with another external SSL enabled Intercept so that it can be used in any situation. Here is an article on how to configure Sleuth to use a separate external Intercept for SSL connections.

  12. Can I edit Javascript in the page source

        Because of the way the IE DOM was designed, Scripts cannot be edited once the browser has load them into its scripting engine. If you want to modify a script, you must do it through the Intercept proxy before it hits the browser. Note that you CAN MODIFY any scripts held in javascript event handler because those are evaluated at runtime dynamically. Also dont forget to play around with the JS console. 99% of the time, you wont really need to be able to edit the page scripts anyway.

  13. The demo only runs once then I get demo expired error!

        Some international users have reported this problem. It seems to stem from alternative system date formats. I have worked with several of the users that reported this error and have been unable to reproduce it. The error only effects the demo version, registered users of 1.4x and 1.36 free version are both unaffected. Currently I do not have a fix Sorry.

  14. What format is the Sleuth database in?, Can I have Sleuth use a differnt kind?

        Sleuth.mdb is an Access 97 database. As of Sleuth 1.42 you can now use any ODBC type database to store and access your data. Read how to set it up here.

  15. Sometimes when I open up 1.4 the proxy pane is disabled why?

        The Intercept proxy uses a set port to listen on and intercept requests. Only one instance of Sleuth can have an active proxy at a time. If you have multiple copies of Sleuth open at once, only the first instance will be able to bind to the port, so the pane is disabled in subsequent instances. If you do not see a previous instance open, check your ctrl-alt-delete listing there may be one hung in memory, or another application may be using the proxy port.

  16. I get the error "Application Defined or Object Defined Error" on startup and it crashs!

       98% chance you just need to update your Windows Script Host. Open up IE and goto Help->About if the version is below 5.5 then you need to update the windows script host (see install page for link)

  17. I get an error stating that all proxy sockets are in use then the application crashs.

        I have had this reported once, if it happens to you, let me know. The intercept proxy allocates a max of 50 sockets for use. Typically you will use 5-8 under normal conditions so 50 is actually quite safe. Note however that when the intercept is active, ALL IE Windows on your system will be using it! So if you are just surfing in another window, you are probably surfing through the proxy as well. A problem could arise, if you were listening to an online radio, trying to watch streaming video during the period the intercept was active. These applications may use the global IE proxy options in which case you could top out the 50 socket count.

  18. Everytime I try to start up a plugin I get an error message!

        I am not exactly sure why, or if this has happened to anyone else but I found that for some weird reason the CmdLine plugin was causing intermittant problems and some how making all the plugins fail. If you have the CmdLine plugin loaded, unload it and start up Sleuth again and everything should be back to normal. I just made some changes in 1.42 that should hopefully stop this from happening.

  19. Does Willy Wonka really have a chocolate factory?

        Yes he really does and in fact everlasting gobbstoppers are real! Congratulations go out to you for actually reading the FAQ, the whole FAQ full of nothing but the FAQs!

Copyright 2000-2003 All Rights Reserved