Frequently Asked Questions
Sleuth is Web Application analysis tool.
It has been designed to help you probe through a site to try to
gather insight into how it works and how the authors designed it.
Sleuth was born in the midst of a Web Application Security Audit when I
felt that I needed some custom tools to preform the job efficiently.
If you are new to Web Application Security and want to learn
more, then check out the extensive papers section of this site. Also make sure to check out
CgiSecurity.net for loads of great info.
Have questions? Browse through the
WebAppSec mailing list.
Sleuths new Installer should take care of all Windows ME/XP/2000
users. For Windows 98 users, please read the notes on the Installation page.
See the install page for specific details
Drop the plugin (*_2.dll) into the Plugins folder in the Sleuth
home directory. Start up Sleuth, then goto the Options pane and hit the "Plugin Manager"
button. The Dll name should appear in the list unchecked. Check it, and hit done. The plugin
will be loaded on the spot and available from then on. See the help file for more
indepth discussion on the plugin framework.
Great :) The best palce to start is by opening up one of the
open source plugins and seeing just how they are coded. They are actually quite
simple, and can be created in any language that supports making activeX servers.
Yes, I have placed old versions of Sleuth source in GIT
along with the old style plugins.
Feel free to submit ideas for new features or thoughts
on how to streamline processes with the
feature request form.
*waves hand preforming the Jedi mind trick* - There are no errors here -
Sleuth Intercept is currently a HTTP only proxy, while native SSL support
will be added shortly you can use the Sleuth Intercept in conjunction with another external
SSL enabled Intercept so that it can be used in any situation. Here is an
article on how to configure Sleuth to use a
separate external Intercept for SSL connections.
Because of the way the IE DOM was designed, Scripts cannot be edited once the browser has
load them into its scripting engine. If you want to modify a script, you must do it through the Intercept
because those are evaluated at runtime dynamically. Also dont forget to play around with the JS console.
99% of the time, you wont really need to be able to edit the page scripts anyway.
Some international users have reported this problem. It seems to stem from alternative
system date formats. I have worked with several of the users that reported this error and have been unable
to reproduce it. The error only effects the demo version, registered users of 1.4x and 1.36 free version are
both unaffected. Currently I do not have a fix Sorry.
Sleuth.mdb is an Access 97 database. As of Sleuth 1.42 you can now
use any ODBC type database to store and access your data. Read how to set it up
The Intercept proxy uses a set port to listen on and intercept requests. Only one instance of Sleuth
can have an active proxy at a time. If you have multiple copies of Sleuth open at once, only the first
instance will be able to bind to the port, so the pane is disabled in subsequent instances. If you do not
see a previous instance open, check your ctrl-alt-delete listing there may be one hung in memory, or
another application may be using the proxy port.
98% chance you just need to update your Windows Script Host. Open up IE and goto Help->About
if the version is below 5.5 then you need to update the windows script host (see install page for link)
I have had this reported once, if it happens to you, let me know. The intercept proxy
allocates a max of 50 sockets for use. Typically you will use 5-8 under normal conditions so 50 is
actually quite safe. Note however that when the intercept is active, ALL IE Windows on your system will
be using it! So if you are just surfing in another window, you are probably surfing through the proxy
as well. A problem could arise, if you were listening to an online radio, trying to watch streaming
video during the period the intercept was active. These applications may use the global IE proxy options
in which case you could top out the 50 socket count.
I am not exactly sure why, or if this has happened to anyone else but I found
that for some weird reason the CmdLine plugin was causing intermittant problems and some how making
all the plugins fail. If you have the CmdLine plugin loaded, unload it and start up Sleuth again
and everything should be back to normal. I just made some changes in 1.42 that should hopefully stop
this from happening.
Yes he really does and in fact everlasting gobbstoppers are real! Congratulations go out to you for actually reading the FAQ, the whole FAQ full of nothing but the FAQs!
|Copyright Sandsprite.com 2000-2003 All Rights Reserved|