Sleuth is Web Application analysis tool. It has been designed to help you probe through a site to try to gather insight into how it works and how the authors designed it. Sleuth was born in the midst of a Web Application Security Audit when I felt that I needed some custom tools to preform the job efficiently.

For a more indepth discussion on the topic check out the Sleuth About page

    If you are new to Web Application Security and want to learn more, then check out the extensive papers section of this site. Also make sure to check out SqlSecurity.com, and CgiSecurity.net for loads of great info. Have questions? Browse through the WebAppSec mailing list.

If you are new to Sleuth and looking for documentation, also check out the comprehensive help file.

    Sleuths new Installer should take care of all Windows ME/XP/2000 users. For Windows 98 users, please read the notes on the Installation page.

    See the install page for specific details

    Drop the plugin (*_2.dll) into the Plugins folder in the Sleuth home directory. Start up Sleuth, then goto the Options pane and hit the "Plugin Manager" button. The Dll name should appear in the list unchecked. Check it, and hit done. The plugin will be loaded on the spot and available from then on. See the help file for more indepth discussion on the plugin framework.

   Great :) The best palce to start is by opening up one of the open source plugins and seeing just how they are coded. They are actually quite simple, and can be created in any language that supports making activeX servers. (Including .NET and even javascript! ).

Need an article and some samples to get get you started? Check out the tutorial I wrote . Also be sure to check out the Sleuth help file which has some more indepth documentation on the theory behind plugin developement.

How about some examples to get you started? Check out the Developers Corner For example plugins in: C++, J++, VB.NET, & even VBScript!

With the new plugin format of 1.35+ it is easier now than ever to create your own plugins!

   Yes, I have placed old versions of Sleuth source in GIT along with the old style plugins.

    Feel free to submit ideas for new features or thoughts on how to streamline processes with the feature request form.

    *waves hand preforming the Jedi mind trick* - There are no errors here -

You know..that never works, mabey if I wore a robe....anyway there will ineviatable be bugs, I squash what I can as I come across them but one person can only do so much.

You can submit bugs to my own personal bug collection

    Sleuth Intercept is currently a HTTP only proxy, while native SSL support will be added shortly you can use the Sleuth Intercept in conjunction with another external SSL enabled Intercept so that it can be used in any situation. Here is an article on how to configure Sleuth to use a separate external Intercept for SSL connections.

    Because of the way the IE DOM was designed, Scripts cannot be edited once the browser has load them into its scripting engine. If you want to modify a script, you must do it through the Intercept proxy before it hits the browser. Note that you CAN MODIFY any scripts held in javascript event handler because those are evaluated at runtime dynamically. Also dont forget to play around with the JS console. 99% of the time, you wont really need to be able to edit the page scripts anyway.

    Some international users have reported this problem. It seems to stem from alternative system date formats. I have worked with several of the users that reported this error and have been unable to reproduce it. The error only effects the demo version, registered users of 1.4x and 1.36 free version are both unaffected. Currently I do not have a fix Sorry.

    Sleuth.mdb is an Access 97 database. As of Sleuth 1.42 you can now use any ODBC type database to store and access your data. Read how to set it up here.

    The Intercept proxy uses a set port to listen on and intercept requests. Only one instance of Sleuth can have an active proxy at a time. If you have multiple copies of Sleuth open at once, only the first instance will be able to bind to the port, so the pane is disabled in subsequent instances. If you do not see a previous instance open, check your ctrl-alt-delete listing there may be one hung in memory, or another application may be using the proxy port.

   98% chance you just need to update your Windows Script Host. Open up IE and goto Help->About if the version is below 5.5 then you need to update the windows script host (see install page for link)

    I have had this reported once, if it happens to you, let me know. The intercept proxy allocates a max of 50 sockets for use. Typically you will use 5-8 under normal conditions so 50 is actually quite safe. Note however that when the intercept is active, ALL IE Windows on your system will be using it! So if you are just surfing in another window, you are probably surfing through the proxy as well. A problem could arise, if you were listening to an online radio, trying to watch streaming video during the period the intercept was active. These applications may use the global IE proxy options in which case you could top out the 50 socket count.

    I am not exactly sure why, or if this has happened to anyone else but I found that for some weird reason the CmdLine plugin was causing intermittant problems and some how making all the plugins fail. If you have the CmdLine plugin loaded, unload it and start up Sleuth again and everything should be back to normal. I just made some changes in 1.42 that should hopefully stop this from happening.

    Yes he really does and in fact everlasting gobbstoppers are real! Congratulations go out to you for actually reading the FAQ, the whole FAQ full of nothing but the FAQs!