Sleuth 1.4 Overview



    Sleuth now boasts an integrated Intercept Proxy. This feature allows you to set logical break points on the HTTP communication so that you can examine and alter key elements in the exchange.



    When the proxy receives a trigger, it will automatically change tabs to the proxy pane. The top text box, shows the raw HTTP header the proxy received from the browser. This gives you the opportunity to alter the request or cookie parameters to suit your needs.

    The list box directly below that, holds a que of requests that are to be edited. This unique features allows you to process multiple edits all in one viewing. This saves you the hassle of being forced back to the proxy pane for each individual request. When you have completed your edits, it automatically whisks you back to the browser pane for seamless integration.

    Another key feature of the Sleuth Proxy, is the configure interface. Here you set the criteria that you want to constitute a trigger. Since this proxy is specially designed for Web Application Auditing, I have narrowed down the triggers to just the base key elements that we are interested in. This means that you will not be bothered by having to clear dozens of inconsequential requests. By eliminating the noise, you will be able to better focus on your task at hand, and perform more efficiently.



    Another great feature of the integrated proxy, is that you can Enable it with a single click right from within Sleuth! To enable or disable the proxy you merely have to click on the status label and it will be completly configured for you.

    Although Sleuth Intercept does not yet natively support HTTPS communications, you can configure it to use an external intercept proxy for the SSL transactions. For more details see this article detailing how to configure the proxy settings.



    The next new feature to Sleuth 1.4, is an integrated Spider for enumerating the files that make up the web application. Below is a screen shot of a crawl of this site. As the spider progresses, each page if finds is broken down and saved to a database. This allows us to reload a scan at anytime, without having to send the spider back for a second pass. New Sleuth scripts are also available to import URL lists you compile externally for display in the Sider log.



    After the spider is complete, now begins your work examining each page. For this leg of the audit, Sleuth generates a report for each page. When you click on an item in the treeview, the Spider configuration pane disappears and reveals the report in a customizable page template.



    The underlined text is actually an expandable node that will give you a break down of that segment of the pages content.



    This report template is filled out dynamically by Sleuth from a static HTML file on disk. This means that you can edit the report and customize it to your own preferences. Right now the report framework only includes the several fields shown in the demo. As people make requests, I will add more and you will be able to customize to your hearts content!

    As you can see from the above screen shot, the report page also allows you to attach auditing notes directly to each page. This allows you a very organized and efficient framework helping you to eliminate lost time on redundant tests and minimizes the chances of forgotten pages that might slip by.

    The question may arise, in a site of hundreds of pages, how do I find: all the pages with forms, pages that accepted querystring parameters, or pages that have notes attached?

    Sleuth 1.4 offers efficient filtering options so that you can hone in and display exactly the content you need to see. Also, since everything is broken down into its components and saved to the database, anyone proficient with Access can parse and manipulate the data collected in any manner they can conceive.



    Finally to bring our new feature list to a close, is a new notes pane interface. This provides you a place to leave an itemized list of things to do or mental reminders.



Want to see what has been added since 1.4 was initally released? Here is the 1.41/1.42 changelog. Note that registered users have enjoyed all of these additions as FREE upgrades ! 

ChangeLog for 1.4.1 & 1.4.2  

1.4.2 - Dec 8 2003 - Interm release - UI Upgrade and cleanups - more soon

 - Lots of interface cleanups and restructure - see screenshot
 - Properties are now on their own tabs for quick viewing
 - options now on their own form 
 - auto complete added to address bar 
 - sniper revamped & reintegrated on main form
 - ability to use any database format for main sleuth database (see FAQ #14)
 - sniper functionality upgraded now hooks any IE window (drag and drop it on the Add/Remove programs window :)
 - new bookmarks/favorites functionality 

1.4.1 - 
 Sleuth
  - intercept proxy now supports proxy chaining & basic auth
  - browser extensions integrated with options
  - integrated with new jsconsole and new rawrequest
  - some small bug fixes 
  - source pane now supports displaying asian character sets
	  
 sleuth script
  - error highlighting
  - full syntax highlighting
  - save changes
  - new scriptable database interface 
  - greatly enhanced Log function
  - raw http class now supports proxy relay and basic auth

 New Jsconsole -
  - line numbering & intellisense
  - error line highlighting
  - full syntax highlighting
  - new object browser & documentation
	 
 New RawRequest
  - new Wizard interface
  - supports proxy requests & basic auth

 browser extensions
  - added new rawrequest as toolbar icon
  - updated jsconsole
  - integrated on Sleuth options pane
  - edit / analyze cookie menu extension
  - edit analyze link menu extension  
  - choice between full & lite JsConsoles (free Lite version restored)
Copyright Sandsprite.com 2000-2003 All Rights Reserved