Downloads Plugins Frequently Asked Questions Installation Notes Free Web Application Security Papers Extra Files scriptArchieve.php area
Sleuth Stuff

Main Site
Best Viewed w/ IE5+

View All Papers
  • Real World XSS, CHM, TXT

        20 page paper covering most aspects of XSS attacks including injection points, attack scenarios, attacker motivations and techniques, code obfuscation examples and starts laying a foundation on proper filtering framework. Included in the paper is a download package of handy XSS utilities.

  • Stunnel Config

        This paper walks you through how you can make http requests over SSL with Winsock only clients (such as the Sleuth 1.36 Raw Request) through the use of Stunnel.

    Paper includes a configuration helper tool in the form of both a standalone exe and Sleuth plugin to help streamline the process.

    (Licensed 1.4 users can log into the new members section to download a new beta version of RawRequest which now has built in SSL support.)

  • Circumventing Client Side Validation

        Web developers spend allot of time planning out complex chains of events to make their web applications work. Within the planning and outlines, implicit control over the chain of events is often assumed. This paper is an introduction to breaking those assumptions and realizing just how vulnerable those chalk board outlines can be in the real world.

  • Http Authentication

       This paper is an introduction to HTTP Auth introduced at the HTTP header level.

  • Http Headers

        This series introduces you to the Http protocol and gives you a common sense understanding of how web servers and browsers communicate. This foundation in turn takes us into the papers real focus, how and why attackers may manipulate raw http requests and the impact this has on web applications.

    1. Http Header Manipulation - Overview
    2. Http Headers - Cookie Manipulation
    3. Http Headers - Referer Manipulation
    4. Http Headers - User Agent Manipulation

  • URL Encoding

        This is a basic primer on URL anatomy and why an encoding technique is necessary.

  • Analyzing Web Applications

       Part of the a developers series I am writing. This article gives you a walk through of the Sleuth Browser Extensions capabilities and screenshots and gives a quick rundown on what they are capable of and how to use them to analyze a foreign web app.

Copyright 2000-2003 All Rights Reserved