OpenRCE_jms
November 24th, 2007, 18:50
So Dave Aitel and I collaborated on a little hooking script inside of ImmunityDebugger coupled with an XML-RPC server.
What it does is hooks SQLOLEDB calls at the application layer, retrieves the SQL query from memory and ships it off to the RPC server for analysis.
It's a fairly different way for examining web apps, and frankly was a lot of fun doing. The full posting that Dave made is at the Immuntiy Forum here ("http://forum.immunityinc.com/?topic=92.0")
If you have any questions, request for new platform support or patches, drop it in the ID forum or email Dave or I.
https://www.openrce.org/blog/view/917/Grey_Box_Web_Application_Testing_With_Immunity_Debugger
What it does is hooks SQLOLEDB calls at the application layer, retrieves the SQL query from memory and ships it off to the RPC server for analysis.
It's a fairly different way for examining web apps, and frankly was a lot of fun doing. The full posting that Dave made is at the Immuntiy Forum here ("http://forum.immunityinc.com/?topic=92.0")
If you have any questions, request for new platform support or patches, drop it in the ID forum or email Dave or I.
https://www.openrce.org/blog/view/917/Grey_Box_Web_Application_Testing_With_Immunity_Debugger