This also has the interesting side effect of illuminating how all of the fields in a Web-app handle Unicode.
For example, in a single page with many inputs, you may end up seeing the same test case get returned in a variety of ways – URL encoded, NCR encoded, ill-encoded, raw, replaced, dropped, etc.
It is designed to be easily portable, just extract the files and run, but it does require SQL Server Integration Services to be installed on the machine.
The main download covers Expression Editor Control The expression editor control used in the tester tool has been deliberately made available as a separate component so it can be easily re-used in other tools and custom tasks, for example it is integrated into BIDS Helper.
Whilst it was inspired by the Microsoft editor the number one feature I wanted was resizable panes.
It also has the usual things like copy and paste as well as fine grained undo/redo.
It's main goal is to help you identify the hotspots where XSS might occur by: It injects ASCII to find traditional encoding issues, and it injects special Unicode characters and encodings to help an analyst identify where XSS filters might be bypassed.
The approach to finding these hotspots involves injecting single-character probes separately into each input field of each request, and detecting how they were later emitted.
Microsoft's Azure Data Lake is now generally available, but what does it do, and how does it work?
by Casaba Security, contact us through Code Plex, or email us at casabasecurity
x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities.
We're always improving the beta, so let us know if you see something that isn't working by selecting ' Report a Problem' from the dropdown menu in the top right corner.
BUT IT IS MISSING SEVERAL FEATURES THAT I USED TO ALWAYS USE.