At the upcoming SecTor conference in Toronto Nishchal Bhalla will release a suite of tools. The new tools have the charming moniker of “ExploitMe” which are Firefox plug-ins.
From Dark Reading:
Canadian researchers have built a set of free exploit tools for Web applications that run as Firefox browser plug-ins; the so-called ExploitMe suite includes tools for cross-site scripting (XSS) and SQL injection, two of the most common vulnerabilities found on Websites.
Nishchal Bhalla, founder of Security Compass, and his fellow researchers at the firm will demonstrate and release the new exploit tools — aimed at facilitating penetration testing of Web applications — at next month’s SecTor security conference in Toronto. The tools let researchers, Web app developers, and quality assurance staffers “fuzz” their Web apps for vulnerabilities to XSS and SQL injection attacks.
“We actually plugged it [the tools] right into the browser logic so it sees things the way the browser does,” says Oliver Lavery, principal consultant with Security Compass and one of the developers of the ExploitMe tools.
For more on this conference check out Sector.ca.
[tags]Weaponizing Browsers, Firefox Plug-ins, ExploitMe Plugins, Sector.ca[/tags]
