OpenRCE_jms
11-24-2007, 06:50 PM
So Dave Aitel and I collaborated on a little hooking script inside of ImmunityDebugger coupled with an XML-RPC server.
What it does is hooks SQLOLEDB calls at the application layer, retrieves the SQL query from memory and ships it off to the RPC server for analysis.
It's a fairly different way for examining web apps, and frankly was a lot of fun doing. The full posting that Dave made is at the Immuntiy Forum here (http://forum.immunityinc.com/index.php?topic=92.0)
If you have any questions, request for new platform support or patches, drop it in the ID forum or email Dave or I.
https://www.openrce.org/blog/view/917/Grey_Box_Web_Application_Testing_With_Immunity_Debugger
What it does is hooks SQLOLEDB calls at the application layer, retrieves the SQL query from memory and ships it off to the RPC server for analysis.
It's a fairly different way for examining web apps, and frankly was a lot of fun doing. The full posting that Dave made is at the Immuntiy Forum here (http://forum.immunityinc.com/index.php?topic=92.0)
If you have any questions, request for new platform support or patches, drop it in the ID forum or email Dave or I.
https://www.openrce.org/blog/view/917/Grey_Box_Web_Application_Testing_With_Immunity_Debugger