help to analyze the output of stompy tool

Discuss the many weaknesses of browser security and ways to mitigate the threat

help to analyze the output of stompy tool

Post by cool4dmin on Thu Oct 06, 2011 1:00 am
([msg=62111]see help to analyze the output of stompy tool[/msg])

Hi,
I tested Stompy tool and now there is the result of running this tool. but I can't use the result. How do I deduce the session managment of the target site is vulnerable from the output? the output file is attached.

Note:
Stompy is a free tool to perform black-box assessment of algorithms used to
generate WWW session identifiers or other tokens that are meant to withstand
statistical analysis and brute-force attacks.

http://www.darknet.org.uk/2007/03/stompy-the-web-application-session-analyzer-tool/

Download Link: http://lcamtuf.coredump.cx/stompy.tgz

How can I attach file here? :shock:

log file: http://www.4shared.com/file/FuqvQ4q-/log.html
cool4dmin
New User
New User
 
Posts: 11
Joined: Wed Sep 21, 2011 8:40 am
Blog: View Blog (0)


Re: help to analyze the output of stompy tool

Post by limdis on Fri Oct 07, 2011 6:31 pm
([msg=62170]see Re: help to analyze the output of stompy tool[/msg])

Stompy is a bit old. You sure you really want to get in to how to use this?

Also, I'm willing to look into this for you providing you can prove that the site you are testing it on belongs to you. I won't even touch the log file until then.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1358
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: help to analyze the output of stompy tool

Post by cool4dmin on Sat Oct 08, 2011 11:00 pm
([msg=62196]see Re: help to analyze the output of stompy tool[/msg])

I am testing Stompy to learn not to hack the special site.
you can gather another cookies for sample and analyze the output for me if you like to help me.

many thanks.
cool4dmin
New User
New User
 
Posts: 11
Joined: Wed Sep 21, 2011 8:40 am
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests