20080325
Mozilla Prism & Pen-testing
Mozilla Prism , one in a series of recent site-specific-browsers(ssb) has become a fairly useful tool for me. I can run the web applications under different users (run as.. ). This allows limiting access and resources to the web application. It also allows running multiple different cookie sets at one time.
Simple example is having multiple gmail accounts logged in at one time. A more complex example is cookie manipulation while authenticated during access level enumeration.
Prism allows for the fine tuning of ssb to accommodate multiple pentesting angles.In the past I've rebranded Firefox and done similar things as running as guest users, but it was never this easy.
Prism and Flash on Windows
Its is pretty simple to enable your plugins (not talking extensions here.. ) on Prism on a windows system. All you have to do is copy your {program files}\Mozilla Firefox\plugins directory to your {program files}\Prism\Plugins directory. The Prism plugins directory doesnt exist by default and needs to be created. You may also want to copy the files into the XULRunner plugins directory. XUL runner handles any XUL apps that may depend on those plugins as well.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment