Stompy 0.04

Date Added: July 26, 2010 | Visits: 715

Report Broken Link
Printer Friendly Version

Product Homepage
Download (107 downloads)

Stompy provides a tool to check the security of Web session IDs and other tokens. Stompy the session stomper is a penetration testing tool that performs an automated analysis and runs an array of fairly sophisticated tests on WWW session identifiers (or any other tokens) to see whether they are reasonably unpredictable or vulnerable to attacks. Session IDs and similar secret values shared between client and server are commonly used to track authenticated users or validate certain actions in stateless environments (not limited to the Internet: prepaid mobile recharge vouchers are a good example), and as such, whenever theyre predictable or simply have a non-negligible chance of being guessed by trial and error, we do have a problem. Some of such mechanisms, particularly in relation to the Web, are well-studied and well-documented, and believed to be cryptographically secure (for example: Apache Tomcat, PHP, ASP.NET built-in session identifiers). This is not necessarily so for various less-researcher enterprise platforms, and almost never so for custom solutions implemented in-house for a particular application. This is no better for other types of closed-source token generation systems that need to be quickly assessed for most obvious vulnerabilities before deployment. Whats New in This Release: - Added more explicit explanations of certain results, - Added fault bitmap reporting, - Emphasized the ability to use stompy for non-WWW applications, - Added raw file support, - Replaced environmental variables with command-line options, - Dropped non-GMP compilation target. - Added the ability to issue custom requests from file, - Added spatial correlation detection, - Added SSL support, - Moved testcases to test/ - [BUG] Fixed transition checking - [BUG] Fixed some variable token length testing bugs - [BUG] Fixed minor reporting errors - [BUG] Fixed a problem with SEGV on replay on some platforms.

Requirements: No special requirements

Platforms: Linux

Keyword: Added, Bug, Http, Ids, Internet, Provides, Session, Stompy, Tool, Web

Users rating: 0/10

License: Freeware

Size: 31.74 KB

USER REVIEWS

More Reviews or Write Review

STOMPY RELATED

Audio Tools - EarthMediaCenter Radio Portable 1.4 EarthMediaCenter Radio FREE software product which provides the Internet users with access to internet radio channels (online radio, Web radio). A huge database of radio stations, selection by genres and countries, station search by name, and much...	552.96 KB
Network & Internet - mergelog 4.5 mergelog provides a fast tool to merge HTTP log files by date. mergelog is a small and fast C program, which merges HTTP log files by date in Common Log Format (Apache default log format) from Web servers, behind round-robin DNS. It has been...	39.94 KB
Network & Internet - wgrab http file fetcher 1.1.3 wgrab http file fetcher provides a small, fast, and cross platform wget alternative. wgrab is an HTTP file fetcher similar to wget that is designed to be small, fast, and cross-platform compatible natively. The compiled wgrab is approximately...
Networking Tools - HTTP Proxy Scanner 1.0 The new HTTP Proxy Scanner is the handy tool that helps you to search HTTP proxy servers. This software recommended for users, who have a slow Internet connection - using a proxy server they may speed up web pages loading. HTTP Proxy Scanner may...	2.33 MB
Communication Tools - Internet Jam Session Software 1.0 The llcon software enables musicians to perform real-time jam sessions over the internet. There is a llcon server which collects the audio data from each llcon client, mixes the audio data and sends the mix back to each client.	25.03 MB
Network & Internet - mod_access_referer 1.0.2 mod_access_referer is a module for the Apache HTTP Server that provides access control based on "Referer" HTTP header content. Why is mod_access_referer useful? Basically, it allow or deny the access based on what page is shown in the Web...	10.24 KB
Network & Internet - DCWorkflow Dump 1.2 DCWorkflow Dump provides a simple tool to dump a web-generated workflow to Python code for use in Products. Dumps DCWorkflow specifications into a python script. Installation .Untar/copy it into your Zopes Products dir .Restart Zope .You...	5.12 KB
Network & Internet - PloneSelenium 1.2.2 PloneSelenium provides a product for web-based functional tests. PloneSelenium is a Plone Product allowing developers to create TTW Selenium test suites with a single Python Script, in order to do browser-based functional testing of their site....	112.64 KB
Network & Internet - PlacelessFavorites 1.2 PlacelessFavorites provides an Archetypes tool that manage membersfolder less favorites..	378.88 KB
Web Browsers - Internet Explorer Platform Preview 2 10 Internet Explorer Platform Preview is an Internet browser designed to offer web developers, designers, and enthusiasts an advanced look at what is going to come in the next major release of Internet Explorer. It is not intended to be your daily...

NEW DOWNLOADS IN LINUX SOFTWARE, NETWORK & INTERNET

Linux Software - EasyEDA PCB Designer for Linux 2.0.0 EasyEDA, a great web based EDA(Electronics Design Automation) tool, online PCB tool, online PCB software for electronics engineers, educators, students, makers and enthusiasts. Theres no need to install any software. Just open EasyEDA in any...	34.4 MB
Linux Software - wpCache® WordPress HTTP Cache 1.9 wpCacheÂ® is a high-performance, distributed object, caching system application, generic in nature, but intended for use in speeding up dynamic web applications, by decreasing database load time. wpCacheÂ® decreases dramatically the page...	3.51 MB
Linux Software - Polling Autodialer Software 3.4 ICTBroadcast Auto Dialer software has a survey campaign for telephone surveys and polls. This auto dialer software automatically dials a list of numbers and asks them a set of questions that they can respond to, by using their telephone keypad....	488 B
Linux Software - Total Video Converter Mac Free 3.5.5 Total Video Converter Mac Free developed by EffectMatrix Ltd is the official legal version of Total Video Converter which was a globally recognized brand since 2006. Total Video Converter Mac Free is a free but powerful all-in-one video...	17.7 MB
Linux Software - Skeith mod_log_sql Analyzer 2.10beta2 Skeith is a php based front end for analyzing logs for Apache using mod_log_sql.	47.5 KB
Network & Internet - Free WiFi Hotspot 3.3.1 Free WiFi Hotspot is a super easy solution to turn your laptop or notebook into a portable Wi-Fi hotspot, wirelessly sharing your internet connections like DSL, Cable, Bluetooth, Mobile Broadband Card, Dial-Up, etc. through the built-in wireless...	1.04 MB
Network & Internet - Easy Uploads 1.8 Easy uploads is a file storage media streaming application designed by Filestreamers that allows you to upload, store, and stream your files from their virtually unlimited file storage server. Easy Uploads can backup,share, and stream your files...	615.97 KB
Network & Internet - PacketFence ZEN 3.1.0 PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boosting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X...	1024 MB
Network & Internet - django-dbstorage 1.3 A Django file storage backend for files in the database.	10.24 KB
Network & Internet - SQL Inject Me 0.4.5 SQL Inject Me is a Firefox extension used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.	133.12 KB

Windows Software	BeOS Software
Macintosh Software	Linux Software
PDA Software	OS/2 Software
Mobile Software	Scripts