 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 133
 Members: 0
 Total: 133
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Buffer Overflow Utility (BOU) |
|
 Posted: Wed Mar 02, 2005 2:33 pm |
 |
|
| LINUX |
| Moderator |
 |
|
| Joined: May 24, 2004 |
| Posts: 404 |
| Location: Caiman |
|
|
 |
|
 |
|
| Code: | - What is the Bou?
The Bou (Buffer Overflow Utility) is a command-line utility that enables the user to check for buffer overflows on Web Server Applications.
The Utility should be used very carefully since it might crash the server when it discovers the buffer overflow.
-How to use the Bou?
In order to use the Bou you must specify the following parameters: host, port, request-filename and command-filaname.
Usage: com.webcohort.Bou -h host -p port -reqfile filename -commandfile filename [-v] [-vv] [-version]
The -v and the -vv are optional and stands for verbose and verboseverbose mode (superverbose).
For more help type "com.webcohort.Bou -help" in the command prompt.
-How does the request file look like?
The request file should contain a valid http request.
for example:
GET /?test=566&me=alon HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost
Proxy-Connection: Keep-Alive
-How does the command file look like?
The command file should be a "key=value" map file that contain the following keys:
key=somekey
value=defaultvalue
times=x
An example of the command file:
key=test
values=12345
times=4
-How does the Bou Work?
The Bou opens a connection to the specific host on the specified port.
It loads the command and request files and then it does the following:
It looks for the key in the HTTP request and then it changes the value of the key according to the values specified in the command file.
The first request will contain a zero length value for the key, the second request will contain exactly the value from the command file (in the example the second request GET/?test=1245&me=alon), third request will be GET/?test=12451245&me=alon and so on.
The number of iterations that Bou will increase the size of the key is the times parameter from the command file.
- Does Bou support Both HTTP GET and POST methods?
Yes it does and it also knows how to calculate the Content-Length in each request.
|
download >> http://www.imperva.com/download.asp?id=18 |
|
|
|
|
|
www.waraxe.us Forum Index -> Tools
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
