Fiddler is a web debugging proxy tool. It is used to monitor we traffic between your computer and Internet. With the help of the tool you can inspect the request and response of web traffic. The tool is available for free and inspect traffic incoming to all browsers of the system. Its ability to monitor web traffic makes it useful tool for penetration testing.
It is mostly used in finding XSS vulnerability in web applications. Although the tool cannot directly help in finding XSS vulnerabilities, it can with the help of an add-on. X5S is the fiddler add-on that help it. But the tool is not for beginners. Before using the tool, you need to have understanding of XSS encoding. Because it only helps in finding possible injections. Most of the times, it shows false alerts. Basically the tool helps in finding places where safe encoding was not applied in use inputs.
X5s for Fiddler is also available for free. So, you can download it from official link. After installation, it adds a X5s tab in the fiddler from where you can manage all the settings and see the vulnerable links.
The tool needs proper configuration and then test case setup. I am not going to explain it here. I already wrote a full article on X5S and Fiddler on Infosec Institute website. You can read there.
Intersted in learning web security, join web application security course offered by infosec Institute.
It is mostly used in finding XSS vulnerability in web applications. Although the tool cannot directly help in finding XSS vulnerabilities, it can with the help of an add-on. X5S is the fiddler add-on that help it. But the tool is not for beginners. Before using the tool, you need to have understanding of XSS encoding. Because it only helps in finding possible injections. Most of the times, it shows false alerts. Basically the tool helps in finding places where safe encoding was not applied in use inputs.
X5s for Fiddler is also available for free. So, you can download it from official link. After installation, it adds a X5s tab in the fiddler from where you can manage all the settings and see the vulnerable links.
The tool needs proper configuration and then test case setup. I am not going to explain it here. I already wrote a full article on X5S and Fiddler on Infosec Institute website. You can read there.
Intersted in learning web security, join web application security course offered by infosec Institute.
0 comments:
Post a Comment