Menu

Mantra-en




Mantra

Phase(s):

Primary: Exploitation.
Secondary: Discovery.

Description:

Tool based / integrated into a web browser that helps detect vulnerabilities present in web applications. Includes groups and different useful tools to analyze, identify and explore vulnerabilities.

Objective:

  • Detect vulnerabilities present in a web application.
  • Exploit the detected vulnerabilities.
  • Gather information about the web server and technologies used in the web application.

Features:

Supported technologies: Web applications (HTTP/ HTTPS).

Operative mode: Pasive/Active.

  • Proxy that enable the analysis and modification of petitions made by the web application.
  • Multiple proxy configuration options.
  • Character encoding.
  • Developer Tool-bars to modify client side content such as: remove size restrictions, cookie details, show hidden fields, etc.
  • Data administration through a local SQLlite database.

Reports:
Output reports: X

Basic usage:

Perform a passive analysis of the requests made by the web application via a proxy. Start the tool and write in the address bar the web application URL address.


image

Open the “HttpFox” tool in the tools menu, and start capturing all HTTP requests.


image

Surfing through the web application so that the proxy tool can catch all the generated petitions.


image


image

The tool displays all the petitions captured; selecting any of them will provide the details of the HTTP request and response.


image


image

Each petitions which provides the following information:

  • Headers.
  • PostData or QueryString parameters.
  • HTTP method used.
  • Cookies.

Resources:

Link: http://dotdotpwn.sectester.net
Author(s): chr1x & nitr0us
Contact: dotdotpwn [at]sectester.net
License: