{"id":252,"date":"2007-09-09T10:43:16","date_gmt":"2007-09-09T13:43:16","guid":{"rendered":"http:\/\/talsoft.com.ar\/weblog\/?p=252"},"modified":"2007-09-09T10:43:16","modified_gmt":"2007-09-09T13:43:16","slug":"pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/","title":{"rendered":"Pipper, un automatizador de peticiones para auditor\u00c3\u00ada de aplicativos Web"},"content":{"rendered":"<p>Es el caso de Pipper, una herramienta orientada a la auditor\u00c3\u00ada de aplicativos Web y cuya principal misi\u00c3\u00b3n es automatizar peticiones que habitualmente pueden conducir a la explotaci\u00c3\u00b3n de situaciones de vulnerabilidad, como por ejemplo, la inyecci\u00c3\u00b3n SQL. Copio y pego <a href=\"http:\/\/www.s21sec.com\/pipper\/pipper.html\">de la p\u00c3\u00a1gina de referencia del autor<\/a>:<\/p>\n<p align=\"left\">La idea de crear este programa surge como necesidad a la hora de automatizar peticiones en aplicativos Web. El programa en s\u00c3\u00ad resulta lo suficientemente gen\u00c3\u00a9rico como para llevar a cabo multitud de acciones que hasta ahora se realizaban mediante la creaci\u00c3\u00b3n de diversos \u00e2\u20ac\u0153scripts\u00e2\u20ac\u009d o bien, el uso de m\u00c3\u00baltiples herramientas.<\/p>\n<p align=\"left\">Este programa no pretende ser la soluci\u00c3\u00b3n a todos los problemas de auditor\u00c3\u00ada Web, pretende ser m\u00c3\u00a1s bien una ayuda adicional a los auditores de este tipo de aplicativos, ya que se presupone un conocimiento previo de las tareas que se realizan com\u00c3\u00banmente; Pipper \u00c3\u00banicamente muestra informaci\u00c3\u00b3n num\u00c3\u00a9rico-visual (c\u00c3\u00b3digos de error, n\u00c3\u00bamero de l\u00c3\u00adneas y palabras devueltas, textos coloreados, etc.), tal y como se ver\u00c3\u00a1 m\u00c3\u00a1s adelante. Esta informaci\u00c3\u00b3n deber\u00c3\u00a1 de ser interpretada posteriormente por el auditor, el cual tendr\u00c3\u00a1 que ser capaz de diagnosticar \u00e2\u20ac\u0153qu\u00c3\u00a9 est\u00c3\u00a1 ocurriendo\u00e2\u20ac\u009d.<\/p>\n<p align=\"left\">Un buen uso de este programa reducir\u00c3\u00a1 notablemente los tiempos de prueba\/error dedicados a \u00e2\u20ac\u0153bruteforcear\u00e2\u20ac\u009d variables\/cookies\/credenciales, b\u00c3\u00basqueda de ficheros (p\u00c3\u00a1ginas, cgi\u00e2\u20ac\u2122s, etc\u00e2\u20ac\u00a6), localizar fallos de \u00e2\u20ac\u0153Cross-Site Scripting\u00e2\u20ac\u009d, \u00e2\u20ac\u0153SQL Injections\u00e2\u20ac\u009d, etc.<\/p>\n<p>El programa incluye tres ficheros principales para este prop\u00c3\u00b3sito:<\/p>\n<p>* sql_inj.txt, con distintos vectores de ataque usados en inyecciones SQL<br \/>\n* nulls.txt, similar al anterior pero usando variables de tipo \u00e2\u20ac\u0153null\u00e2\u20ac\u009d<br \/>\n* ones.txt, an\u00c3\u00a1logo al anterior, pero usando variables numericas del tipo \u00e2\u20ac\u0153unos\u00e2\u20ac\u009d.<\/p>\n<p>Adicionalmente, se suministra un fichero XML para poder generar nuestros propios payloads. Las instrucciones y otros contenidos de inter\u00c3\u00a9s est\u00c3\u00a1n colgados <a href=\"http:\/\/www.s21sec.com\/pipper\/pipper.html\">en la p\u00c3\u00a1gina de S21Sec<\/a>.<\/p>\n<p>La noticia la he visto en <a href=\"http:\/\/www.dragonjar.us\/pipper-herramienta-para-la-auditorias-de-aplicaciones-web.xhtml\">Dragonweb<\/a>, aunque veo que <a href=\"http:\/\/elladodelmal.blogspot.com\/2007\/09\/pipper-la-navaja-suiza-del-campen.html\">Chema tambi\u00c3\u00a9n ha hablado de la herramienta<\/a>. <a href=\"http:\/\/www.yoire.com\/downloads.php?tag=pipper\">La descarga la ten\u00c3\u00a9is aqu\u00c3\u00ad<\/a>, y es completamente gratu\u00c3\u00adta.<\/p>\n<p>Fuente: <a href=\"http:\/\/www.sahw.com\/wp\/\">http:\/\/www.sahw.com\/wp\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Es el caso de Pipper, una herramienta orientada a la auditor\u00c3\u00ada de aplicativos Web y cuya principal misi\u00c3\u00b3n es automatizar peticiones que habitualmente pueden conducir a la explotaci\u00c3\u00b3n de situaciones de vulnerabilidad, como por ejemplo, la inyecci\u00c3\u00b3n SQL. Copio y pego de la p\u00c3\u00a1gina de referencia del autor: La idea de crear este programa surge [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-252","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - Pipper, un automatizador de peticiones para auditor\u00c3\u00ada de aplicativos Web<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Pipper, un automatizador de peticiones para auditor\u00c3\u00ada de aplicativos Web\",\"datePublished\":\"2007-09-09T13:43:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/\"},\"wordCount\":365,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Pipper, un automatizador de peticiones para auditor\u00c3\u00ada de aplicativos Web\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2007-09-09T13:43:16+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Pipper, un automatizador de peticiones para auditor\u00c3\u00ada de aplicativos Web","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Pipper, un automatizador de peticiones para auditor\u00c3\u00ada de aplicativos Web","datePublished":"2007-09-09T13:43:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/"},"wordCount":365,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/","url":"https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Pipper, un automatizador de peticiones para auditor\u00c3\u00ada de aplicativos Web","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2007-09-09T13:43:16+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/pipper-un-automatizador-de-peticiones-para-auditoria-de-aplicativos-web\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=252"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/252\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}