http://crackingdrupal.com/taxonomy/term/32/0 en http://crackingdrupal.com/blog/greggles/using-watcher-make-pen-testing-more-efficient <p>The Watcher session was basically a sales pitch and demo for the <a href="http://websecuritytool.codeplex.com/">Watcher</a> tool, though it's a free tool so "sales pitch" is not exactly right. Watcher is an open source tool that sites inside of <a href="http://www.fiddlertool.com/">Fiddler</a> which is a web proxy useful for debugging web applications.</p> <p>The application is a windows only tool.</p> <p>So, I left the room and went to see Social Media Zombies next door. I'm sure Fiddler and Watcher is pretty awesome, but <a href="http://www.grendel-scan.com/">Grendel</a> is actually cross platform so it's much more interesting to me.</p> <p>Basically they create a bot and control it with twitter. Turns out, this was actually used for evil after it was initially launched. Further, it's possible to use Facebook, Wave, MySpace, etc. to run XSS and get access to your private data. Overall, quite an interesting presentation with more good resources at <a href="http://www.digininja.org/">Digi Ninja</a> and <a href="http://socialmediasecurity.com/">Social Media Security</a>.</p> http://crackingdrupal.com/blog/greggles/using-watcher-make-pen-testing-more-efficient#comments penetration testing social media watcher zombies Thu, 12 Nov 2009 19:47:11 +0000 greggles 40 at http://crackingdrupal.com