Monday, October 22, 2007

HttpBee. An interesting project.

HTTPBee is a swiss-army-knife tool for web application hacking testing. Multi-threaded high-performance tool with a scripting engine and agent-like behavior support.

The way httpbee's scripting engine is implemented is relevant to httpbee architecture itself. Httpbee maintains a pool of threads that it uses for parallel task execution. Therefore execution of httpbee scripts is not linear. Instead, there are certain functions which are executed at certain steps of scanning proccess. The global scripting part is executed when the script is initally "scanned", so httpbee can pick up tags, desciption and other data from your script. init function will be executed only when your script is picked up and scheduled for execution (based on tags selection for example).
once execution is launched, every time when a parallel thread requires a new request string. request function will be called. Whenever a response is received, your response function will be called and the request string, which produced the response will be given as parameter. Fini function will be called when execution of the script is completed and the script is about to be unloaded.
Well, I've not tested yet the correct agent-like behavior but I think it could be interesting try it.
If' some one find few free time to do-it please send to me "the Agent behavior report", we could discuss it !

No comments: