

                      Elza - the HTTP exploit tool

Details
Elza is a script language, which doubles as a unique attack tool.
This script language allows you to write simple scripts that mimic HTTP clients, and can be used
to test HTTP servers' security.
Elza is capable of performing 'GET', 'POST' and 'HEAD' requests, while properly handling
cookies, redirects, refresh tags, and other HTML elements.
Elza scripts can be used to test HTTP authentication (Elza is capable of performing loop
operations with variable data, necessary for dictionary attacks) with forms, basic authentication
and SSL. Besides scanning for authentication and CGI holes, it can also be used for load
generation in order to test your server under variable load conditions.


Core features:

   * Performing GET, POST and HEAD requests.
   * Extraction of _dynamic_ URLs from links, frames, layers, image maps,
     applet parameters and other HTML elements, based on _static_
     attributes of those elements, such as name, sequence number or the
     text visible to the user.
   * Handling of forms, passing custom form fields and field values,
     collecting hidden form fields;
   * Following redirects and refreshes;
   * Proper handling of cookies, honoring their Path and Domain attributes;
   * HTTP Referer, User-Agent, and other HTTP headers for perfect mimcry;
   * Handling HTTP Basic and MD5 Digest authentication including dictionary
     attacks;

Interpreter capabilities:

   * HTTP and SOCKS proxy support, including proxy rotation;
   * Looping for repeated requesting or dictionary attacks;
   * Conditional execution;
   * Remote execution via POST;
   * HTTPS communication via a SSL tunnel;
   * Forking for load generation;

As a result, one can:

   * Hijack heavily protected HTML forms.
   * Perform dictionary attacks on login forms.
   * Do sofisticated CGI scanning.

The interpreter is written entirely in Perl and has been tested on Linux
and Win32 platforms.



Hijack HTML forms.

Using a simple script written in ELZA, I was able to hijack Hotmail's 'add
account' and 'compose message' forms and save them locally on my hard drive
or post them on a webserver, and they were still perfectly functional.

Both forms are very heavily protected using dynamically-generated cookies
and hidden form fields, HTTP Referer and User-Agent checks. The ELZA took
care of all those things and now creating 1000 Hotmail accounts is not a
problem.

Dictionary attacks.

Scripts written in ELZA can launch dictionary attacks both on pages
protected using HTTP authentication, and on CGI login scripts of any type,
no matter where those scripts are located.

ELZA supports Keep-Alive connections which makes such attacks much faster.

To my knowledge ELZA is the only one cracker supporting MD5 Digest
authentication.

CGI scanning.

You can feed in a list of URLs into an ELZA script and have the interpreter
request them and see if they exist. If they do, you can then launch an
attack using all ELZA benefits, such as a proper HTTP Referer.

Automation.

Want to send an Hotmail message from the command line, instead of going to
www.hotmail.com, logging in, clicking on 'Compose', typing in the message,
and clicking Send? No problem, just script all those actions in ELZA.



                      The Elza interpreter was written in Perl, and works under Linux and Windows platforms.

Download at Tools