A new add-on for the Fiddler2 proxy enables passive monitoring/analysis of websites. Specifically this is handy for any pen analysis of sites under review for PCI audits. The add-on can be found at http://websecuritytool.codeplex.com/, and there is an excellent blog article covering its intent at http://blogs.msdn.com/sdl/archive/2009/04/16/watcher-a-new-web-security-testing-tool.aspx.

Hopefully this helps anyone looking for help performing some semi-automated test.

Gareth

This entry was posted on Wednesday, April 29th, 2009 at 10:06 pm and is filed under PCI, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.