Comments on: Introducing Technika Security Framework (TSF)

By: mr.r.birtles

mr.r.birtles — Thu, 17 Jul 2008 01:34:03 +0000

When can we expect to see a working version where exploits can be ported/implamented in Technika.

As well as haveing the functions such as techStore, techDspider, techMutate etc?

Thanks

By: Collaborative systems and Ajax/RIA security | tssci security

Collaborative systems and Ajax/RIA security | tssci security — Thu, 13 Dec 2007 11:31:55 +0000

[...] future of Ajax security testing tools is ripe for both the Technika Security Framework and the future-work in the w3af scanning tool, as each will be well-balanced browser-drivers.Â [...]

By: Why crawling doesn’t matter | tssci security

Why crawling doesn’t matter | tssci security — Sun, 02 Dec 2007 20:40:47 +0000

[...] The Next Generation of Security Tools will Run from the Browser. For example, dk+pdp announced the Technika Security Framework and continued the Javascript-spider research until it turned into the Yahoo Site Explorer Spider. [...]

By: Technika Security Framework , Hackbar 1.1.1 : Mozilla Firefox Plugins for hacking purposes | LifeDork

Fri, 28 Sep 2007 09:19:01 +0000

[...] Well , i really don’t have any idea about this plugin actually (coz’ i haven’t tried it out ) . Details can be found here. [...]

By: David Kierznowski

David Kierznowski — Sun, 05 Aug 2007 13:18:21 +0000

Thats the awesome idea of TSF, not only is it possible to port alot of tools for IE, but it also has potential for testing other applications outside the browser, as JavaScript is supported by a number of other frameworks.

By: pdp

pdp — Sun, 05 Aug 2007 12:12:38 +0000

rezn, I don’t see why it should be possible. We are working on the framework building system at the moment. So we can features to export the bookmarklets for whatever browser version we want to. Give us some time and we will come up with good enough solution. Cheers.

By: rezn

rezn — Sun, 05 Aug 2007 11:59:40 +0000

Is there any hope for something that will work in IE? Many web applications will not work at all in firefox. I understand that FireBug is an excellent tool, but a bookmarklet-injectable cross browser version of TSF would be very useful. For some ideas, check this out:

http://extjs.com/deploy/ext/ex.....nsole.html

Also, vaporware is so Web 1.0. Release something already.

By: Gareth Heyes

Gareth Heyes — Thu, 02 Aug 2007 20:11:42 +0000

David I know what you mean :)

My LAN scanner caused a bit of problems with my missus

By: David Kierznowski

David Kierznowski — Thu, 02 Aug 2007 15:42:31 +0000

inc, well we hope so. I have tried developing the toolkit while doing actual web application security testing, so it supports alot of funky little features like, tech.keepalive, which allows you to keep your session alive while checking e-mail, or if you pop off somewhere.

By: inc

inc — Thu, 02 Aug 2007 13:02:14 +0000

Well well, what can I say can’t wait to give this a spin. Looks to be very promising and useful.

By: David Kierznowski

David Kierznowski — Thu, 02 Aug 2007 10:52:57 +0000

pdp, yes JSON is cool, we do this with Google queries, but I can think of a few ideas where it may be useful to allow cross-domain: we can chat offline about it and weigh up if we really want to put it back in.

Gareth, me too, its becoming expensive keeping my miss happy while developing it the last 2 weeks :-)

By: pdp

pdp — Thu, 02 Aug 2007 09:56:27 +0000

yep, I took it out because I don’t want people to abuse it too much. I think that we don’t really need it. I cannot think of a situation where we really need this feature. After all, if we need data from external site we can simply call via JSON.

By: Gareth Heyes

Gareth Heyes — Thu, 02 Aug 2007 09:51:41 +0000

Cool work! I can’t until it’s finished

By: David Kierznowski

David Kierznowski — Thu, 02 Aug 2007 09:27:05 +0000

mario, the delay in releasing this post was my attempts at being a movie director. I would still like to have a movie demonstrating the features, but yes when we launch v1.0 we’ll have some basic documentation.

pdp, this option would definately rock! we also may want to put t_httprequest for cross-domain requests back in, I think we took it out.

By: pdp

pdp — Thu, 02 Aug 2007 09:22:38 +0000

I am currently working on the sandbox for Technika which was removed in version 0.1 due to the overhead in the code structure. The new sandbox will allow us to write cross-browser bookmarklets which do no interfere with the underlaying DOM. We can use this feature to including additional functionalities for the scripts such as support for command line options :). It will be cool to have something like unix shell that works straight from the browser, something that Technika is aiming to achieve.

By: .mario

.mario — Thu, 02 Aug 2007 09:20:19 +0000

Hi David!

Looking awesome - are you planning on releasing basic documentation or a hands-on tutorial?

Greetings,
.mario