Introducing Backweb

Mon, 30 Oct 2006 09:36:42 GMT

After a couple of weeks well spend time in Malaysia and a few days in Singapore, I am quite happy to release the Backweb Attack Console.

The application is in its 0.1a release currently. This means that a lot more work needs to be done. Right now it is quite stable and it should work well with attack channels similar to the one described here. Check the AttackAPI project for the attack channel complete source code.

So what is Backweb anyway? The Backweb project is an experiment that was designed to create a full featured attack console for exploiting web browsers, web users and remote applications. Those who are familiar with XSS Proxy or even BEEF might already be familiar with the core principles of the Backweb project.

I tried to make the core as modular as possible although I didn't try vary hard. Those who are curios enough to check the source code will see a few bugs. As a said earlier this is the 0.1a (alpha) release. There is a new release in the SVN trunk that will be ready for download quite soon.

Documentation is also expected in the next month. If any one is willing to contribute please feel free to contact me. For ideas of how to use this application read this blog.

pdppdp
Apparently, this name is taken. Hmmm, I will leave it for now.
Ferruh MavitunaFerruh Mavituna
I think this concept is quite popular nowadays, possible will be more popular. I've just released a similar tool, XSS Shell. http://ferruh.mavituna.com/article/?1338
pdppdp
that's cool :)
pdppdp
BTW, I have an announcement to make. The name backweb is a registered trademark of Backweb Technologies so I need to come up with another name. The new name will take effect from Monday (6th November 2006).
pagvacpagvac
It appears that xssshell was created by a pentester from Portcullis: http://www.portcullis-security.com/16.php
pdppdp
heh, it is a small industry down in UK. :) We all know each other.
forgeforge
hmmm... im monitoring this closely