Hardanger is an open source web application penetration testing platform. The project aims to bridge the gap between the current open source web application testing tools commonly used in Linux environments and bring a similar open source state of the art tool to native Microsoft Windows based platforms. Most tools in this category are currently written in Java, C or python and provide a less than optimal user experience. Hardanger aims to deliver a user-friendly experience for web application penetration testing by building these tools on top of the excellent Fiddler2 web debugger.

Penetration testers and vulnerability researchers commonly use web application penetration testing tools like Hardanger to find vulnerabilities in software. I intend to extend the audience of this type of tool to a larger crowd by making it user friendly and familiar to existing Microsoft Windows and Fiddler2 users. By building on top of the Fiddler2 web debugger, Hardanger will be leveraging a lot of infrastructure that is required to build any quality web application penetration testing tool. Using Fiddler2 as a base will give Hardanger a head start, allow the development to focus on application security and deliver a quality product quickly.

The initial project’s main deliverable will be an add-on assembly (DLL) written in C# that can easily be installed using a MSI installer file as well as a standalone application delivered thru a ClickOnce installer. Hardanger will be designed so that it can easily be extended to add further functionality in the future. For its first release, Hardanger will only include a simple HTTP and HTTPS GET/POST parameter fuzzer but will have built a foundation where it is trivial to plug in additional fuzzer engines and features in the future.

Last edited Feb 2, 2012 at 12:11 AM by mercjr, version 2


No comments yet.