hellsing - web application attack utility
-----------------------------------------

Copyright (C) 2007 by Ben <comsatcat@earthlink.net>
Distributed under terms and conditions of GNU Public License version 2.

=============================================================================

Hellsing is a utility designed for attacking web applications.  It supports 
multiple vulnerabilities through use of a configuration file (see
hellsing.conf for examples).  Support for HTTP and HTTPS are built in.  
Virtual Host support is also built in.

Attacks are built in the configuration file using format strings to specify
paramaters that should be replaced by useful values (passed via cmdline).
Attacks can be sent over HTTP or HTTPS and have support for encoding routines
which will convert your format string arguments (attack values) to useful 
string sequences (ie: converting all characters to be chr(<decimal>) 
concantinated together).  Cookies are specified via the configuration and can 
also have format strings embedded in them.


Limitations, bugs and requirements: 

 1) openssl is required to build.

 2) openssl support is currently broken for self signed certificates.  It was
    not needed at the time of writing and thus was only partially implemented.

 3) Cookies currently do not support format strings.

 4) Output buffering seems to include random characters at time, please ignore
    for now.

Please send your comments, bug-reports, enhancements and, beer to
comsatcat@earthlink.net
