Tips & Tricks
Resend is a simple utility, which allows you to quickly send/replay HTTP requests from the Scanner, HTTPView and other tools part of the online Suite. This tool is particularly useful when you need to perform manual investigations or when you want to have full control and visibility of the HTTP requests and responses sent to and received from the targeted application.
If you know how the HTTP protocol works, Resend will feel very natural to you.
Open Resend and type the HTTP request. To send the request click on the Send button. You can also activate Resend by using escape mode.
Although Resend is designed to let you go with your way, it also provides contextual help when necessary. You will notice that both the HTTP request and response screens have syntax highlighting features. Not only all HTTP-specific elements are highlighted but also all content formats, such as HTML pages, JSON, XML and other documents are highlighted in full. Additionally the tool provides automatic warnings and reporting if any of your requests cause the application to misbehave.
The Passive Scanner
Resend comes with a passive scanning engine, which is executed upon every request. This is very useful especially when working with very complex applications while looking for bugs that may occur in discrete parts of the page structure.
For example, let's imagine that we want to manually trigger a SQL injection type of condition. The simplest way to test for this is to pass some special SQL meta characters as input to the application and watch for any errors or unexpected behavior. Other types of abnormal conditions are also highlighted.
Resend will automatically detect various scenarios and give you all the necessary information you will need to investigate the issue further. The contextual information comes in the form of screen notifications. Additionally, if you are investigating one class of vulnerabilities, such as SQL injection, but in the process you encounter path disclosure issues, these types of defects will be highlighted automatically for you too. You don't have to specifically look for these vulnerabilities within the response structure.
All results are conveniently kept in the report screen, which becomes available when you click on the Report button. The report can be exported and used in other tools from the online Suite.
Integration With The Rest Of The Suite
Resend is deeply integrated into the rest of the online tools. For example, vulnerability reports contain direct links to Resend with all necessary information already populated. This gives you a quick way to confirm the identified issues by performing manual investigation.
If you work in a team you can put an end to endless sharing of files of static vulnerability data. Any of the links from the generated reports can be easily shared via email, instant messaging, included in reports, spreadsheets, bug tracking systems and others. This gives you the ability to include live examples, which can demonstrate a particular issue on-demand.
If your developers don't know how to fix this SQL injection issue, simply send them an actual example as a link that they can play with. It is much more powerful to see the problem from an actual example rather than from a static screenshot without any forms of contextual information.