HTTP Session ID brute forcing tool?
Who can point me to a tool I can use to brute force Session IDs while doing webapp authentication testing?
On M$ platform I was pointed to "SensePost's Crowbar". Does anybody know a *nix-like alternative?
I am very interested in being able to specify numeric start / stop values for session IDs, and then having some fuzzy logic analysis on the server's reply to 'automatically' identify changing behaviour based on the session IDs passed to the application server.