1-------------------------------------------------------------------
2 Libwhisker official release v2.4
3-------------------------------------------------------------------
4
5What is Libwhisker:
6
7Libwhisker is a Perl module geared specificly for HTTP testing.
8Libwhisker has a few design principles:
9
10- Portable: runs with 0 changes on Unix, Windows, etc (100% Perl)
11- Flexible: designed with a 'no rules' approach
12- Contained: designed to not require external modules when possible
13- Localized: does not require installation to use
14
15
16-------------------------------------------------------------------
17 README README README README README README README README README
18-------------------------------------------------------------------
19
20"How do I run/use Libwhisker?"
21
22Libwhisker is not a program to run. It's a library for people to
23make programs with. There is nothing to 'run' in Libwhisker. If
24you're looking for a CGI scanner (whisker), you're in the wrong
25place. Whisker is separate from Libwhisker.
26
27
28-------------------------------------------------------------------
29 Information on Libwhisker library
30-------------------------------------------------------------------
31
32Libwhisker's 'no rules' approach:
33
34Since the intent of this library is to use it in testing, fuzzing,
35and quality assurance situations, odds are the library will need to
36be capable of handling protocol malformities and other wackiness.
37Many existing Perl libraries are not flexible when you try to break
38the protocol--they assume you want to make a legitimate request.
39Libwhisker, on the other hand, is designed to not impose any rules
40on the software, thus allowing it to do whatever you really want it
41to do, including stuff not normally considered 'legal' or 'sane'
42by RFC/protocol definition.
43
44-------------------------------------------------------------------
45
46What Libwhisker can do for you:
47
48Do you have a demonstration program, application, or exploit that
49interacts over HTTP? Well, using Libwhisker means your program:
50
51- Can communicate over HTTP 0.9, 1.0, and 1.1
52- Can use persistant connections (keep-alives)
53- Has proxy support
54- Has anti-IDS support
55- Has SSL support
56- Can receive chunked encoding
57- Has nonblock/timeout support built in (platform-dependant...)
58- Has basic and NTLM authentication support (both server and proxy)
59
60That way you don't have to code it all yourself--use Libwhisker
61and all those features are transparently available automatically.
62So call now, operators are standing by.
63
64-------------------------------------------------------------------
65
66Why not use other perl modules?
67
68Libwhisker actually combines the functionality LWP, URI, HTML::Parser,
69MIME::Base64, and a handful of other modules into a single file that is
70approximately 105k (when POD is stripped).
71
72One of the annoyances of LWP et. al. is that they require local system
73installation before they can be used--and that installation sometimes
74requires compilation of C code files. This can be a problem if you have a
75system that lacks a compiler (commercial unix platforms, Windows, etc),
76and it also makes portability very difficult. Libwhisker is 100% native
77Perl, so no additional compilers are necessary. It's one single 105k text
78file (i.e. very portable), which doesn't have to actually be
79installed--just put it in the same directory as your perl script and go!
80And since Libwhisker doesn't require external modules to work**, that means
81you should be good to go with a perl binary, the LW2.pm file, and your perl
82script--nothing else needed! Great for those 'security audit' situations
83where installing an entire perl distribution on a target system is out of
84the question...
85
86Of course, that doesn't mean that you shouldn't use LWP. Just keep in
87mind that LWP (and other modules, in general) were written to follow
88proper RFC protocols. This is fine and dandy; but if you're writing
89exploits, sometimes you need to purposefully break some aspect of the
90protocol, and typically the published Perl modules don't provide the
91capabilities to do this.
92
93And lastly, Libwhisker has been benchmarked against LWP--and it's been
94found to be almost three times as fast.
95
96** you do need a local Socket.pm for your system to use any of the network
97 functionality; however, if you don't have Socket support, you can still
98 use the Libwhisker utility/parsing functions without problem.
99
100-------------------------------------------------------------------
101
102Note to Libwhisker 1.x users:
103
104Libwhisker 2.0 is *not* backwards-compatible with Libwhisker 1.x. A few
105things were moved around and renamed. Changing 'use LW' to 'use LW2' in
106your programs is not enough--you may need to make code changes to your
107program. See the 'CHANGES' file.
108
109However, there is now a 'bridge' LW.pm module in the compat/ directory,
110which will use LW2 (libwhisker 2.x) functions to emulate the LW
111(libwhisker 1.x) functionality. This should allow programs written to
112use LW (libwhisker 1.x) to use LW2 (libwhisker 2.x) without any changes.
113You can have the compatibility bridge automatically installed by using
114the 'install_lw1' Makefile.pl command.
115
116-------------------------------------------------------------------
117
118How to use Libwhisker:
119
120Use the included api_demo.pl script to see how to make a basic request
121using the library. Otherwise, there is embedded POD documentation
122for most of the functions within LW2.pm.
123
124You should be able to use the LW2.pm by including it in the
125same directory as the script that requires it. Otherwise run
126"perl Makefile.pl install" to install it into your local perl
127module site directory.
128
129To use SSL support, you will need Net::SSLeay or Crypt::SSLeay, as
130well as OpenSSL installed. Libwhisker will still work without any
131of them, you just won't have any SSL support. And technically
132Libwhisker will still work without Socket support, but it's very
133limited then. Crypt::SSLeay (also known as Net::SSL) is available
134precompiled for the Windows ActiveState package; Unix platforms
135should use Net::SSLeay, which has many more features than Net::SSL.
136
137-------------------------------------------------------------------
138
139Libwhisker is under the GPL.
140
141That means it's free for use and redistribution under the terms of
142the GNU Public License (version 2). A copy is included with the
143development source distribution, or from http://www.gnu.org/
144
145If you wish to (re)use Libwhisker code in a commercial product, or
146distribute it with a commercial product, please contact me at
147rfp@wiretrip.net.
148
149-------------------------------------------------------------------
150
151Tested platforms:
152
153Libwhisker has been successfully ran on:
154- Linux, using perl 5.004 and higher
155- ActiveState Perl for Windows, based on perl 5.6.x and 5.005
156- Sun Solaris, perl 5.004 and higher
157- SGI IRIX, perl 5.004 and higher
158
159Libwhisker does *not* run with perl 5.003 and earlier. There were
160too many bugs in 5.003 which would require too many workarounds to
161accomodate while still maintaining minimal code size and speed.
162
163-------------------------------------------------------------------
164
165Feedback about Libwhisker:
166
167Send it to me directly at rfp@wiretrip.net (please use the word
168'libwhisker' in the subject), or toss it out on the
169whisker-devel mailing list, whisker-devel@lists.sourceforge.net.
170You can subscribe by going to the mailing list section at
171http://sourceforge.net/projects/whisker/
172
173-------------------------------------------------------------------
174
175