httpsentry   
http://www.httpsentry.com

HttpSentry <a href="http://www.httpsentry.com">(http://www.httpsentry.com)</a> is a free IIS Filter to detect hacker attacks. It prevents common security problems such as SQL injection, Directroy traversal and many more. it also supports URL rewrite and Server masking. HttpSentry is also an effort to shift the burden of input validation and other security concerns off web application developers. Traditional network firewalls cannot protect web applications. Port 80 is wide open and according to Gartner group, 75% of cyber attacks and internet security violations are generated through Internet Applications. HttpSentry focuses on easy of use. The installation comes with only one dll and one configuration file. All the basic rules to fight common problems are already built in and can be easily disabled via the configuration file if necessary. Features of HttpSentry are: 1. A set of built in rules for detecting common invasion techniques such as Directory traversal, SQL injection, Shellcode attack, URL split, Serverside include attack, OS command execution, Buffer overflow and Code red attack. 2. Ability to allow/disallow URL which contains certain meta characters. Most of the meta characters do not form legitimate input for web applications and are mostly used by hackers. 3. Selective filters allow user to specify header locations, such as client IP, to filter on. 4. Custom filters allow user to define any form of regular expression based rules. 5. User can choose from three forms of actions on each individual rule. It could be deny of access, redirect to some other web page, or/and log the request to a file. 6.URL rewrite manipulates URL base on regular expressions and allows user to redirect web pages. 7.Server mask protects web server identity by changing the "Server" field in the response header.

Ace Password Sniffer   
http://www.effetech.com

The most powerful and effetive password sniffer. Ace Password Sniffer can listen on your LAN and enable network administrators or parents to capture passwords of any network user. Currently Ace Password Sniffer can monitor and capture passwords through FTP, POP3, HTTP, SMTP, Telnet, and etc. Ace Password Sniffer works passively and don't generate any network traffic, therefore, it is very hard to be detected by others. And you needn't install any additional software on other PCs or workstations. If your network is connected through switch, you can run the sniffer on the gateway or proxy server, which can get all network traffic. This stealth-monitoring utility is useful to recover your network passwords, to receive network passwords of children for parents, and to monitor passwords abuse for server administrators. Features: * Efficient You can see the passwords as soon as it appeared on LAN. * Support Various Protocols Fully support application protocols of FTP, SMTP, POP3, TELNET, etc. That means user names and passwords used to send and receive emails, to log on a web site, or to log on a server, can all be captured and saved. * Support HTTP Protocol Support HTTP protocol, including proxy password, basic http authenticate authoriation and most passwords submitted through HTML, no matter they are encoded by MIME or base64. * Verify whether the captured passwords are valid It can tell whether the passwords are right. You can even get the replies from the server for the login. And it always keeps trying to get valid user name and password pairs.

Accurate Network Monitor   
http://www.hhdsoftware.com

HHD Accurate Network Monitor - ip packet sniffing, monitoring and protocol analyzer software tool that can sniff internet protocols performing tcp / ip, udp / ip communication traffic analysis. LAN connection sniffer and internet data capture utility. You will find this program useful while viewing, logging, testing, troubleshooting any network service. Can be used to spy, view, log, test and analyze HTTP, SMTP, FTP, POP3, IMAP, LDAP, H323, SIP and other system protocols.

HTTP Analyzer   
http://www.ieinspector.com

HTTP Analyzer is a utility that allows you to capture HTTP/HTTPS traffic in real-time. It displays a wide range of information, including Header, Content, Cookies, Query Strings, Post data, Request and Response Stream, redirection URLs and more. It also provides cache information and session clearing, as well as HTTP status code information and several filtering options. A useful developer tool for performance analysis, debugging and diagnostics. HTTPS is available if the application uses the Microsoft WININET API(ex.ie, outlook) or Mozilla NSS API(ex. firefox, netscape). HTTP Analyzer includes two forms---Standard Exe and IE Add-in. Standard EXE :Standard windows EXE application. It can capture any process's HTTP/HTTPS traffic in current user session.It has the ability to capture HTTP information in Windows applications without launching them from HTTP Analyzer. HTTPS is available if the application uses the Microsoft WININET API. IE Add-in: An IE Add-in that integrates into the lower part of your IE browser window and can be opened/closed from the IE toolbar.It can only capture HTTP/HTTPS traffic of current IE process.

IE HTTP Analyzer   
http://www.ieinspector.com

IE HTTP Analyzer is an add-in for Internet Explorer, that allows you to capture HTTP/HTTPS traffic in real-time. It displays a wide range of information, including Header, Content, Cookies, Query Strings, Post data, redirection URLs and more. It also provides cache information and session clearing, as well as HTTP status code information and several filtering options. A useful developer tool for performance analysis, debugging and diagnostics. IE HTTP Analyzer integrates into the lower part of your IE browser window and can be opened/closed from the IE toolbar.