Penetration Testing mailing list archives
Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept
From: Glenn Williamson <dubz () PROGSOC UTS EDU AU>
Date: Fri, 15 Dec 2000 10:16:36 +1100
----- Original Message ----- From: "Philip Stoev" <philip () STOEV ORG> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Friday, December 15, 2000 8:50 AM Subject: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept
http://www.stoev.org/proxy/preliminary-concept.html
My biggest criticism is that you state that "the proxy server should be able to do additional HTTP requests on its own." "the proxy server should also try to separately submit the same form" .. "but with modified content". Imagine if this feature kicked in while you were at a share trading site such as http://www.comsec.com.au. I dunno about you, but I'd be pretty pissed if this proxy went and submitted half a dozen variations of the shares I just purchased. This feature should really only be enabled if you are surfing anonymously (i.e. no cookies and no password entered). gleNN
Current thread:
- [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Glenn Williamson (Dec 15)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Alex Butcher (Dec 16)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 16)
- <Possible follow-ups>
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept vort-fu (Dec 15)