Penetration Testing mailing list archives
Re: testing email based e-commerce system with .xdp extension - looking for input
From: Krugger <merc4krugger () gmail com>
Date: Mon, 11 Dec 2006 18:18:03 +0000
So what you mean is that they use SSL to encrypt the connection, pretty standard. They didn't show up because SSL usually starts using port 445, and you http proxy probably only listens to port 80. Even if it would actually be aware of port 445 it wouldn't be useful, as it is encrypted. You can intercept the encrypted connection with ettercap for example. Link: http://www.irongeek.com/i.php?page=security/ettercapfilter xpd = XML pipeline document Link: http://razor.occams.info/code/xpd/ As you seem quite imprecise, is it really a webservice or does it only look like one? Link: http://www.w3.org/TR/wsdl Check for compliance with PCI 1.1. Link: https://www.pcisecuritystandards.org So you been hired to verify the security of the e-commerce site? I am always amazed :) ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- testing email based e-commerce system with .xdp extension - looking for input spammailme (Dec 10)
- Re: testing email based e-commerce system with .xdp extension - looking for input Krugger (Dec 11)
- Re: testing email based e-commerce system with .xdp extension - looking for input Bojan Zdrnja (Dec 12)
- Re: testing email based e-commerce system with .xdp extension - looking for input Krugger (Dec 11)