AW: Forms D2K Application Testing

[Martin Muench <mmuench () it-sec de>]

What do you mean with "doesn't make any sense"?
Can't you see the requests that you send or do you have
Problems when you intercept the response from the server.

It the last cast you might have zip compression enabled in your browser.
You can check this if you remove the line "Accept-Encoding" from your
requests.

Regards

Hans-Martin Münch

-----Ursprüngliche Nachricht-----
Von: iyer.anant.r () gmail com [mailto:iyer.anant.r () gmail com] 
Gesendet: Donnerstag, 17. April 2008 16:14
An: pen-test () securityfocus com
Betreff: Forms D2K Application Testing

Hello,

I need some in carrying out an application penetration testing of a Forms &
D2K applications which are web-enabled. How does on intercept the traffic
(like any HTTP Proxy)? Even though the application is web-enabled, the proxy
I am using (WebScarab) does capture the data, but it does not make any sense
( Am I missing out on some trick here?)

Any help will be  deeply appreciated.

Regards,

Anant Iyer

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------