Penetration Testing mailing list archives
Re: Flash Web Application
From: David Howe <DaveHowe.Pentest () googlemail com>
Date: Thu, 04 Feb 2010 12:24:31 +0000
Zaki Akhmad wrote:
On Wed, Feb 3, 2010 at 4:40 PM, David Howe <DaveHowe.Pentest () googlemail com> wrote:yesDo you mean "yes" is by using proxy such as: webscarab, paros, burpsuite, etc? When I use those proxy, I can't click the flash web application :| And when I use wireshark (with no proxy), I can't see the data on the traffic.
Odd. I have always had good results from them, although its possible the app may be rejecting the webscarab certificate (most dont' seem to check or care); I don't have a free proxy on hand that does full certificate spoofing, sorry - ironport does, but that's a commercial solution. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Flash Web Application david lodge (Feb 02)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application Steve Pinkham (Feb 03)
- <Possible follow-ups>
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application lovewadhwa (Feb 03)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application David Howe (Feb 03)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application David Howe (Feb 05)
- Re: Flash Web Application Zaki Akhmad (Feb 05)
- Re: Flash Web Application David Howe (Feb 03)
- Re: Flash Web Application Todd Haverkos (Feb 05)
- RE: Flash Web Application PortSwigger (Feb 07)