Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Flash Web Application

From: David Howe <DaveHowe.Pentest () googlemail com>
Date: Thu, 04 Feb 2010 12:24:31 +0000
Zaki Akhmad wrote:

On Wed, Feb 3, 2010 at 4:40 PM, David Howe
<DaveHowe.Pentest () googlemail com> wrote:


yes


Do you mean "yes" is by using proxy such as: webscarab, paros, burpsuite, etc?

When I use those proxy, I can't click the flash web application :| And
when I use wireshark (with no proxy), I can't see the data on the
traffic.


Odd. I have always had good results from them, although its possible the
app may be rejecting the webscarab certificate (most dont' seem to check
or care); I don't have a free proxy on hand that does full certificate
spoofing, sorry - ironport does, but that's a commercial solution.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: