Penetration Testing mailing list archives
Re: Help on TCP interception tool
From: Dave Howe <DaveHowe.pentest () googlemail com>
Date: Mon, 07 Feb 2011 11:09:05 +0000
On 07/02/2011 07:12, psiinon wrote:
The open source variant of Paros hasnt been updated for many years. However the OWASP Zed Attack Proxy is a fork of Paros and is under active development. See http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project for more details.
Its nice to see they are working on this again (instead of the original paros which vanished behind a paywall) but it is still using self signed certs that expired in 2002. I am looking more at webscarab (http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) although recently IE has had issues with its certificate spoofing (it uses the exact same public key for its fake CA as for the issued cert; this saves coding, but IE is doing something stupid with that and believing its a self-signed cert instead of looking up the CA cert in its keystore.) ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Help on TCP interception tool Erik Hjelmvik (Feb 06)
- Re: Help on TCP interception tool psiinon (Feb 07)
- Re: Help on TCP interception tool Dave Howe (Feb 07)
- Re: Help on TCP interception tool psiinon (Feb 07)