Re: Help on TCP interception tool

[Dave Howe <DaveHowe.pentest () googlemail com>]

On 07/02/2011 07:12, psiinon wrote:
> The open source variant of Paros hasnt been updated for many years.
> However the OWASP Zed Attack Proxy
> is a fork of Paros and is under active development.
> See http://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
> for more details.

Its nice to see they are working on this again (instead of the original
paros which vanished behind a paywall) but it is still using self signed
certs that expired in 2002. I am looking more at webscarab
(http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project)
although recently IE has had issues with its certificate spoofing (it
uses the exact same public key for its fake CA as for the issued cert;
this saves coding, but IE is doing something stupid with that and
believing its a self-signed cert instead of looking up the CA cert in
its keystore.)

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------