Scanning Web Proxy -- Preliminary Concept

[Philip Stoev <philip () STOEV ORG>]

Hello,

I am not certain if this is the proper list to post to, however I would like
to bring about to your attention an idea of mine (no code yet). Any
feedback, including yells like "We already did something like that!" are
highly appreciated.

http://www.stoev.org/proxy/preliminary-concept.html

The purpose of the proposed scanning web proxy is to analyze all HTTP
request-reply pairs that pass through it for the purpose of finding security
vulnerabilities in the web sites being visited (i.e. weak cookies,
plain-text passwords stored in hidden form fields, etc.), using the browsing
human user as a vehicle allowing the scanner to peek into the internals of
the web site (such as the portions of the site that are behind the log-in
page).

Please note that the proposed software is not meant to find vulnerabilities
in its clients, nor it is meant to protect its clients from Trojans/viruses,
or whatever.

Again, any feedback is highly appreciated, even if flames. Please forward
this announcements to other people or groups you may consider relevant.

Sincerely,

Philip Stoev