Vulnerability Development mailing list archives
Re: Scanning Web Proxy -- Preliminary Concept
From: "Sahlberg, Jeremiah" <JJDS () PARA-PROTECT COM>
Date: Wed, 20 Dec 2000 09:20:53 -0500
Have you looked a achilles. http://www.digizen-security.com/downloads.html You run achilles locally on you system and set your web client to proxy through it. It will allow you to capture all of the data getting passed from the web client to the web server, plus it allow you to edit the web requests. I do not know if this is what you are looking for but it worth a mention. Cheers, J -----Original Message----- From: Philip Stoev [mailto:philip () STOEV ORG] Sent: Thursday, December 14, 2000 4:34 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Scanning Web Proxy -- Preliminary Concept Hello, I am not certain if this is the proper list to post to, however I would like to bring about to your attention an idea of mine (no code yet). Any feedback, including yells like "We already did something like that!" are highly appreciated. http://www.stoev.org/proxy/preliminary-concept.html The purpose of the proposed scanning web proxy is to analyze all HTTP request-reply pairs that pass through it for the purpose of finding security vulnerabilities in the web sites being visited (i.e. weak cookies, plain-text passwords stored in hidden form fields, etc.), using the browsing human user as a vehicle allowing the scanner to peek into the internals of the web site (such as the portions of the site that are behind the log-in page). Please note that the proposed software is not meant to find vulnerabilities in its clients, nor it is meant to protect its clients from Trojans/viruses, or whatever. Again, any feedback is highly appreciated, even if flames. Please forward this announcements to other people or groups you may consider relevant. Sincerely, Philip Stoev
Current thread:
- Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: Scanning Web Proxy -- Preliminary Concept Bluefish (P.Magnusson) (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept R. DuFresne (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept Ory Segal (Dec 18)
- <Possible follow-ups>
- Re: Scanning Web Proxy -- Preliminary Concept Sahlberg, Jeremiah (Dec 20)