WebApp Sec mailing list archives
Re: stacking proxies
From: Robin Wood <robin () digininja org>
Date: Wed, 4 Jan 2012 23:48:55 +0000
On Jan 4, 2012 8:46 AM, "David Hardy" <davehardy20 () gmail com> wrote:
Hi Robin, I was at the talk that Jason did at Brucon, I think there is a little confusion, what he meant was chaining proxy based scanners, ie burp thro Acunetix thro Webinspect etc. It sounded a strange thing to do and some people asked questions, and he explained that it helped pickup issues and speeded up testing. I remember he talked about how little time we have in a test window compared to a blackhat attacking a website. Hope this answers your question.
I know this is what he was talking about and I've got the chain that Jason suggested, what I'm after is what chains other people use and why. When chaining proxies there is a chance of the two interfering with each other so you have to make sure they are in the right order, for example Burp through Ratproxy might work but Rat through Burp may fail. Chaining may be used to improve efficiency due to lack of time or just to improve the accuracy of results, happy to take suggestions for either. Robin
Best Regards Dave Hardy Sent From My Asus Transformer On Jan 4, 2012 1:53 AM, "Robin Wood" <robin () digininja org> wrote:On 1 January 2012 11:24, BookBag <asaad2 () gmail com> wrote:I tunnel everything thru tor. But be careful as DNS requests sometimes are done thru your IP. So its best to get your ip's thru any proxy and do the tests thru tor after you've got your ip'sMost of my clients like to know where the attack will be coming from so they can monitor it in their logs. I do some attacks through either tor or from a different IP so I can see if they have enabled/disabled anything special for the IP I told them I was using. RobinOn Jan 1, 2012 1:29 AM, "Robin Wood" <robin () digininja org> wrote:I watched Jason Haddix talk at BruCon and he talked about stacking proxy servers when doing web app tests so that you could get the best out of each one. I've been meaning to ask for a while, what proxies do people use when stacking and in what order? Robin This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Re: stacking proxies Robin Wood (Jan 03)
- Message not available
- Message not available
- Re: stacking proxies Robin Wood (Jan 08)
- Message not available
- Message not available
- <Possible follow-ups>
- Re: stacking proxies Robert Hajime Lanning (Jan 03)
- Re: stacking proxies Jamie Riden (Jan 03)