WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: stacking proxies

From: Robin Wood <robin () digininja org>
Date: Wed, 4 Jan 2012 23:48:55 +0000
On Jan 4, 2012 8:46 AM, "David Hardy" <davehardy20 () gmail com> wrote:


Hi Robin,

I was at the talk that Jason did at Brucon, I think there is a little confusion, what he meant was chaining proxy 
based scanners, ie burp thro Acunetix thro Webinspect etc.

It sounded a strange thing to do and some people asked questions, and he explained that it helped pickup issues and 
speeded up testing. I remember he talked about how little time we have in a test window compared to a blackhat 
attacking a website.
Hope this answers your question.


I know this is what he was talking about and I've got the chain that
Jason suggested, what I'm after is what chains other people use and
why.

When chaining proxies there is a chance of the two interfering with
each other so you have to make sure they are in the right order, for
example Burp through Ratproxy might work but Rat through Burp may
fail.

Chaining may be used to improve efficiency due to lack of time or just
to improve the accuracy of results, happy to take suggestions for
either.

Robin


Best Regards

Dave Hardy

Sent From My Asus Transformer

On Jan 4, 2012 1:53 AM, "Robin Wood" <robin () digininja org> wrote:


On 1 January 2012 11:24, BookBag <asaad2 () gmail com> wrote:

I tunnel everything thru tor. But be careful as DNS requests sometimes are
done thru your IP. So its best to get your ip's thru any proxy and do the
tests thru tor after you've got your ip's


Most of my clients like to know where the attack will be coming from
so they can monitor it in their logs. I do some attacks through either
tor or from a different IP so I can see if they have enabled/disabled
anything special for the IP I told them I was using.

Robin


On Jan 1, 2012 1:29 AM, "Robin Wood" <robin () digininja org> wrote:


I watched Jason Haddix talk at BruCon and he talked about stacking
proxy servers when doing web app tests so that you could get the best
out of each one.

I've been meaning to ask for a while, what proxies do people use when
stacking and in what order?

Robin



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------







This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: