Penetration Testing mailing list archives

Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept

From: Glenn Williamson <dubz () PROGSOC UTS EDU AU>
Date: Fri, 15 Dec 2000 10:16:36 +1100

----- Original Message -----
From: "Philip Stoev" <philip () STOEV ORG>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Friday, December 15, 2000 8:50 AM
Subject: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept

http://www.stoev.org/proxy/preliminary-concept.html


My biggest criticism is that you state that "the proxy server should be able
to do additional HTTP requests on its own."

"the proxy server should also try to separately submit the same form" ..
"but with modified content".

Imagine if this feature kicked in while you were at a share trading site
such as http://www.comsec.com.au. I dunno about you, but I'd be pretty
pissed if this proxy went and submitted half a dozen variations of the
shares I just purchased.

This feature should really only be enabled if you are surfing anonymously
(i.e. no cookies and no password entered).

    gleNN

Current thread:

[PEN-TEST] Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Glenn Williamson (Dec 15)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Alex Butcher (Dec 16)
  - Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 16)
- <Possible follow-ups>
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept vort-fu (Dec 15)