Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept

[vort-fu <vort () WIRETAPPED NET>]

> > http://www.stoev.org/proxy/preliminary-concept.html
>
> My biggest criticism is that you state that "the proxy server should be
> able to do additional HTTP requests on its own."

Not having the proxy server use it's own requests kind of defeats having
this proxy server in the first place. It's aim is to find security
vulnerabilities in servers, and by and large would not be placed as a
production server, more of a development server or an internal server used
when auditing a server.

Disabling this option would only report half of any vulnerabilities found,
most likely returning false positives. Again, defeating its purpose.

> Imagine if this feature kicked in while you were at a share trading site
> such as http://www.comsec.com.au. I dunno about you, but I'd be pretty
> pissed if this proxy went and submitted half a dozen variations of the
> shares I just purchased.

from http://www.stoev.org/proxy/preliminary-concept.html

"The purpose of the scanning web proxy is to analyze all HTTP
request-reply pairs that pass through it for the purpose of finding
security vulnerabilities in the web sites being visited (e.g. weak
cookies, plain-text passwords, etc.)"

When browsing servers which pass sensitive information between the client
and the server, one would assume that the connections are all done over
ssl, and thus either you should not use this proxy to handle it, not use
any proxies to handle it, or not have the proxy be able to replicate your
ssl session.

Either way, this proxy should not be used in a production environment
where network auditing is not the issue.


vortfu
vort () wiretapped net