Penetration Testing mailing list archives
Re: Proof of Concept Tool on Web Application Security
From: Jörg Schütter <joerg () schuetter org>
Date: Sun, 27 Apr 2003 15:04:48 +0200
Hallo Indian Tiger, On Tue, 15 Apr 2003 23:35:34 +0530 "Indian Tiger" <indiantiger () mailandnews com> wrote: [...]
This manipulation can also be achieved if an Attacker can put his Proxy (Web Sleuth) on intermediate Router/Proxy. One Example is I am accessing Hotmail and on my ISP Router/Proxy, An attacker installs tool like Web Sleuth. But again question comes Router works on OSI layer 3 so attacker can't put tool like Web Sleuth. If intermediate hop is Proxy which is on Application level, there should be some tool which can be placed here.
Have a look at http://en.tldp.org/HOWTO/mini/TransparentProxy.html which explains how to use squid as transparent proxy by using iptables. Gruß Jörg -- Dipl.-Ing. Jörg Schütter http://www.lug-untermain.de/ http://www.schuetter.org/joerg/ joerg () schuetter org http://mypenguin.bei.t-online.de/
Attachment:
_bin
Description:
Current thread:
- Proof of Concept Tool on Web Application Security Indian Tiger (Apr 10)
- Re: Proof of Concept Tool on Web Application Security Jörg Schütter (Apr 27)
- <Possible follow-ups>
- RE: Proof of Concept Tool on Web Application Security Einecker, Leah (Apr 11)
- RE: Proof of Concept Tool on Web Application Security Dawes, Rogan (ZA - Johannesburg) (Apr 11)
- RE: Proof of Concept Tool on Web Application Security Indian Tiger (Apr 14)
- RE: Proof of Concept Tool on Web Application Security Nicolas Gregoire (Apr 14)
- RE: Proof of Concept Tool on Web Application Security Robert Auger (Apr 14)
- Re: Proof of Concept Tool on Web Application Security Jon Pastore (Apr 16)
- RE: Proof of Concept Tool on Web Application Security Dawes, Rogan (ZA - Johannesburg) (Apr 14)
- RE: Proof of Concept Tool on Web Application Security Dawes, Rogan (ZA - Johannesburg) (Apr 16)
- RE: Proof of Concept Tool on Web Application Security Indian Tiger (Apr 24)
- For Indian Tiger - Pen test lab Sam (Apr 27)