Re: testing email based e-commerce system with .xdp extension - looking for input

["Bojan Zdrnja" <bojan.zdrnja () gmail com>]

On 12/12/06, Krugger <merc4krugger () gmail com> wrote:
> So what you mean is that they use SSL to encrypt the connection,
> pretty standard.
> They didn't show up because SSL usually starts using port 445, and you

You meant 443 here, not 445 (which is SMB over TCP/IP).

> http proxy probably only listens to port 80. Even if it would actually
> be aware of port 445 it wouldn't be useful, as it is encrypted. You
> can intercept the encrypted connection with ettercap for example.
> Link: http://www.irongeek.com/i.php?page=security/ettercapfilter

I would recommend that the original poster uses a proxy such as Paros
(http://www.parosproxy.org/index.shtml) that can intercept both HTTP
and HTTPS requests.

Cheers,

Bojan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------