Penetration Testing mailing list archives
Re: testing email based e-commerce system with .xdp extension - looking for input
From: "Bojan Zdrnja" <bojan.zdrnja () gmail com>
Date: Tue, 12 Dec 2006 22:20:54 +1300
On 12/12/06, Krugger <merc4krugger () gmail com> wrote:
So what you mean is that they use SSL to encrypt the connection, pretty standard. They didn't show up because SSL usually starts using port 445, and you
You meant 443 here, not 445 (which is SMB over TCP/IP).
http proxy probably only listens to port 80. Even if it would actually be aware of port 445 it wouldn't be useful, as it is encrypted. You can intercept the encrypted connection with ettercap for example. Link: http://www.irongeek.com/i.php?page=security/ettercapfilter
I would recommend that the original poster uses a proxy such as Paros (http://www.parosproxy.org/index.shtml) that can intercept both HTTP and HTTPS requests. Cheers, Bojan ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- testing email based e-commerce system with .xdp extension - looking for input spammailme (Dec 10)
- Re: testing email based e-commerce system with .xdp extension - looking for input Krugger (Dec 11)
- Re: testing email based e-commerce system with .xdp extension - looking for input Bojan Zdrnja (Dec 12)
- Re: testing email based e-commerce system with .xdp extension - looking for input Krugger (Dec 11)