Penetration Testing mailing list archives

testing email based e-commerce system with .xdp extension - looking for input

From: spammailme () gmail com
Date: 7 Dec 2006 23:59:27 -0000

Hi -

I have come across a commerce based system which is based on Adobe pdf technology. It appearently encrypts traffic 
(over SMTP) with AES 256. There is a web pdf viewer if you do not have one and you follow the purchase path as if you 
were on a web based app. I ran a proxy on my browser and only captured the first request and subsequent requests did 
not show up?

Also once I was done making my selections, filling out the checkout data, it automatically generated an email with a 
pdf attachment yet the extension is file.xdp. I assume this is encrypted.

Anyone had expirence testing a system such as this? Any suggestions for testing?

Thanks

- Don

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

testing email based e-commerce system with .xdp extension - looking for input spammailme (Dec 10)
- Re: testing email based e-commerce system with .xdp extension - looking for input Krugger (Dec 11)
  - Re: testing email based e-commerce system with .xdp extension - looking for input Bojan Zdrnja (Dec 12)